I have a linksys befsr41 Router. Why do I need a software firewall too. To stop what's going out I expect. What could go out that would hurt me and how important is it. Doesn't a router protect all my personal info like bank and credit card stuff?

Not unless you bouth a hardware firewall. The router may stelth ports and such but the software firewall will be able to tell you who is trying to attach you or whats going out and why. I suggest Norton Internet Security as this has the firewall and the antivirus software or you can just buy nortan firewall.

Or you can take the cheap way out and down load a free firewall from zonealarm.com

the trojans could have a field day with you. i think it could still send out yuour info in trojans.

i would rec at least the free zone alarm

Zaney123

But, Don't the Trojans have to get in first?? How do they do that if I have a Router(Best Firewall)?

all im saying is that a router is to rout, you didnt buy a router to protect you because thats not its main job. Id get as I said before norton firewall and you can update it so you not pron to attacks.

Well I guess that brings up another question then. I have ben led to believe that a router is the best firewall you can get. Is that not the case?

Hi TEEB,

I think the best arrangement is to use the Router Hardware firewall to guard against what's coming in and a software firewall like ZoneAlarm to monitor what's trying to access the Net.

Just in case something slips thro (or is installed thro floppy or CD-Rom) and tries to access the Net.

Better to be safe than sorry.

Thanx Mike: I have the router in place and was trying to get opinions on the software firewall for outgoing. I am having trouble trying to figure out what I am protecting myself from as far as outgoing is concerned?

trojans are the worst culprit..they still can come in through the router in a email of some sort. then can send outgoing packets of your info.

Zone alarm would be the best for you if your are just looking for outgoing coverage.it's free

Norton antivirus scan incomming and out goibg e-mail if you use outlook express...

If NAV is completely up to date.

I had caught the Bugbear virus because NAV was five days out of date (at that time I updated on a weekly basis). It slipped right thro in an Email and proceeded to trash NAV.

ZoneAlarm caught it trying to access the Net and that brought it to my attention.

Also Spyware or other forms of Malware can be installed thro a legitimate program. If you don't have anything checking outgoing, then it could remain undetected.

I think the instances of Malware have showed no signs of decreasing.

Ok, I'll put forward an unpopular view :p Software firewalls are totally unnecessary. They lull users into a false sense of security with claims like "Sygate Personal Firewall ensures your personal computer is completely protected from malicious hackers and other intruders while preventing unauthorized access from your computer to a network" whilst actually providing no additional level of security to that which would be attained by simply switching off unnecessary services.

Why do I say this? For the following reasons:

Stealthing - a redundant feature which is the result of marketing influencing development. SPF's break normal protocols ("host unreachable" messages are not sent, etc) and these breaks render a machine "visible" (a little like a black hole - it's nothingness makes it stand out!).

Ingress filtering - again, a redundant feature. If a port is closed, it's closed. Nothing can get through. In fact, it's perfectly OK for a port to be open so long as the OS itself has been properly secured (shares disabled or protected with strong passwords, etc).

Egress filtering - SPF's are touted as being a solution to "spyware" and Trojan "breakouts". Hmmm. Firstly, the "spyware" issue can be overcome simply by not installing it to start with (RTF EULA's!). That leaves the question of Trojans. Well, the egress filtering of the average SPF will certainly provide a degree of protection against the most basic and badly written Trojans. Alas, there are now an ever increasing number of Trojans which seek to exploit the MS TerminateProcess frailty (the designers of security products actually went so far as to switch device drivers from Ring3 (API layer) to Ring0 in an attempt to workaround this frailty only for some nasty person to discover (within the space of a few weeks of the shift) undocumented Windows calls allowing for a leap from Ring3 to Ring0 without the need for the writing of SYS files or VXD's (MoSucker, BioNet, et al being examples)). Here's what the developer of one (well known, award-winning) security product had to say on the matter (it's an extract of a discussion group post which initially centered on ZA):

"I should perhaps been a bit more specific on ZA 2.6.xxx - please forgive me folks, I never did believe in software firewalls and don't use any of them. What I *should* have said was early versions of ZA 2.6.xxx (the freebie - we've played with it to test compatibility of our own products) and they go byebye with ease. After ZA's changes, and those of other manufacturers including ourselves, you have to now go after a Ring0 device driver to kill the security product, but YES, they ALL DIE if you know what to do.

Since BioNet, hundreds of other trojans incorporated this "ability" to take out all sorts of programs, most notably "MoSucker" which went beyond the original "one-shot" of BioNet and would keep nailing the various programs every second. Whereas with BioNet, you could restart the programs affected (if they weren't rendered corrupt) and hopefully nail them. MoSucker and a number of others however would keep whacking the security software and take it out before it even had a chance to get started, much less get to work.

What's going on is a truly bad design and while the discussion has centered on blaming the various security companies for the problem when it's really Microsoft's fault (although all of us have done our utmost to circumvent this as best as we can) there IS NO SOLUTION until Microsoft is made to deal with this. I'd encourage folks to make the point to Microsoft personally here."


