firewall on budget ?

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hi there,

I have a PC built for me, and I installed Windows XP SP2 on it. I
presume I need to put a firewall and antivirus on it to ward off worms
and viruses. I am more concerned about the firewall. I installed
ZoneAlarm Free Edition, and it worked al'right. However, it always
bothered me by asking me to pay up, so that I uninstalled it. My
computer is currently running on the in-built Windows firewall. Is
this OK ?

As an antivurus, I am using AVG Free Edition, and it seems doing its
job. Also, I can get a corporate edition of Trend Micro's PC-cillin
from my employer for little money; should I get it ? Thanks.


Re: firewall on budget ?
nasra11a@yahoo.com says...
Quoted text here. Click to load it

A simple NAT router will do more and better than ZAP or Windows XP
Firewall in most all cases. Linksys BEFSR41 or a wireless version is
under $50 and provides protection from inbound attacks.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: firewall on budget ?
Quoted text here. Click to load it

My early experience with connecting a PC with no firwall to the
Internet (via dial up) shows that it gets infected with a worm within
20 minutes. So that now I always put a firewall between my PC and the
Internet. Now my PC is connected to the Internet via a NetComm NB5
ADSL2+ modem router. You think this will repel the worms ?


Re: firewall on budget ?
nasra11a@yahoo.com says...
Quoted text here. Click to load it

The NAT router blocks "unsolicited" connections to the PC, it's sort of
a 1 way filter - it lets you out, but only lets external sites
talk/reach your PC if you contact them first.

Many people use NAT routers are their primary protection method with no
firewall at all and have no problems.

Security is more than the firewall, it's not using easy to compromise
apps, keeping updates installed, not doing things that put you in harms
way, monitoring your firewall logs (as you can easily monitor the
Linksys devices for in/out traffic), and many other things.

If your address is not a private address then your Modem is not doing
NAT, and if you have a live public IP then you're screwed without a
barrier device.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: firewall on budget ?
Quoted text here. Click to load it

Check out ghostwall.  It resembles a rule based router-firewall more
than a bloatware internet protection package.  If you are savy enough
to set it up, it works as advertised.


Re: firewall on budget ?
computerflyer@gmail.com says...
Quoted text here. Click to load it

A proper Usenet Client would snip the signature lines when you reply,
consider getting one.

Any software that runs on the users computer is a security risk, even
ZAP and others, if it's on a non-dedicated firewall computer then it's a
risk. A NAT Router is transparent, doesn't ask the user anything, and
does its work without exploits when properly setup - this is not the
case for most PC based firewall solutions.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: firewall on budget ?
Quoted text here. Click to load it

NAT is a cheap way to shield you from the outside world but if you
have UPNP disabled and good security practices you shouldn't need
super fancy expensive protection. The PC-Cillin you can get from work
should be adequate protection since that will protect both directions,
where as the windows firewall is only one way. NAT is more than a one
way filter. It allows multiple computers to appear to have one public
IP instead of multiple IPs. With the proper subnet mask you can
control access.


Re: firewall on budget ?

Quoted text here. Click to load it

You're implying that the Windows Firewall is remotely exploitable. Got
any references to that?

Re: firewall on budget ?

Quoted text here. Click to load it

Any local FW is exploitable when running as local admin.

Anyone running arbitrary code as local admin is likely to get screwed.
You seem to advocate keep doing so and then have a barrier to minimize
the damage instead of advocating doing the right thing, which would be
to run a LUA in which case the WF can't be exploited the way you're
thinking of.

Re: firewall on budget ?
b__nice@hotmail.com says...
Quoted text here. Click to load it

No, I don't advocate what you are talking about, but I'm also not aware
that many programs won't run under Windows unless the user is an admin,
and I also understand that many users don't have a clue about security.

In the case of a NAT Router, while it doesn't stop stupid people from
infecting their computers, it does stop external sources from directly
accessing the users computer without an invite. Windows ships from many
vendors with lots of exceptions and that makes it a threat to the
ignorant, a NAT Router would mean that exceptions are meaningless.

I a user is going to run as an admin, and most are, even with warnings,
then they need some means to protect them - if ALL ISP were to implement
NAT at the internet device provided to the users, allowing exceptions
for those smart enough to ask for an exception, it would eliminate a LOT
of problems for users.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: firewall on budget ?

Quoted text here. Click to load it

Yes.


There are ways around that.

Quoted text here. Click to load it

Probably true, but that calls for education, not damage control.

Re: firewall on budget ?
b__nice@hotmail.com says...
Quoted text here. Click to load it

Not in every case, at least not with users that are willing to wrangle
around it on a daily basis - you know human nature, it's what gets
people compromised in the first place.

Quoted text here. Click to load it

But, until they get educated, and we've had security threats for more
than a decade and fewer and fewer people are educated, we need a measure
that will protect the ignorant masses from harming the rest of us - ISP
Mandated NAT implemented at the users gateway device would be a first
real help.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: firewall on budget ?

Quoted text here. Click to load it

What does some users willingness to wrangle around have to do with the
fact that there are workarounds to the issue raised?

Quoted text here. Click to load it

I fail to see how NAT would protect the rest of us?

Re: firewall on budget ?
b__nice@hotmail.com says...
Quoted text here. Click to load it

What work around issues?

Quoted text here. Click to load it

By keeping the ignorant masses machines from being compromised
immediately, before they even start using them. It also means that we
don't have the issues of them being FTP, SMTP, etc.. relays.... Come on,
think - if the computer can't be reached then it's going to be harder
for the hackers to abuse it. Yes, I know about phone home malware, but
we're talking about all the idiots that leave their computer, without a
password, connected to a public IP with file/printer sharing enabled.


--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: firewall on budget ?
b__nice@hotmail.com says...
Quoted text here. Click to load it

Actually, depending on the NAT device, you can block downloads of many
malware infectors via HTTP. Not much one can do about SMTP type
infectors unless they have their own mini-mail server or a standard
server as other firewall products can clean SMTP sessions.

So, again, the NAT device provides MORE/Better protection than Windows
Firewall in all cases.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: firewall on budget ?

Quoted text here. Click to load it

You are being very persistent. Now you're bringing firewalling
technology into the game also, even though it has nothing to do with
NAT.

Re: firewall on budget ?
Quoted text here. Click to load it

Several people in this group (including myself) have already tried to
explain to him what you are trying to explain here. Without any success.
Don't bother, it's just a waste of your time.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: firewall on budget ?
On Jul 25, 1:34 pm, Ansgar -59cobalt- Wiechers
Quoted text here. Click to load it


I think the big waste of time is that soon all "straight talk's" posts
will dissapear, all the time was wasted, and the arguments or
misunderstandings will start all over again.  (because the
conversation he had with leythos will become ruined. The thread will
be ruined. Not because of leythos, but because of him).



Re: firewall on budget ?
On Wed, 25 Jul 2007 10:35:15 -0700, "jameshanley39@yahoo.co.uk"

Quoted text here. Click to load it

I disagree to a false claim that NAT devices would be some kind of
"silver bullet" to protect the rest of us from the ignorant masses.

Quoted text here. Click to load it

Difference is, Leythos is promoting a solution that doesn't work. NAT
does not provide protection from the ignorant masses. Period.

<snip>

Quoted text here. Click to load it

No.

<snip>

Re: firewall on budget ?
b__nice@hotmail.com says...
Quoted text here. Click to load it

And yet they are, clearly, a great way to protect people from
compromised machines.

Quoted text here. Click to load it

Yes, it clearly does. If the infected machine can't reach another
infected machine then it's protected.

You just don't seem to understand how networking works.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Site Timeline