Re: Do I need Norton firewall now I have an ADSL modem/hub/router/firewall?

From: NeoSadist (neosad1st_at_charter.net)
Date: 10/08/04 

Date: Fri, 08 Oct 2004 19:29:19 +0000

Chuck wrote:

> A NAT router (not a true firewall) is a good outer layer in a layered
> defense.

No, in my opinion NAT is not a very good firewall: it's just how the router
does its job. If applications are being made now that can easily
understand how traffic behaves behind a NAT, trust me, the "bad" programs
can as well.
 
> http://www.firewall-software.com/firewall_faqs/what_is_a_firewall.html
> http://support.microsoft.com/?id=321050
> http://www.homenethelp.com/router-guide/features-firewall.asp
>
> You need a software firewall on each computer in your LAN; in case one
> computer gets infected, a software firewall on the others could save you a
> lot of
> trouble.
> Depending upon the effectiveness of the intruder detection log
> on the D-Link, a software firewall is also a good idea to identify unknown
> programs installed on your computer, generating outgoing traffic.
> OTOH, both a (NAT) router, and a software firewall, are only 2 layers in a
> good layered defense.
>
> The third layer is good software, also on each computer. This layer has
> multiple components.
>
> AntiVirus protection. Realtime, plus a regularly scheduled virus scan.
> Regularly updated. AV protection is not all that's needed today.
>
> Adware / spyware protection. Realtime, plus a regularly run adware /
> spyware
> scan. Regularly updated.

You need adware/spyware because Windows (even when configured properly)
cannot truly defend itself. See my comment on the browser below:

> Complete instructions, using Spybot S&D and HijackThis (both free) are
> here: <http://forums.spywareinfo.com/index.php?showtopic=227>.
>
> Harden your browser. There are various websites which will check for
> vulnerabilities, here are three which I use.

If you want true browser security, stop using Internet Explorer and use
Mozilla. It was highly recommended that people stop using Internet
Explorer. However, people should also stop using their computer as the
Administrator (or an admin) account.

> http://www.jasons-toolbox.com/BrowserSecurity/
> http://bcheck.scanit.be/bcheck/
> https://testzone.secunia.com/browser_checker/
>
> Block Internet Explorer ActiveX scripting from hostile websites
> (Restricted Zone).

Actually, more like stop using Internet Explorer altogether. You can shut
off ActiveX in all zones, but that only leads to web pages not displaying
or working properly (due to the web server detecting the browser being
used, and automatically assuming that all people using Internet Explorer
want to use ActiveX, etc). This is why virtually all anti-spyware /
anti-adware / browsing-security websites tell us how to fix Internet
Explorer, yet we can do what they say and it still eagerly welcomes the
unknown.

> <https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)
>
> Block known dangerous scripts from installing.

By using a different brower....

> <http://www.javacoolsoftware.com/spywareblaster.html>
>
> Block known spyware from installing.

By not using Internet Explorer, etc....

> <http://www.javacoolsoftware.com/spywareguard.html>
>
> Make sure that the spyware detection / protection products that you use
> are reliable:
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Harden your operating system. Check at least monthly for security
> updates. http://windowsupdate.microsoft.com/

No, Windows Update is security fixes, but hardening is more than patching:
you need to properly configure Windows (and even then, doing the "right
thing" in security usually leads to losing some of the features you want).
 
> Block possibly dangerous websites with a Hosts file. Three Hosts file
> sources I use:

No, the hosts file wasn't and isn't meant for this purpose. The better idea
would be to use a browser that can itself block such things as ads and
popups. Internet Explorer is way behind the power curve, mainly in
security, which is why it needs to be eliminated.

> http://www.accs-net.com/hosts/get_hosts.html
> http://www.mvps.org/winhelp2002/hosts.htm
> (The third is included, and updated, with Spybot (see above)).
>
> Maintain your Hosts file (merge / eliminate duplicate entries) with:

Again, it wasn't meant for this. It existed so that sites without a DNS
resolution entry can work properly, etc. I'd laugh if some spyware/adware
came out later that answers over 127.0.0.1.

> eDexter <http://www.accs-net.com/hosts/get_hosts.html>
> Hostess <http://accs-net.com/hostess/>
>
> Secure your operating system, and applications. Don't use, or leave
> activated,
> any accounts with names or passwords with trivial (guessable) values.
> Don't use an account with administrative authority, except when you're
> intentionally doing administrative tasks.

And even then, you can use the Run As service to not have to log in as
Administrator (or an admin account) in the first place, making sure that
you don't give Administrative rights to too many applications that load at
login.
 
> The fourth layer is common sense. Yours. Don't install software based
> upon
> advice from unknown sources. Don't install free software, without
> researching
> it carefully. Don't open email unless you know who it's from, and how and
> why it was sent.

Very very true. All the above fixing won't work if you accidentally screw
things up yourself.
 
> The fifth layer is education. Know what the risks are. Stay informed.

Like you stay informed on how several very important agencies have
recommended that people stop using Internet Explorer?

http://www.kb.cert.org/vuls/id/713878

http://www.securityfocus.com/columnists/263
http://www.securityfocus.com/columnists/262
http://www.securityfocus.com/columnists/251

http://news.com.com/Corporate Web servers infecting visitors'
PCs/2100-7349_3-5247187.html?tag=techdirt

> Read Usenet, and various web pages that discuss security problems. Check
> the logs from the other layers regularly, look for things that don't
> belong, and take action when necessary.
>
> Cheers,
> Chuck
> Paranoia comes from experience - and is not necessarily a bad thing. 

-- 
It's a damn poor mind that can only think of one way to spell a word.
                -- Andrew Jackson

Relevant Pages

  • Re: firewall problem with ftp
    ... Personal as the software firewall. ... I don't like Windows Firewall at all. ... A system cannot be protected from its administrator. ...
    (comp.security.firewalls)
  • Re: zonealarm update
    ... pages up just get "internet explorer cannot display webpages" any ... Also make sure that the Windows built in firewall didn't get enabled. ... it usually blocks a lot of Internet activity. ... Best to only use one software firewall at a time. ...
    (microsoft.public.windowsxp.general)
  • Re: Worth the Upgrade to SP2?
    ... > Adaware SE with all updates installed. ... > Is there another reason for me to upgrade to SP2? ... You mean your mention of AntiSpyware and your use of a third party firewall ... The Add-On Manager in Internet Explorer could help you get ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Worth the Upgrade to SP2?
    ... Alarm Pro, SpyBot Search & Destroy, Spyware Blaster, CW Shredder, and Adaware SE with all updates installed. ... Is there another reason for me to upgrade to SP2? ... You mean your mention of AntiSpyware and your use of a third party firewall and a comparison with what you do now and what you will do after you patch with SP2... ... The Add-On Manager in Internet Explorer could help you get rid of some of the parasites you collect.. ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Uninstalling IE to rid spyware
    ... considering it is not an option in XP to uninstall Internet Explorer - ... spyware infects all aspects of your PC, ... disable your Windows Messenger service. ... by the normal home user and in cooperation with a good firewall, ...
    (microsoft.public.windowsxp.general)
Quantcast