Vulnerability when no internet applications are active

[cellist]

I sometimes find that the firewall and anti-virus software I'm running
impacts the performance of another application so severely that I want to
temporarily turn off the firewall and other security software to enable the
other application to complete more quickly. For example, disk backup
software.

I've tried a number of firewall and anti-virus applications. Some have less
impact than others, but the all have a significant impact on certain
applications. So I don't think finding a more efficient firewall and a-v
application is the best solution.

Assume an always-on internet connection, NO browser running, NO mail client
running, NO XP firewall running, NO 3rd-party firewall running, NO anti-virus
monitor running. When I say "no xxx running", I mean that the software is
installed but is not running/not activated at the time in question. In
general, which of the following statements is closest to the truth?

1) The computer is not vulnerable to any outside threat.
2) The computer is just as vulnerable as it would be with any of those
applications running.
3) The computer is somewhat vulnerable but the chances of an attack are
quite small.

How, if any, does the answer change if the computer in question is connected
to a wireless network with XP file and printer sharing enabled?

TIA,

Phil

 

[Twayne]

I sometimes find that the firewall and anti-virus software I'm running
impacts the performance of another application so severely that I
want to temporarily turn off the firewall and other security software
to enable the other application to complete more quickly. For
example, disk backup software.

I've tried a number of firewall and anti-virus applications. Some
have less impact than others, but the all have a significant impact
on certain applications. So I don't think finding a more efficient
firewall and a-v application is the best solution.

These don't make sense. Firewalll won't slow anything down. IIt will
either allow or not allow; that's all. It's all or nothing, not in
between.

AV could be your implementation and computer specs, which you left out.
AV doesn't need to be checking each and every file that is created,
revised, moved, copied or viewed. You might need to adjust some of the
settings.
Or more likely from the sound of it, your machine may not be powerful
enough or have enough RAM to run such software efficiently. IMO you
need to be looking elsewhere first, and proving such things as:
-- No viruses, trojas, worms, etc.
-- No spyware, malware, etc.. And ti takes, usually, at least 3
different such programs to cover the whole gamut of possibilities.
And of course, they must be completely up to date.

I don't meant that you ARE wrong in your assesment, just that I think
you are. You may be right. But, to determine that you'll have add
information to your post. http://support.microsoft.com/kb/q555375 is a
good place to start. Only with a descrip of your machine and its
components, OS rev, drives, RAM, etc. can a good estimation be made.
IMO you should try to restate your question with those things in mind,
after reading the link.

Assume an always-on internet connection, NO browser running, NO mail
client running, NO XP firewall running, NO 3rd-party firewall
running, NO anti-virus monitor running. When I say "no xxx running",
I mean that the software is installed but is not running/not
activated at the time in question. In general, which of the following
statements is closest to the truth?

You didn't mention dialup or ADSL etc.. So I'll assume ASDL:

1) The computer is not vulnerable to any outside threat.

False: It is highly vulnerable with the possible exception that you are
using a NAT router which is likely. That will help a lot but ONLY while
the machine itself is idle, and it still has vulnerabilities, especially
if you've not changed the default password in your router/gateway.

2) The computer is just as vulnerable as it would be with any of those
applications running.

?? Didn't you just spec that they are NOT running in the above para?

3) The computer is somewhat vulnerable but the chances of an attack
are quite small.

Chances of an attack are large and likely witout a NAT router or some
other hardware similar feature.

How, if any, does the answer change if the computer in question is
connected to a wireless network with XP file and printer sharing
enabled?

Can't answer; depends on too many other things, mostly e.g. what
computer is used to access the net? The one that accesses the 'ent is
always the one that needs to most protection.


HTH,

Twayne

 

[cellist]

Twayne, thanks for taking the time to reply.

I asked for opinions GIVEN the assumptions that I laid out. I deliberately
did not get into specifics as to the hardware and software that I am running
because I'm not in much of a position to change that to any significant
degree. I've pretty carefully determined that firewall and a-v are the major
variables in a variety of performance issues -- or I should say "of the
variables that I can do something about", those are the major ones.

