Bypassed software firewall?

Possible? Yes, of course it's possible.

Not completely useless - they do give you control over what apps have access to the net. Something you can't do with a hardware firewall.

However I would agree that a real hardware firewall should be used first, personal firewalls should NOT be the first line of defense.

Yes. Agreed. That is why I would never rely on one. (In fact I don't even use one) But I do think there is a limited uselfullness for some people in some cases.

I doubt it's possible for network connections, but for dialup that's pretty common - most premium-rate dialers work by creating a new dialup entry.

There are examples which bypass the firewall by accessing the IP stack on a lower level, or by calling system-DLLs. Some "Personal Firewalls" have adapted to that, but it's only a matter of time until the malware authors adapt, too.

Juergen Nieveler

Probably yes.

If malware can shut it down, why shouldn't it be able to reconfigure it?

Fine. Since that fact is more than enough to show that Personal Firewalls are useless crap we can stop the discussion of further details.

Wolfgang

The 3rd party solutions can be beaten at the system boot before the PFW solution with its app control can start and stop it.

Duane :)

No, that is what the hardware firewall is for.

Yes. Specially if the trojan targets the IP stack with low level drivers a la WinPcap. I imagine rootkits can "piggy back" on connections as well and go undetected.

Do not install software you don't trust. Either directly or by granting permission to processes.

That depends largely on what infected you. If we're talking rootkit infection there's no straight answer. If we exclude that category, I think your best bet is in some sort of Intrusion Detection System solution.

Unless said application really wants to have net access regardless of your opinion...

Juergen Nieveler

Limited usefulness for some people in some cases has nothing to to with security-

Wolfgang

The claim that they can control applications. In reality the cannot.

A hardware firewall will stop every application from accessing the net.

If a hardware firewall is used, no other measures are necessary since not a single packet can get through it.

Personal firewalls are useless crap.

Wolfgang

Only if the app is innocent enough to open a socket without first disabling, reconfiguring, or bypassing the PFW. Legitimate apps generate alerts, users permit the app, and know their PFW is working - meanwhile malware goes around it. False sense of security, worse than useless.

It is impossible to run firewall and client on the same system securely, unless you use a multilevel operating system.

I don't know of a product that does it, but it wouldn't be difficult for the firewall to use SNMP to collect process details from the client and act accordingly. Trust is another matter :-)

I see no reason to use them at all. They mislead users.

Triffid

That's interesting. I've been on the internet since '93, 5-8 hrs. a day, and never used anything but a software firewall. Guess it is nothing but luck that kept me from ever getting a virus or spyware problem. I never appreciated *how lucky* I am until now. :)

Barbara

Am currently running a Win98 personal home computer with dial up modem and Sygate Pro 5.5. What would be a good hardware device solution for me? Thank you, Casey

I left out one work "inexpensive". Thanks

Definitely NOT disputing that hardware firewalls are superior. Just commenting on my extraordinary good luck with the "useless crap" I've used. :) bj

I agree, been on the Internet since before it was called the Internet and use to use Usenet and gopher and archie - never have installed a personal firewall on any server or workstation. I do use them on Laptops for my teams as we take our systems into clients networks and until we get the contract that can be risky - same for hotel connections and others.