Re: Neither, buy a router.

From: David (davidwnh@adelphia.net)
Date: 01/02/03 

From: "David" <davidwnh@adelphia.net>
Date: Thu, 02 Jan 2003 02:43:41 GMT

Excellent information overall and 1-4 and A-D are all valid points, however
at what point does someone realize that their software firewall isn't needed
and they decide to uninstall it? The day before a new Trojan is released
that spreads unknowingly for a while? The day before someone finds a new
hole in IE and plants a renamed trojan or remote control program on your
machine that goes undetected by your AV software? Sure I'm stretching things
a bit to make a point, but even though many of these things are low on the
risk scale, the trend towards automating the distribution of such malware
seems to be raising the bar a bit.

Sure there are ways to help prevent getting Trojans, including
reconfiguration within the OS itself, and there are other ways to detect
such things. I don't use a "personal firewall" myself, however I do realize
that my solution may be too complicated or cost-prohibitive for others. I
also realize that a personal firewall can easily and unknowingly close up
some of the holes that an average home user may not even know about. Most
people want as simple and reassuring a solution as they can find and don't
wish to read 1000+ page tomes on internet security to tighten their system a
bit.

Once you "realize" and uninstall then you may never know how real your
realization was before it is too late.
So tell me who is better off in the below scenario.

Personal firewall user John Doe gets the alert " program.exe" wishes to
connect to the internet. He doesn't allow access, finds the relevant
information on the web identifying this as a Trojan, and cleans it off his
system. He then goes back to what he was doing.

Router only user John Doe looks at his access logs and wonders why his
computer has been accessing an IRC server for two days. He run's his Trojan
scanner, finds the culprit and cleans it off his system. He then ponders how
much malicious activity has been done to his system since he knows that some
activity has already occurred. His above average knowledge even allows him
to discover other things that were done to his system so he corrects those
also. But he is never sure if something else was done or not. So he decides
to format his hard drive, reinstall everything, then goes back to what he
was doing two days later.

I guarantee you can come back with totally valid responses, and solutions to
any hole I could find in a router only setup, but how many ordinary home
users would know about such things or care to spend the time to learn about
such things as opposed to using a somewhat simpler solution. Neither
solution is perfect but they complement each other in many ways.

There is a good reason why some of the router manufacturers are bundling
personal firewalls with their routers, and it is not just a marketing ploy.
And there is a good reason why the same manufacturers are also now making
routers with more extensive filtering and access control. And I thank
Moore's Law for giving me a CPU in which I can run several services and game
at the same time.

> This is in reference to PERSONAL FIREWALL APPS, not Checkpoint or
> something like that:
> 1) Software firewalls utilize CPU cycles on the machine they run on.
> 2) Software firewalls are easy to misconfigure and are often
> misconfigured.
> 3) Software firewalls can cause problems with applications on the system
> 4) Once you are under attack, a real one, not just a probe, your machine
> utilizes almost 100% CPU cycles to fend it off.
>
> This is in reference to Modem Routers (Linksys, DLink, etc...)
> A) Routers with NAT don't use ANY CPU cycles on the computers
> B) Routers with NAT are easy to properly configure, then forget
> C) Routers with NAT can cause problems with internet sharing apps (like
> ICQ, Games) but in general they don't.
> D) Routers with NAT protect more than one computer.
>
> You can, and should for a while, install the Router with NAT and a
> personal firewall application - once you see that you don't really need
> the personal firewall you can remove it.
>
> IN ALL EXAMPLES YOU SHOULD MAKE SURE THAT YOU HAVE STRONG ANTI-VIRUS
> SOFTWARE INSTALLED.
>
> If you are going to run a software Proxy or NAT, just get a hardware one
> for $75 bucks and be happy - no parts, no software, not hassle.
>
>
>
> --
> --
> Leythos999@columbus.rr.com
> (Remove 999 to reply to me)

Relevant Pages

  • Re: Hardware, software or both?
    ... one more question please regarding routers. ... > 2) Software firewalls are easy for the non-technical computer user to ... > of the personal firewall applications. ...
    (comp.security.firewalls)
  • Re: Recurrent question
    ... The windows firewall comes with it's own set of problems. ... think Microsoft's security reputation speaks for itself. ... Logs may be sorted by source IP, source port, ... "Software Firewalls versus Wormhole Tunnels ...
    (comp.security.firewalls)
  • Re: Software Firewalls are "Snake Oil" !
    ... I had a look at the specs for Tiny Personal Firewall - it says specifically ... > Outpost is one package whereas these are five (I recommend DNSKong ... >>So, bottom line, are these software firewalls worth a hoot? ...
    (comp.security.firewalls)
  • Re: Hardware, software or both?
    ... >> now I am checking the Sygate Personal firewall and like it a lot. ... Software firewalls are easy for the non-technical computer user to ... Routers are very cheap - often cheaper than the registered copy price ...
    (comp.security.firewalls)
  • Re: XP Firewall will not enable at system boot
    ... I have WF turned off because I've given McAfee control of the firewall. ... wise to have two software firewalls, although it is OK to have a hardware FW ... >I have Norton Internet Security Personal Firewall, disabled, but Norton ...
    (microsoft.public.windowsxp.security_admin)