kaybee Posted December 30, 2008 Share Posted December 30, 2008 I'm now using a hardware firewall with Windows Firewall. Now for a REALLY stupid question - and, please, don't laugh I access the internet via a wireless (Netgear) router - do I need another firewall - assuming the router acts as one in the first place? Currently I use Zone Alarm Free. This just shows the limit of my computer knowledge! Link to comment Share on other sites More sharing options...
YoKenny Posted December 30, 2008 Share Posted December 30, 2008 kaybee, the only stupid question is the one that is not asked. How about reviewing the comments in this topic. Have a look at: http://forum.piriform.com/index.php?showtopic=19530 We all learned from reading other people's experiences. "Education is what remains after one has forgotten everything he learned in school." - Albert Einstein IE7Pro user Link to comment Share on other sites More sharing options...
kaybee Posted December 30, 2008 Share Posted December 30, 2008 kaybee, the only stupid question is the one that is not asked. How about reviewing the comments in this topic. Have a look at: http://forum.piriform.com/index.php?showtopic=19530 We all learned from reading other people's experiences. YoKenny - thanks very much for that Link to comment Share on other sites More sharing options...
Alan_B Posted December 31, 2008 Share Posted December 31, 2008 I access the internet via a wireless (Netgear) router - do I need another firewall - assuming the router acts as one in the first place? Currently I use Zone Alarm Free. A Comodo software firewall protects me. Recently a Netgear Wireless Router / Modem was added. This gives a better connection speed than the Speedtouch modem I previously used. Netgear is set to allow "outgoing only", but I was amazed at the incoming it also allowed which should have been blocked. I have a dynamic IP address, so some days I inherit what was used by a more social animal, and the Comodo logs would show many incoming attempts from his Peer to Peer and Bit Torrent friends trying to resume yesterday's experiences. Far less often, I would get hit by a trojan army - perhaps 50 incoming attempts from different IP addresses within 0.2 Seconds, and repeated at 5 second intervals with a totally different set of IP addresses. Both old Comodo 2 and new Comodo 3 blocked perfectly, but old Comodo 2 would take a high percentage of the CPU cycles unless I disabled logging - it was actually simpler to disconnect and reconnect to the ISP and my old IP address became some-one else's problem Netgear removes much BUT NOT ALL of the burden of the above from the software firewall (and the CPU cycles), so I still NEED the software firewall for maximum security. I have lost count of the number of software packages I downloaded trouble free (before and after the Netgear addition). The first Netgear Router software upgrade was no trouble at all. The second Netgear Wireless adapter upgrade just would not happen. I inspected the Comodo log and found it totally blocked an INCOMING from the Netgear web-site. I had to tell Comodo to permit INCOMING for that particular web-site, and then I got the upgrade. The problem is that hardware firewalls assume that if you make an outgoing connection to an IP address, then they should not only accept replies to your connection, they also accept anything else (including malware) which that IP address decides to stuff down your throat. I have just downloaded CCleaner ccsetup215.exe Comodo shows that a TCP Out transaction from my port 1438 to Piriform 72.21.207.132:80 sent 872 bytes out, and received 3.1 MBytes in as a reply to the same port. Every time I download anything from anywhere, I can receive megabytes coming in as a reply to the port from which I sent a fist full of bytes to make the request. Because Windows gave Firefox an unused port (e.g. 1438) any incoming packets go direct to Firefox to handle the download, and Comodo (and also Netgear) accept this as as a reply on an outgoing connection. That always happens with whatever port happens to be allocated by Windows. The only download problem was the Netgear Wireless upgrade. I sent the fist full of bytes from port e.g. 2345, and Netgear web site tried to stuff the update down my port 2346. I don't know the details of FTP, but I guess that is what they aimed for. The netgear firewall permitted this in-appropriate download aimed at a port which had NOT been allocated to Firefox, but fortunately Comodo blocked it. I am really glad that Comodo blocked it. I had the minor inconvenience of a delay investigating and then altering a firewall rule - but I also got peace of mind. Had Comodo NOT been present, then Netgear would have allowed uncontrollable stuff into a port over which my legitimate applications had no control. The consequences could have been :- illegitimate malware could have first acquired that port (2346) and now been waiting for this damaging payload; Windows might have taken "default" action over incoming to an unallocated port, and the default with a "privileged port" is to allow a total stranger to take over your computer ! ! Netgear not only allows incoming packets to the wrong port, it allows the wrong protocol also. Netgear blocks ICMP which includes Echo Requests - mostly. I found that some internet speed test sites send echo requests to me, and Netgear allows them through, and only Comodo stops them (I have to set specific permissions for