I'll summarise the position further by saying that there are now probably 1000's of Trojans (and other forms of malware) out there which are able to shut down a SPF (even an ActiveX control on a web page can do it!). Some will even substitute a replacement System Tray icon so that the user is unaware that the SPF service has been terminated. And guess what? Those who write and distribute Trojans know that more and more people are using SPF's and are, therefore, more and more inclined to write and distribute malware which makes use of the of the TerminateProcess weakness.

The above is just my 2C (it never sounds quite right to say 2P!) and there'll probably be 101 perfectly valid counter arguments put forward :D

That makes for very interesting reading Crash. I would like to hear your opinion on Routers as firewalls?

They're excellent :D Here's (http://www.samspade.org/d/firewalls.html) a (now rather old) article by Sreve Atkins (a chap who understands how networking protocols really work!) (http://www.samspade.org/d/traceroute.html) on the subject of SPF's versus routers.

Thanx very much for the input Crash. You know, I have always been a little suspicious of programs like that. Now I know wy!!

Originally posted by TEEB
Thanx very much for the input Crash. You know, I have always been a little suspicious of programs like that. Now I know wy!!

Just remember that the above are nothing other than my personal views and that there are numerous people out there who hold a very different opinion of SPF's!

Yup, I like my software firewall. I have a NAT router and pc-cillin too.

My firewall doesn't pop up all the time. Yes, if you just install one and leave it, you'd probably get alarms all the time. The only time it did go nuts was valid and I had a trojan I thought I cleaned.

Granted some of those things will kill the firewall as well as the virus program.

One of the things I use the firewall for is to block addresses in and out. There are LOTS of things that are passed on when you download a web page. I even have a bunch of stuff on this site blocked. When I go to a new site, I LOOK at what has been passed. It's not that a lot of it is so bad, just my personal preference that I am in charge of what is collected on me.

I guess I don't just pop all over the net. I try to be careful of the sites I visit. It took a week or so for me to get my firewall the way I wanted it. I look at my logs regularly on both the router and software firewall.

A linux box is not the end all or be all answer either, IMHO. Yeah, right. A user that can't take the time to setup a software firewall is going to setup a linux box as a firewall? The installs of some of the major vendors are getting better. It's true. But if something does go wrong...

So, I have the NAT to keep stuff out, virus software to check what comes in, and firewall to look at what goes out. That is the best I can do. I have better things to do with my time than to run down and fix/clean asorted virus/trojan/worm/etc. (I spend too much time on this for friends and relatives!)

That's my 2 cents.

Glad to have your 2 cents worth beckx020. I hope more people will let us know what they think!

Hi,

I have a feel questions..

I currently have Norton AntiVirus Corporate Edition with the most recent updates.. Is that enough to stop unwanted hackers? Or do I also need ZoneAlarm or Noron Personal Firewall? Thanks..

I use Sygate. So what your saying, Crash, is that if I keep my OS (Win2000Pro) up to date and shut off any unneeded Services that I don't really need a (software) firewall?

So what your saying, Crash, is that if I keep my OS (Win2000Pro) up to date and shut off any unneeded Services that I don't really need a (software) firewall?

That about sums it up! There are two ways that somebody could gain access to your computer:-

1) Remotely via the manipulation of unprotected shares (and, yes, it's remarkably easy to establish whether a person has sharing enabled - all the necessary tools are bundled with Windows!); or

2) Locally via *you* installing, for example, a Trojan e-mailed as an attachment.

Simply disabling or properly protecting (strong passwords!) shares will guard against 1).

Care, caution and a good AV/AT will guard against 2) (but bear in mind that if something nasty does manage to slip through your defences then, firewall or no firewall, there's a good chance that you're f****d (see above!)).

It's remarkably easy to shutdown a firewall (for example, an ActiveX (http://www.paoloiorio.it/fw.htm) control on a web page will do the job!) and, if this happens, an otherwise unprotected system is vulnerable!

Hmmm ... System #2 ... a Slacky, eh!

Thanks for the explanation.

Though what do you mean by "unprotected shares"? Sorry, networking and OS's ain't exactly my thing.

Look here. (http://www.cert.org/incident_notes/IN-2000-02.html)

Hi,

I have a feel questions..

I currently have Norton AntiVirus Corporate Edition with the most recent updates.. Is that enough to stop unwanted hackers? Or do I also need ZoneAlarm or Noron Personal Firewall? Thanks..

By the way, I don't really access any sites with "potential" viruses. I usually go to well known and trusted sites, such as www.nhl.com or www.google.ca. Also, I don't really download unknown files. I only get files from people and sites that I trust. So am I safe? currently have Norton AntiVirus Corporate Edition with the most recent updates.. Is that enough to stop unwanted hackers? Or do I also need ZoneAlarm or Noron Personal Firewall? Thanks..

NAV is great, I think enough of it to have it on every computer I own. But it is no way a firewall or meant to be. It's meant to stop malacious code from running If I take control of your computer I won't be using any malacious code. I'll be using the same code you use. In fact I'll be using your OS. (Not that I even know how)


A router by itself is very good protection. But one that has a firewall is better protection. A seperate hardware firewall maybe overkill for home use is probably he best solution.

I'm not a fan of software firewalls at least not the common ones. But they are about a million times better than nothing.

Ok.. In that case I will go get ZoneAlarm or get a copy of Norton Personal Firewall.......