one firewall better than two

[species8350]

Hi,

Evidently, one firewall is better thatn two, I realise that they
compete, but I don't understand why this should be a problem.

Evidently, the same principle applies to anti-virus programmes.

Can anyone explain these facts to me?

Thanks

 

[Richard G. Harper [MVP]]

The primary problem is that in both instances these types of programs
intercept input/output at a very low level - in most cases by inserting
themselves into the actual routines that send data into and out of the
system - and having two of them competing to say "STOP! That's a possible
threat!" can cause system instability at the very least or freeze-ups and
reboots at worst.

You can have multiple antivirus programs as long as only one of them is
"active" in real-time scanning and all others are set for on-demand use.
But since firewall software doesn't offer this type of operating mode it is
never wise to have two software firewalls running.

If you don't trust your current firewall software, either replace it or
supplement it with a router that has hardware firewall protection.

 

[Rick Rogers]

No, two is not better than one. When programs compete for resources and file
access, the user is the loser.

If two firewalls are installed and actively monitoring network activity,
there will be (not may be) conflicts. Resources will be needlessly occupied
and detract from other functions.

Same principle applies to multiple av programs as well with one difference:
Two can be installed but only one should be resident and actively scanning.
The other can be used as an on-demand scanner to confirm what the first
finds or misses. Having two doing resident scanning is asking for trouble.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Windows help - www.rickrogers.org
My thoughts http://rick-mvp.blogspot.com

 

[the wharf rat]

You should use only one firewall

There can be only one! If you have more than one firewall
they try to chop each other's heads off so they can steal their life
essence. That's especially true if you run Scottish firewalls.

 

[the wharf rat]

If two firewalls are installed and actively monitoring network activity,
there will be (not may be) conflicts. Resources will be needlessly occupied
and detract from other functions.

Look, software firewalls generally suck. They're resource intensive,
hard to configure, and easy to subvert. Your main line of defense
shjould be a dedicated hardware firewall and the software firewalling should
be limited to simple packet filters.

My 2 cents...

Just don't try to run Scottish firewalls. They have this thing
about swords and head-chopping.

 

[+Bob+]

Look, software firewalls generally suck. They're resource intensive,
hard to configure, and easy to subvert.

Use a software firewall to protect against outbound access (unapproved
programs calling out FROM your system).

Your main line of defense
shjould be a dedicated hardware firewall and the software firewalling should
be limited to simple packet filters.

Exactly - Use a hardware firewall (your router) to block inbound
access TO your network.

My 2 cents...

Worth 4 cents (2 for each firewall)

Just don't try to run Scottish firewalls. They have this thing
about swords and head-chopping.

And they fight naked - definitely not for computers that kids use.

 

[the wharf rat]

Use a software firewall to protect against outbound access (unapproved
programs calling out FROM your system).

It doesn't, though... All the malware people need to do is
use an known port... Oh, those PC things that say "XXX.exe is trying
to dial out!!!"? The problem there is the same as with UAC: people
don't bother to examine the messgae and just click ok...

I can't stand zone alarm or any of that crap.

 

[Poutnik]

(e-mail address removed)>, not_here.5.species8350
@xoxy.net says...>

Hi,

Evidently, one firewall is better thatn two, I realise that they
compete, but I don't understand why this should be a problem.

Evidently, the same principle applies to anti-virus programmes.

Conecting ropes,
one good knot properly created is always better,
than 2 either bad ones, either created incorrectly.

It applies to both FW/AV product and FW/AV configuration qualities.

Well, there is exception for not resident AV, running on demand only,
working as confirmation only.

 

[Poutnik]

You should use only one firewall
and only one AV program

Yes, using 2 FWs is like wearing two pairs of shoes.

 

[species8350]

(e-mail address removed)>, not_here.5.species8350
@xoxy.net says...>




Conecting ropes,
one good knot properly created is always better,
than 2 either bad ones, either created incorrectly.

It applies to both FW/AV product and FW/AV configuration qualities.

Well, there is exception for not resident AV, running on demand only,
working as confirmation only.

Thanks to all for responding

Best wishes

S

 

[Ollis]

Hi,

Evidently, one firewall is better thatn two, I realise that they
compete, but I don't understand why this should be a problem.

Evidently, the same principle applies to anti-virus programmes.

Can anyone explain these facts to me?

If a machine is running two host based software FW(s) on the machine, a
condition can happened called double firewalled, meaning that inbound packets
may not reach the machine, becuase one FW is allowing the packets to pass
through the FW while the other FW is blocking the passage of the same inbound
packets through the FW.

 

[Bill Yanaire]

Hi,

Evidently, one firewall is better thatn two, I realise that they
compete, but I don't understand why this should be a problem.

Evidently, the same principle applies to anti-virus programmes.

Can anyone explain these facts to me?

Thanks

Think of it as trying to install "Girlfriend 2.0" over "Wife 1.0". Your
will lose all your cache and you will have headaches until you uninstall
Wife 1.0!

 

[Bill Yanaire]

Are you a transgender creep? Did you uninstall your ding-a-ling 1.0 and
install a puss-e 2.0?

You probably installed Sheep-****er 2.0 and it crashed when you were running
Masturbator 1.0.