Re: do I need a software firewall
From: Stefan Kanthak (postmaster_at_220.127.116.11.in-addr.arpa)
Date: Mon, 11 Apr 2005 10:55:43 +0200
"Michael Pelletier" <email@example.com> wrote:
> Malke wrote:
> > Michael Pelletier wrote:
> >> D@annyBoy wrote:
> >>> connecting to the Net via a wirelss adsl router (not sure whether
> >>> there's a built in hardware firewall)
> >>> do I really need a software firewall?
> >> It is a good idea to have a firewall. However, remember protecting
> >> yourself by increasing your security has many parts. It is good system
> >> administration (not giving yourself local administrator privs,
> >> disabling active-x, etc) keeping up to date with patches, using anti
> >> virus software, using anti spyware software...and many, many more.
> >> If you do all these things then using a firewall is a good idea. If
> >> you do not do these things I suggest you start...
> >> Michael
> > I'd just like to add this little bit to Mr. Pelletier's excellent
> > advice. One of the reasons to use a third-party firewall (software) is
> > that it will alert you to programs wanting Internet access. The router
> > will not do this. Sometimes a bit of malware can slip past your guard
> > and the firewall alert is a great warning. ZoneAlarm and Sygate are
> > just two examples of firewalls. Both companies make a version that is
> > free for personal use.
> > Malke
> Excellent advice. Thanks. It is very rare that people give you nice comments
> in news groups now-a-days...
I but consider "use a software firewall" generally as BAD advice!
1. All those personal^Wpseudo firewalls can EASILY be bypassed.
The german Chaos Computer Club made an extensive test where all the
tested programs failed miserably.
The protection is NOT reliable, despite all what may be claimed by
the vendors. How should a normal user judge the risk then? He can't.
So better educate him to use his brain!
2. Most of those pfws ask the user when programs want to "phone home".
That's but the wrong person to ask: the administrator (with thorough
knowledge of TCP/IP and the user's environment) should have set the
rules, unmodifiable by the user.
3. Most of the pfws introduce code into the IP stack and make it thus
- Never work as "administrator", use a contrained user account instead!
- If you don't want a program to "phone home", unplug your PC or don't
use this program (even better: don't install it in the first place).
- Setup your PC properly: remove (or stop) all superfluous protocols,
bindings, services, programs and devices.
Have a look at http://www.ntsvcfg.de/
If in doubt consult an experienced administrator.
- Install patches ASAP.
- Turn off ActiveX/Scripting except for trusted sites, primarily only
- Use software restriction policies: deny execution from ?:\RECYCLE?\,
%TEMP%, ?:\TEMP\, %SystemRoot%\TEMP\, %UserProfile% (except for *.lnk
and *.msc in the latter case) or at least %UserProfile%\Lo?al* (the
browser cache, OL* temporary store, ...).