Is there a risk with firewalls?

Why don't you have a NAT router between your internet service and your PC?

Leythos,

Thanks for your quick reply. Would you please also tell me what a NAT router is and what fucti> > Dear Group,

What firewall? What OS?

Sounds fishy. I bet it's there from the very start. How do you make sure it's actually "removed"?

Yes.

Windows firewall does. But if you're infected already you can't rely on anything anyway. Then all bets are off.

First thank you for your reply Straight Talk.

Next the answers to your questions are: Win2000 Pro, Zone Alarm. Antivir Guard is installeld and up to date.

I know the following: the Antivir Guard tells me which file goes with the Trojan. This file is actuall there and was installed at the time of report. The Properties for this file tells me that the Administrator for the installation is my PC-designation. This file has been created numerous times and conisists of 8 letters, which are obviously chosen at random and the extension of the file is .exe.

This Trojan arrives shortly after the PC is turned. I am not sure, but it may make its way after the firewall is up. However one time it came in when the firewall still was not up.

These are the essentials I can tell you and I am certain of them

G.R.

The NAT router would block inbound connections that you've not initiated from your computer - this means that nothing on the internet would not get into your computer unless your computer reached out to it first.

While not a firewall, many vendors call their NAT Routers firewalls. The appliance provides this protection regardless of the state of your computer.

Lethyos,

Thanks for your info.

I interpret it to mean that installation of a NAT router would protect me from all incoming traffic until I deactivate it. Such deactivation might take plase after the firewall is up and running.

Am I correct in the foregoing?

If I am correct, then under what names are NAT routers sold and what is involved in installing them?

Finally why would firewalls not come up before DSL is running? Is there a way to force DSL to come up first?

Thank you G.R.

Eh... ZoneAlarm is no firewall. It's a host-based packet filter, and a pretty lousy one. One should wonder why you even associate any notion of security with it.

Long story short: If your system is not secure without a "firewall", it can't be sure with one either. And yours obviously isn't.

(And your postings headers provide even more evidence: You're abusing MSOE as a newsreader.)

Dear Sebastian,

Your reply puzzles me. Why do you state that ZoneAlarm is no firewall? It is sold as and described as one and it is very widely used. Would you care to tell me why you consider it to be so poor.

It also puzzles me that you describe my system as not secure without a firewall and imply it should be. Is it not true that no system is secure without a firewall?

You finally state that I am abusing something by using MSOE as a newsreader. What is MSOE?

Greetings to Deutschland and Thanks for your interest G.R.

The NAT router will block inbound, unsolicited, traffic always, it doesn't matter what you have on the network. So, you don't even need your personal firewall once you have a NAT, as personal firewalls don't protect people that don't understand them well.

Linksys, D-Link, Netgear, etc... They all make what they call firewalls that are really NAT Routers - a couple of them make firewalls too. A typical NAT device runs about $50 US.

Leythos,

Is the following the type of router an example of the device you mentioned in order to block unwanted access to a PC?

NETGEAR RP614 4 Port Cable/DSL Web Safe Router Gateway 10/100 Switch Summary

Features: a.. Unique Smart Wizard and Install Assistant make setup a breeze a.. Lightning fast cable/DSL Internet sharing with integrated 4-port switch a.. NAT Firewall with VPN pass-through protects against hackers a.. Connects up to 253 network users a.. Parents may restrict and monitor access to inappropriate Web sites a.. Instant alerts and regular e-mail notification of browser activity a.. Free network cable, vertical stand and privacy software Please let me know.

Thank you GR.

Yes, as well as the Linksys BEFSR41, BEFSX41, BEFVP41, Dlink FVS-318 and several others, and the D-Link DFL-700 which is as close to a firewall appliance as you will find for under $250.

To make a long story short: Your machine seems to be infected.

Ignore these doomsday idiots. They're overly paranoid schizoids. Nothing is 'safe' enough for them.

I've been using Zone Alarm freebie for over 5 years and have never had an 'intrusion' problem. I update it each time they release an update.

With Zone Alarm and Kaspersky anti virus, I've never had a problem with trojans or malware of any kind.

Zone Alarm freebie is simple and it works.

I have an equally effective solution, it's my "anti-malware rock", which I keep sitting within 8' of my PC. Since installing the rock, I haven't been hit by any malware.

The only personal packet filter or personal FW that can get there before the network connection is available is XP's or Vista's personal packet filter/personal FW, because those solutions a integrated components of the O/S. No 3rd party solution is an integrated component of the O/S. So, therefore, the O/S is not making things wait until the PPF/PFW is up and running, before anything else takes place.

What you need is a border device like a NAT router. It will always be up and running, protecting the machine, before the machine can make a connection to the Internet.

I saw one of your posts toanother poster about why something like ZA or any other desktop solutions are not FW(s).

A FW separates two networks. The network it's protecting from usually the Internet and the network it's protecting the LAN. A FW must have two or more interfaces or (network interface cards for a FW software solution running on a gateway computer. One NIC faces the Internet (the untrusted zone) and the other NIC faces the LAN (the trusted zone).

A FW solution provides a physical separation of networks whether that be a packet filtering FW router, a FW appliance or software running on a host gateway computer.

Why would you want to dactivate it?

No.

Netgear, D-link, Cisco, netscreen, AVM, ....

You are the admin of your machine, you have control over the series of events.

Jens

Yeah, eat shit. 800 billion flies can't be wrong.

You forgot an "if" ;-) A firewall only separates traffic *between* networks. So you can offer services inside *your* network and your firewall protects this service against conncetions from outside. A firewall can't *really* protect any crappy (unpatched) application (such as MSOE, see below, the ActiveX concept a.s.o.) getting infected by manipulated E-Mails websites ...

Yes, you can work without a firewall in an insecure environment, but you have to secure every application you use, every system library used by applications and services and every service you offer (so called "hardening" your system) - firewall and router OS do that (and haven't so much applications).

That: | X-Newsreader: Microsoft Outlook Express 6.00.2600.0000

And it's a very old, unpatched version of it.-------^

Wolfgang

There isn't any full up to date anti-virus protection. It's not possible by concept.

Security Program Manager of Microsoft says: "Flatten your system and rebuild it", take all security patches of your system and applications, "harden" it (configure it secure, there are many manuals helping:

Wolfgang