the sites to which I wish to echo). Some web sites will respond to a Ping, which helps strangers observe internet delays etc. Other web-sites do NOT because a computer can be infected by specially crafted ICMP messages. I wish to be like a secure internet banking web-site, and have Comodo block unwanted ICMP messages. A few weeks ago M.S. revealed an exploit that had been in the wild for several months, and the last "out-of-cycle" security patch has mitigated the danger. I believe an "SQL Injection Attack" could compromise a web-site so that visitors could be infected. I do not know the details, but I assume that when that danger exists :- Hardware Firewall will NOT protect when visiting an infected web-site; Software Firewall WILL protect from an infected web-site (unless it is a reply with the same protocol to the same port number). I believe :- The Netgear Router/Firewall/Modem gives me better speed on the Internet, but does not block anything which would not be blocked by the software firewall; My (software) firewall protection fends off any infection from unintentional connections/downloads. Any download containing malware that I may be tricked or re-directed to will get through the firewalls. Once downloaded malware is initiated, my anti-virus should inspect and detect and block before it gets into the system. If malware gets through, I have lost control (what little control Windows allows a humble administrator ! ), and :- Hardware can do nothing for me - it cannot distinguish Firefox or a new keylogger/trojan making an outgoing connection; Software knows if any application is authorised to make a connection, and if not will block it; so even if malware has stolen my identity and credit card numbers, it cannot "phone home" with my details. (In addition, Comodo does not only stop bad stuff in both directions, but also will block a keylogger etc. from merely gathering information - long before the keylogger tries to phone home.) I feel I am better protected by having a software firewall. I am not complacent, so remain alert to any unexpected changes in how my system behaves. I fear I could be at greater risk from a Security patch impairing the system or making it unbootable, which is why I always wait a day or two after Patch Tuesday to see if there are any casualties, and then before unleashing the patch I create a fresh disk image just in-case. The last time I had a virus was before the internet, when my younger son would get home from school before I left work, and he had copied from his friends more games onto a box of 5.25 inch floppy discs. Every other weekend I had to re-install DOS 3.13. Been there, done that, not doing it again ! ! Perpetually Paranoid Alan Link to comment Share on other sites More sharing options...
Alan_B Posted January 2, 2009 Share Posted January 2, 2009 Wireless Routers/Firewalls are vulnerable, especially if the Wireless link is not encrypted adequately. WEP is not adequate. Also WAP is not adequate according to http://blogs.techrepublic.com.com/security/?p=708 I use WAP2 so I have no fear - yet ! ! When WAP2 is broken then a neighbour MIGHT steal some of the bandwidth supplied by by ISP. I assume my hardware firewall "protects" my computer only from malware delivered by my ISP, and any wireless hack could enter my computer direct via the wireless without the hardware firewall being aware of it. This is yet another reason for continuing to use a software firewall that protects both my Ethernet and wireless connections. Regards Alan Link to comment Share on other sites More sharing options...
webmozg Posted February 2, 2009 Share Posted February 2, 2009 Only Outpost Firewall Pro (commercial) Blog Free Home Soft Link to comment Share on other sites More sharing options...
kmillerusaf Posted February 2, 2009 Share Posted February 2, 2009 Windows firewall and router There's always an exception to the rule. I'm that exception. Desktop ----- AMD Athlon 3700+ (2.64Ghz), 2GB DDR 400, ASUS A8N-SLI Premium, 500GB HD, Windows XP Pro SP3, Avira Antivir Personal At work ----- Intel C2D T1700 (1.6Ghz), 2GB DDR2 667, Dell OUY141, 80GB HD, Windows XP Pro SP2, Symantec 10 Laptop ----- Intel C2D P8400 (2.4 Ghz), 4GB DDR3 1066, Mainboard, 160GB HD, Dualboot: Windows 7/openSUSE 11.1, Avira Antivir Personal Link to comment Share on other sites More sharing options...
Omid Farhang Posted March 6, 2009 Share Posted March 6, 2009 you can see my Laptop configuration in my signature, I use Outpost Firewall Pro 2009, but I've not install the Antispyware and Webcontent control that come with that Most People Respect the Badge. Everyone Respects the Gun. Software: Windows 7 Ultimate x86, AVIRA Premium Security Suite 9, Google Chrome 5 Beta (WOT, Xmarks, Chrome Flags), Sandboxie, Malwarebytes Antimalware, Hitman Pro, HostsMan, Roboform, UPEK PSQL. Virtual Machine(s): Sun VirtualBox, Windows XP Pro SP3, AVIRA Premium Security Suite Beta 2010. Link to comment Share on other sites More sharing options...
Xion Posted March 13, 2009 Share Posted March 13, 2009 Actually I don't use a firewall, but the good old windows firewall is turned on. (otherwise the security center starts naggin' again... ) I like to use as few system resources as possible You can go in the Security Center and change the way it alerts you when you don't have an anti-virus or disable Windows Firewall ) How can I use a picture as a signature? Link to comment Share on other sites More sharing options...
