Firewall Needed??

  • Thread starter Thread starter Q!
  • Start date Start date
Q

Q!

Hi All - a quick question, if you are running behind a router all the time,
and have AV installed and updated, is it really necessary (or desirable) to
have a firewall like ZoneAlarm running as well? I ask this because since
installing the router I notice the ZA log is empty - no instances at all,
but does ZAPro have other benefits that mean you should keep it running even
though you have the router????
 
Hi All - a quick question, if you are running behind a router all the time,
and have AV installed and updated, is it really necessary (or desirable) to
have a firewall like ZoneAlarm running as well? I ask this because since
installing the router I notice the ZA log is empty - no instances at all,
but does ZAPro have other benefits that mean you should keep it running even
though you have the router????
Click to expand...

My opinion is you should have a personal firewall installed on every
PC on a network, even those behind a router/hardware firewall. The
best protection strategy includes defenses at the application layer as
well as the perimiter layer.

Regards,
Ian Kenefick
http://antivirus.ik-cs.com
 
Q! said:
Hi All - a quick question, if you are running behind a router all the time,
and have AV installed and updated, is it really necessary (or desirable) to
have a firewall like ZoneAlarm running as well? I ask this because since
installing the router I notice the ZA log is empty - no instances at all,
but does ZAPro have other benefits that mean you should keep it running even
though you have the router????
Click to expand...

if you know for a fact that your machine will never be connected
directly to the internet (like when your router dies on you and you
need to research what's going on to diagnose the problem) then you can
probably get away with not having a software firewall running in the
situation you describe...

however, there are other benefits to a software firewall... they can,
for example, warn you when a new program is trying to access the
internet, even if it's something too new for your anti-virus to
recognize...
 
Hi All - a quick question, if you are running behind a router all the
time, and have AV installed and updated, is it really necessary (or
desirable) to have a firewall like ZoneAlarm running as well? I ask
this because since installing the router I notice the ZA log is empty
- no instances at all, but does ZAPro have other benefits that mean
you should keep it running even though you have the router????
Click to expand...

The NAT router has no means to stop outbound traffic and some people
supplement the NAT router with a PFW solution that can stop outbound if
needed. In addition, the PFW solution can protect the O/S at the machine
level such as services running on the machine and the NAT router cannot do
that.

On the other hand, some say that if you harden the O/S to attack (shut down
vulnerable services and other things, know how to use safe computing
practices, use a good AV and possibly some other tools like Spybot and Ad-
aware, then all you need is the NAT router.

I always ran a PFW or some other packet filtering software to supplement
the NAT router on outbound if needed and to protect vulnerable services and
applications running on the machine.

If the router has logging, then you should enable it and use a log viewer
to view the inbound and outbound traffic to and from the router.

Duane :)
 
Hi All - a quick question, if you are running behind a router all the time,
and have AV installed and updated, is it really necessary (or desirable) to
have a firewall like ZoneAlarm running as well? I ask this because since
installing the router I notice the ZA log is empty - no instances at all,
but does ZAPro have other benefits that mean you should keep it running even
though you have the router????
Click to expand...

You absolutely need a software firewall in addition to the router. At
the very least they will prevent programs from connecting to the
Internet without your permission. That is a big deal. You might be eaten
up with Trojans and dialers but a software firewall will make them
useless unless you're silly enough to give permission to everything that
tries to contact someone outside your own computer. ZONE ALARM is an
excellent choice because of its features. On my machines it has caught
several email viruses days or even weeks before the AV programs identify
them. Do not rely on your router, and do not rely on the firewall that
comes with XP, turn that one off and install Zone Alarm.

I first installed Zone Alarm years ago when I was using a dial-up system
and it provided protection even though I did not network my machines.
 
Q! said:
Hi All - a quick question, if you are running behind a router all the time,
and have AV installed and updated, is it really necessary (or desirable) to
have a firewall like ZoneAlarm running as well?
Click to expand...

It may be desirable because of the features the software firewall
offers. If a "new" malware lands on the machine and tries to access the
internet itself, the software firewall may ask you to permit or deny the
access. This does not mean that all outbound "phone home" malware will
be defeated by software firewalls though.

As long as the software firewall doesn't "add" vulnerability to your
system (software flaws), or your best practices regimen (false sense of
security), it can't hurt.
 
It may be desirable because of the features the software firewall
offers. If a "new" malware lands on the machine and tries to access the
internet itself, the software firewall may ask you to permit or deny the
access. This does not mean that all outbound "phone home" malware will
be defeated by software firewalls though.

As long as the software firewall doesn't "add" vulnerability to your
system (software flaws), or your best practices regimen (false sense of
security), it can't hurt.
Click to expand...

Kerio's up and coming 4.5 will feature HOST based IDS for protection
against buffer overflows, code injection etc all of which add a must
have layer of protection at the application level if you ask me. Tiny
software already have such implementations which prevent malicious
process from injecting their code into benign ones to bypass software
firewalls. All this without having to rely on MD5 database entries
will warn of a process injecting code into another. I had a similar
conversation with a guy who maintained a hardware firewall is all you
need and I completly disagree. A software firewall can help prevent
zero day attacks by filtering out certain types of web traffic and new
Host based IDS in personal firewalls will add depth to an already must
have piece of software.

Regards,
Ian Kenefick
http://antivirus.ik-cs.com
 
Thank you everyone, excellent replies and information. I will continue to
run ZA as well as the other protection, just to help be safe! Thanks again
everyone.
 