You state that the firewall could not possibly have any performance
impact.The term firewall has in my opinion taken on an expanded meaning,
thanks to clever marketing, and now means a variety of functions far beyond
that of just allowing or disallowing. I may be wrong about that, but I'm
prepared to assume, even if you are not, that both firewall and a-v
monitoring impact my performance.

Phil

 

[Twayne]

Twayne, thanks for taking the time to reply.

I asked for opinions GIVEN the assumptions that I laid out. I
deliberately did not get into specifics as to the hardware and
software that I am running because I'm not in much of a position to
change that to any significant degree. I've pretty carefully
determined that firewall and a-v are the major variables in a variety
of performance issues -- or I should say "of the variables that I can
do something about", those are the major ones.

You state that the firewall could not possibly have any performance
impact.The term firewall has in my opinion taken on an expanded
meaning, thanks to clever marketing, and now means a variety of
functions far beyond that of just allowing or disallowing. I may be
wrong about that, but I'm prepared to assume, even if you are not,
that both firewall and a-v monitoring impact my performance.

As you wish. AV yes, very possible; firewall, no. Bastardized
firewall, who knows? It's your machine, you can assume at will but
waste your and other's time with questions that you feel you know the
only viable answers to.

 

[Leythos]

You state that the firewall could not possibly have any performance
impact.The term firewall has in my opinion taken on an expanded meaning,
thanks to clever marketing, and now means a variety of functions far beyond
that of just allowing or disallowing. I may be wrong about that, but I'm
prepared to assume, even if you are not, that both firewall and a-v
monitoring impact my performance.

In general, any firewall appliance, a true firewall, will not show any
impact on your performance as they are all faster than your internet
connection - at least I can't find one slower than any internet
connection that a Home/Small business would have.

With that said, if you're using a soft firewall you will have
performance impact based on how much traffic the soft firewall has to
react to.

If you have a NAT router that pretends to be a firewall, they often have
limited CPU power and can bog-down easily and don't often support
multiple VPN connection, etc...

Some real firewalls also suffer when using PROXY services for filtering
content - this would be the sub-$500 units mostly.

I have a bunch of firewall appliances and can honestly say that I have
no degradation of internet performance by them.

AV solutions are another beast entirely, Panda was the worst one I've
every seen, then McAfee and Trend, for performance issues.

Many HOME type AV solutions try and provide more than just AV, they also
implement firewall and other blocking solutions - they will always
impact the performance of the workstation/computer.

 

[David H. Lipman]

From: "cellist" <[email protected]>

| I sometimes find that the firewall and anti-virus software I'm running
| impacts the performance of another application so severely that I want to
| temporarily turn off the firewall and other security software to enable the
| other application to complete more quickly. For example, disk backup
| software.

| I've tried a number of firewall and anti-virus applications. Some have less
| impact than others, but the all have a significant impact on certain
| applications. So I don't think finding a more efficient firewall and a-v
| application is the best solution.

| Assume an always-on internet connection, NO browser running, NO mail client
| running, NO XP firewall running, NO 3rd-party firewall running, NO anti-virus
| monitor running. When I say "no xxx running", I mean that the software is
| installed but is not running/not activated at the time in question. In
| general, which of the following statements is closest to the truth?

| 1) The computer is not vulnerable to any outside threat.

FALSE -- The OS is running and thus you are vulnerable to exploits in the OS. The most
notable has been a vulnerability addressed in; MS08-067


| 2) The computer is just as vulnerable as it would be with any of those applications
running.


FALSE -- The FireWall application and anti virus may intercept and internet POV
exploitation attempt.


| 3) The computer is somewhat vulnerable but the chances of an attack are quite small.


That's a grey area and not easily addressed due other variables


| How, if any, does the answer change if the computer in question is connected
| to a wireless network with XP file and printer sharing enabled?


You are MORE vulnerable with WiFi and improper settings leave you open to War Driving.

One way to limit the exposure is to move the FireWall from the PC to an appliance. A
simple NAT Router or a NAT Router with a full FireWall implementation will take the burden
off the PC and free resources. It will mitigate internet hack attacks or Internet worms
from exploiting an OS on the LAN side of the appliqance.