Xion Posted March 13, 2009 Share Posted March 13, 2009 I use Windows 7 Firewall. I don't want software firewalls because they are resource hogger. How can I use a picture as a signature? Link to comment Share on other sites More sharing options...
YoKenny Posted March 13, 2009 Share Posted March 13, 2009 Its not wise to run without an anti virus. avast! is very good. "Education is what remains after one has forgotten everything he learned in school." - Albert Einstein IE7Pro user Link to comment Share on other sites More sharing options...
Lazer Posted March 20, 2009 Share Posted March 20, 2009 What type of firewall do you use? I use Zone Alarm Free. Ive been using it for 2 or 3 years. I'm very satisfied with it, and would recommend it to anyone. Link to comment Share on other sites More sharing options...
Icedrake Posted March 22, 2009 Share Posted March 22, 2009 Don't use one, just Windows Firewall. Link to comment Share on other sites More sharing options...
YoKenny Posted March 22, 2009 Share Posted March 22, 2009 Don't use one, just Windows Firewall. Do you use Vista? "Education is what remains after one has forgotten everything he learned in school." - Albert Einstein IE7Pro user Link to comment Share on other sites More sharing options...
Icedrake Posted March 22, 2009 Share Posted March 22, 2009 Nope XP SP3. Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted March 22, 2009 Moderators Share Posted March 22, 2009 Nope XP SP3. Might be worth your while reading this thread Icedrake http://www.wilderssecurity.com/showthread.php?t=218517 Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
1984 Posted March 23, 2009 Share Posted March 23, 2009 I have a hardware one built into my router, but only use the windows built in software firewall. I tried a bunch, and to be honest, I found that so much of the security stuff out there was as bad as the malware for slowing things down and such. I just keep all private stuff on an external and turned off when surfing, and use common sense when opening emails and going to web sites. Link to comment Share on other sites More sharing options...
wmcintosh Posted March 28, 2009 Share Posted March 28, 2009 Router only, cannot stand firewall software, not even XP's firewall. Never had a problem for years, common sense also helps. William (or Bill) Link to comment Share on other sites More sharing options...
Tunerz Posted March 29, 2009 Share Posted March 29, 2009 Still using router+XP's firewall. I haven't got a need in having complete control in outbound connections. Common sense pretty much covers my security needs, well perhaps our security needs. Link to comment Share on other sites More sharing options...
comper6 Posted April 9, 2009 Share Posted April 9, 2009 Zonealarm is pretty good The computer is mightier than the sword Click here for cool stuff Link to comment Share on other sites More sharing options...
aqua Posted June 27, 2009 Share Posted June 27, 2009 hey guys,this post is really interesting..i have verizon dsl,westell versalink 327w ..xp-pro-sp3 i found my firewall setting for westell..it has 5 options. Custom Security (Custom) Custom is a very advanced configuration option that allows you to edit the firewall configuration directly. Only expert users should attempt this. No Security (None) All traffic is allowed. Minimum Security (Low) The low security setting will allow all traffic except for known attacks. With low, your modem is visible by other computers on the Internet. Typical Security (Medium) The medium security setting only allows basic Internet functionality by default, just like High level security. Medium security, however, allows customization through Port Forwarding configuration so certain traffic can pass. Maximum Security (High) The high security setting only allows basic Internet functionality. The High security setting guarantees to only pass Mail, News, Web, FTP, and IPSEC. All other traffic is not allowed. High security restricts modification by NAT configuration options. NOW... .which setting should i check along with windows firewall...hope there are some verizon,westell327w routers persons who has experience with this settings. and yeah i need to cut downon resources,i only have 768ram thanks Link to comment Share on other sites More sharing options...
formfrank84 Posted August 11, 2009 Share Posted August 11, 2009 I use Kaspersky for Windows Workstation (Commercial) Antivirus which has a firewall and Windows firewall. Been great- no threats so far for more than a year. Love Kaspersky Link to comment Share on other sites More sharing options...
SpySentinel Posted August 26, 2009 Share Posted August 26, 2009 I use Online Armor Premium Proud Graduate of GeekU - Learn how to remove malware Unified Network of Instructors and Trained Eliminators My help is always free, but if you can, please to help me continue the fight against malware. Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted August 27, 2009 Moderators Share Posted August 27, 2009 I use Online Armor Premium Another Online Armor Premium user here Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Talldog9 Posted September 24, 2009 Share Posted September 24, 2009 I'm about to use CIS. Partly for the firewall and mainly for the HIPS. The internet - Where men are men, women are men and children are FBI agents. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now