Re: Just want to keep the crap out!!



"dawg" <don't look@xxxxxxxxxxxxxxxx> wrote:

Since I know nothing about software firewalls I obviously hosed my PC when
playing with the stupid thing. My Tiny Firewall 2.0.13.
I am on a fixed(very fixed) income and would like some advice on a cheap
hardware solution. Yeah right. Probably asking for too much ,huh?Thanks



Any soho router will provide the majority of protection through
hardware NAT. (various irate counter replies I'm sure will follow)
While NAT attacks theoretically exist, nobody is targetting your
device so focusedly to exploit these concepts and back into an
existing outgoing connection and then exploit that specific type of
connection for your sepcific OS correctly for whatever connection
service happened to be using that sequential port. The bad guys are
going for volume and simplicity. Scan every pC in the world for a know
exploit and use those PCs directly attached to the interent and
unprotected. A hardware router is going to take the hits instead. Out
of the box, these routers pass nothing inbound other than the answers
to requests your PC sent out first. Unless you reconfigure the router
to make your PC the DMZ host or turn on UPnP (where UPnP in WIndows XP
can request the Router to reconfigure things) you'll gain most of the
beneifts without the complexity.

This proves out in the real world. Professional firewalls will be
better but any outgoing NAT really protects you from scans and general
exploit attempts, msmessnger service pop ups(port 1024-1029), etc.

You will still be vulnerable to yourself. If you click on a bad thing
or phony site, you'l be opening yourself to problems, and neither
routers or really firewalls tends to a save an user from themselves. I
have seen users ignore warnings and let through attacks and spyware
because some popup came up they didn't understand it and just clicked
buttons on it till it went away.

The theory that many people put forward is that a firewall will stop
things from LEAVING the PC. Well Firewall software on the PC lets most
things go out. Often permissions are give to applications and
subsystems that would be used by friend and foe. For most general
users you have a higher possibilty of blocking what you want then
preventing something you don't want from exiting the PC.

Of course if you don't use peer-to-peer software, take free things
from strangers, or visit sleazy sites you'd be much better off
safety-wise. Then you only have to worry about fake emails and
"friends" sending you crap.

It also raises the complexity of the PC environment and can be a major
cause of trouble and aggravation.

I advocate running an up to date virus scanner. not an internet
security suite with tons of crap that slows the pc. AVast is free and
has been working great for over a year on every pc i've put it on.
And run adware scanners periodically. Microsoft's beta antispyware is
decent and will autoscan for free. But no adware is enough. Each
product fails to protect and detect many instances of spyware. Several
PCs that has become seriously infected by spyware/viruses had
MCafee/norton antivirus, interent security suites installed and
paid-for adware proteion like Spysweeper. None of it stopped the PC
from getting trashed by spyware. Once any one product detects spyware
it is time to run multiple free products against your harddrive. I
also run the free online virusscanners as spyware often damamges
installed antivirus scanners. RAD, trendmicro, panda software all
offer web-based scanners for free.





.



Relevant Pages

  • Re: firewall opinions
    ... > configure the firewall (hardware or software) to stop every conceivable ... residents started this year, only one was a returning resident, all the ... As part of our overall solution we installed a Linksys BEFSX41 router (NAT ...
    (microsoft.public.windowsxp.general)
  • Re: firewall opinions
    ... ideal router configuration. ... the purpose of LeakTest is Not to test various ports (e.g. ... least the user had a chance to stop it, which a hardware router would ... >>configure the firewall to stop every conceivable ...
    (microsoft.public.windowsxp.general)
  • Re: Linux firewall vs Windows and Hardware based firewalls
    ... > What are the advantages of a linux firewall over something like Windows ... or even a hardware based firewall. ... down to the bare minimums and run *just* a router. ...
    (Debian-User)
  • Re: hardware vs software FW
    ... Hardware and software comparisons have been posted many times in this ... Users must rely on their computers to be stable before installation ... Users may have to open outbound DNS in firewall to get to ... could install a router with NAT and be protected from INBOUND also. ...
    (comp.security.firewalls)
  • Re: hardware vs software FW
    ... Hardware and software comparisons have been posted many times in this ... Users must rely on their computers to be stable before installation ... Users may have to open outbound DNS in firewall to get to ... could install a router with NAT and be protected from INBOUND also. ...
    (alt.computer.security)