Ian said:
My opinion is you should have a personal firewall installed on every
PC on a network, even those behind a router/hardware firewall. The
best protection strategy includes defenses at the application layer as
well as the perimiter layer.

Regards,
Ian Kenefick
http://antivirus.ik-cs.com
Click to expand...

How often has application control actually saved your ass from the
presence of malware?
 
Captain said:
You absolutely need a software firewall in addition to the router. At
the very least they will prevent programs from connecting to the
Internet without your permission. That is a big deal. You might be eaten
up with Trojans and dialers
Click to expand...

And this happens how, through spontaneous generation? Or do the PC
manufacturers now include malware in lieu of M/S works?


but a software firewall will make them
useless unless you're silly enough to give permission to everything that
tries to contact someone outside your own computer.
Click to expand...


Let me get this right. Hypothetically, ones computer is riddled with
trojans and dialers and said person can be trusted to determine which
applcations ought to be permitted internet access? Is that the scenario?

ZONE ALARM is an
excellent choice because of its features. On my machines it has caught
several email viruses days or even weeks before the AV programs identify
them.
Click to expand...

Now that is interesting :).
 
How often has application control actually saved your ass from the
presence of malware?
Click to expand...

Me personally, zero. I'm not the type of person that is easily duped
by malware :) All of the PC's on my network are up to date, all have
antivirus and firewalls on the desktop. I subscribe to F-Prot AVES
with my ISP also so I rarely see email borne viruses or spam for that
matter.

My fathers PC was missing MS03-026 amongst others and Sygate IDS
detected blaster's traffic and blocked it. This is a good example.

Regards,
Ian Kenefick
http://antivirus.ik-cs.com
 
Ian said:
Me personally, zero. I'm not the type of person that is easily duped
by malware :) All of the PC's on my network are up to date, all have
antivirus and firewalls on the desktop. I subscribe to F-Prot AVES
with my ISP also so I rarely see email borne viruses or spam for that
matter.

My fathers PC was missing MS03-026 amongst others and Sygate IDS
detected blaster's traffic and blocked it. This is a good example.

Regards,
Ian Kenefick
http://antivirus.ik-cs.com
Click to expand...

Yeah, I honestly didn't suspect you were that type of person. I would
say the same about me.

The problem I have with this notion that application control is so
necessary is that it's illusory. The very people who really need a PFW
are those who likely have no safe computing regimen as foundation.
Further, those very same people can hardly be relied upon to bother with
knowing which components should be granted permission to execute an
application, let alone whether this is the result of downloading
something, or even a windows update. While I firmly believe that inbound
intrusion prevention is a very good risk abatement, outbound application
control is nothing more than flood insurance for those who live on very
high ground.

People can have as much insurance as they want. I just find the
recommendation that outbound application control is a *necessity* to be
unintentionally dishonest.
 
People can have as much insurance as they want. I just find the
recommendation that outbound application control is a *necessity* to be
unintentionally dishonest.
Click to expand...

I understand what you say but great grounds have been made in personal
firewalls to help the user make a decision as to what they should and
shouldn't allow to connect to the internet either by pre-configured
firewalls or updatable checksum databases. I sill think it is a
necessity to have outbound protection at the application layer. It
buys the user time to research the component which is trying to
initiate an outbound connection by using Google for example.


Regards,
Ian Kenefick
http://antivirus.ik-cs.com
 
-snip-
ZONE ALARM is an

Now that is interesting :).
Click to expand...

[ jk ]
ZA is an excellent choice 'cuz it can be "taken down!"
[ /jk ]

So, one could rely on two simple rules:
- ZA (PFW) is running = = all is well.
- ZA (PFW) is not runnig = = something's wrong.
Hmm, lemme think about this... ;)

J
 
ZONE ALARM is an

Now that is interesting :).
Click to expand...

You can make all the smartass comments you want to but this is a fact.
It has happened three or four times. Usually the AV stuff catches up
within a day or two but I held a suspicious attachment on my desktop for
over a month before it was finally recognized by any AV scanner as a
threat.

In over 20 years of working with computers I've only been infected twice
and both times were my own fault because I clicked too quickly and by
the time I was through saying "dammit" I had myself an infection. On the
first occasion I had to manually clean the infection because while the
AV vendors could identify it they hadn't yet come up with a clean up
method. After spending six hours tracing the virus through the registry
I was clean and much more cautious. The second time was when the payload
was hidden behind a bogus icon. Instant realization of my stupidity sent
me directly to the power button to prevent further nastiness.

I say a personal firewall is indispensable, even if someone is as
brilliant as you are.
 
Per Captain Jinks:
That is a big deal. You might be eaten
up with Trojans and dialers but a software firewall will make them
useless unless you're silly enough to give permission to everything that
tries to contact someone outside your own computer.
Click to expand...

I just learned the truth of that a couple days ago.

Re-built a PC, installed virus protection/personal firewall immediately albeit
had not received the router yet.

Somewhere in that process I wound up with a worm in the form of (RSPCS.exe?).

Took a little while for it to dawn on me that something wasn't right as the
firewall was reporting about two attacks per second. Then I looked at the
outgoing and this thing was just spraying traffic here, there, and everywhere.
My assumption is that those outgoings acted as invitations for incoming attacks
because once I got rid of the offending .exe, it quieted down again.
 
Back
Top