Re: do I need a software firewall

From: Stefan Kanthak (postmaster_at_1.0.0.127.in-addr.arpa)
Date: 04/11/05


Date: Mon, 11 Apr 2005 10:55:43 +0200


"Michael Pelletier" <mjpelletier@mjpelletier.com> wrote:

> Malke wrote:
>
> > Michael Pelletier wrote:
> >
> >> D@annyBoy wrote:
> >>
> >>> connecting to the Net via a wirelss adsl router (not sure whether
> >>> there's a built in hardware firewall)
> >>> do I really need a software firewall?
> >>>
> >>
> >> It is a good idea to have a firewall. However, remember protecting
> >> yourself by increasing your security has many parts. It is good system
> >> administration (not giving yourself local administrator privs,
> >> disabling active-x, etc) keeping up to date with patches, using anti
> >> virus software, using anti spyware software...and many, many more.
> >>
> >> If you do all these things then using a firewall is a good idea. If
> >> you do not do these things I suggest you start...
> >>
> >> Michael
> >
> > I'd just like to add this little bit to Mr. Pelletier's excellent
> > advice. One of the reasons to use a third-party firewall (software) is
> > that it will alert you to programs wanting Internet access. The router
> > will not do this. Sometimes a bit of malware can slip past your guard
> > and the firewall alert is a great warning. ZoneAlarm and Sygate are
> > just two examples of firewalls. Both companies make a version that is
> > free for personal use.
> >
> > Malke
>
> Excellent advice. Thanks. It is very rare that people give you nice comments
> in news groups now-a-days...

I but consider "use a software firewall" generally as BAD advice!

1. All those personal^Wpseudo firewalls can EASILY be bypassed.
   The german Chaos Computer Club made an extensive test where all the
   tested programs failed miserably.

   http://ulm.ccc.de/chaos-seminar/windows-security/recording.html
   http://ulm.ccc.de/chaos-seminar/personal-firewalls/

   The protection is NOT reliable, despite all what may be claimed by
   the vendors. How should a normal user judge the risk then? He can't.
   So better educate him to use his brain!

2. Most of those pfws ask the user when programs want to "phone home".
   That's but the wrong person to ask: the administrator (with thorough
   knowledge of TCP/IP and the user's environment) should have set the
   rules, unmodifiable by the user.

3. Most of the pfws introduce code into the IP stack and make it thus
   MORE vulnerable.

So:

- Never work as "administrator", use a contrained user account instead!

- If you don't want a program to "phone home", unplug your PC or don't
  use this program (even better: don't install it in the first place).

- Setup your PC properly: remove (or stop) all superfluous protocols,
  bindings, services, programs and devices.
  Have a look at http://www.ntsvcfg.de/
  If in doubt consult an experienced administrator.

- Install patches ASAP.

- Turn off ActiveX/Scripting except for trusted sites, primarily only
  {windows|office}update.microsoft.com etc.

- Use software restriction policies: deny execution from ?:\RECYCLE?\,
  %TEMP%, ?:\TEMP\, %SystemRoot%\TEMP\, %UserProfile% (except for *.lnk
  and *.msc in the latter case) or at least %UserProfile%\Lo?al* (the
  browser cache, OL* temporary store, ...).

Stefan



Relevant Pages

  • Re: [fw-wiz] Host based vs network firewall in datacenter
    ... > network administrator in a small datacenter. ... > I'd like to solicit some advice on a firewall implementation. ... Keeping the hosts locked down tight, and open services to a minimum is a ...
    (Firewall-Wizards)
  • Re: Is Windows XP firewall any good?
    ... I believe that the original writer of that article is refering to network ... The function of a software firewall is simple. ... permitted is stored in the registry. ... administrator is a really bad idea for any operating system ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Hidden User Account Created By Disgruntled Room mate.
    ... Be sure you firewall is enabled, if unsure how, go to Help and Support ... i just did that, and tweakui at logon gives me three> options: parse autoexec.bat at logon > show administrator ... >>>>From there you can go to User Accounts in Control ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Is Windows XP firewall any good?
    ... The function of a software firewall is simple. ... registry and give itself permission to send or receive data over the ... Routinely logging on as an account that is also an administrator is ... settings for the Windows Firewall. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Password Protect Folders?
    ... permissions are granted by user and group. ... Sounds like you neglected to tell us that you are using Windows XP Home ... under an administrator account to change permissions. ... By the way, I don't know what you did, but a firewall enabled or not has ...
    (microsoft.public.windowsxp.basics)