Wolfgang
That's interesting. I've been on the internet since '93, hundreds of hours per day (more than one machine permanently connected to the net) hrs. a day, and never used a software firewall. None of my machines ever had a virus or spyware problem.
Wolfgang
it's not that they are "useless", it's that they are very easy to misconfigure and to compromise. If you fully understand the application and what security is about, then you stand a very good chance of using one effectively, if not, then you stand a real chance of just thinking your safe when in reality you are exposed.
GregRo wrote in news: snipped-for-privacy@individual.net:
Personal Firewalls
Another technology commonly called a "firewall" and marketed as something that will provide security for a network is the personal "firewall." A personal firewall provides protection to a single device (typically a personal computer) from an untrusted network (typically the Internet). Again, when compared to the firewall definition, personal firewalls do not meet the criteria. They do not control access between two networks; they control access to one specific device.
A PFW or (packet filter lack of better words) I don't consider being a FW solution. It's machine level protection that protects the O/S, services and Internet application running on a machine.
Duane :)
Yes, and? An actual firewall can protect against high temperature to a greater or lesser degree, and for a greater or lesser period of time. They are all still firewalls.
You don't need a WatchGuard Firebox X8000 to protect your dial-up connection.
That they are not "useless" [IMO] was really my point. I think they are fine for *single pc* users, who *pay attention* to security issues [on cable as I am, or dialup]. If I had a network, I would invest in a router as well, but for my uses, software firewalls have done the job, so far.
I started reading this group to see if there were any comments good or bad about recent versions of Sygate or CA's firewalls; to see if I want to pay for my first software firewall, or not. :) bj
Well, I am not talking about a FW that applies to a structure. And that's your opinion for what it's worth.
And somehow, you have applied some kind of logic to some statement I said where in this thread? However, I would prefer a $20 NAT router as a first line of defense that does separate two networks that more closely fits a FW definition that has two network interfaces with the WAN and LAN ports as opposed to PFW/packet filter solution that runs with the O/S, protects the O/S, services and Internet application for a single machine with a direct connection to the Internet. Even if the NAT router is only protecting a single machine, it's a better solution for the first line of defense than the PFW/packet filter solution.
Duane :)
And you were luck that you had not forwarded ports inbound related to the virus or your PFW would not have protected you before.
Everyone knows that a PFW in the proper hands is a good thing, but, look at it this way, since the people that know how to maintain a PFW are not the ones being compromised, how does a typical home user know what to do with the PFW alerts and rules? Answer, they don't, they just keep adding exceptions and that compromises the integrity of their solution.
A cheap NAT device doesn't expose them to that type of problem - you can even get NAT dial-up devices.
Those who pay attention to security issues do not need them, as they are able to use more more reliable means to secure their boxes, so they are useless for them.
Those who do not pay attention to security issues are not protected anyway, so they are useless for that group too.
In total: They are useless.
Wolfgang
Obviously, to you. :)
Since I fall into one of the above 2 categories [take your pick], and I have years of experience which proved they were not "useless" to ME, that relegates your emphatic statements [to the contrary] to the same category as mine... simply an opinion.
You can have the last word, I'm bowing out of this "useless" debate. bj
That's a DAMN GOOD IDEA!
I think it's never been implemented beacuse no one every thought of it.
Someone should do this!
Of course malware could simply mess with what SNMP reports, so we'd be right back with the same holes we have with PF's.
However, it could be usefull - lets say for instance you are going to have port 80 outgoing open anyway. This would give you a way to restrict it for firefox only, for instance. If malware messes with the SNMP data, then any old app can use port 80. Other ports (assuming you didn't make similar application rules for them) would still be unnaffected. Not that big a deal security wise.
I'd say yes, you are lucky.
ROTFLMAO!
(for those who don't know why I am lauging so hard, you need to follow Wolfgang's link to see why...)
1) DO NOT RUN WINDOZE 98 on the net! Don't Do it!
2) what do you consider inexpensive? Plan on investing at least a couple hundred bucks if you want good protection. (a couple hundred *IS* inexpensive - firewalls can run well over 10 grand for a high end box!)
Those things said, Cisco Pix boxes are pretty well respected. Sonicwall and watchgaurd are also good.
Do NOT get anything made by Netgear or any of the Linksys stuff.
Please recommend a good, inexpensive NAT dial-up device. My son has been looking for one for me. He found one for about 80 bucks, but it only had dial-up capability as backup for it's normal wideband service. I am running Win98, Sygate Pro (which I have been comfortable with for 4-yrs.) and a dialup modem. Thank you, Casey
WebRamp - the ones with the fail over dial-up work just fine without the DSL/Cable. You need a modem for the serial connection.
How do you know? 'ALARM, $FIREWALL blocked remote access from evil cracker originating vom IP a.b.c.d' is not an evidence for usefulness. That is just the attempt of the firewall-placebo to make you believe, it has done something good. Can you trust it?
Once it comes to details you bow out ...
Wolfgang
"T. Sean Weintz" wrote in news:11d5d2vqqif2943 @news.supernews.com:
Why? In someways, a Win 9'X O/S if configured properly presents less of a target than a NT based O/S, even though Win 9'x is outdated technology.
Of course, no home user is going to buy a $10K FW appliance. However, some can afford a low-end SOHO FW appliance.
There is nothing wrong with those units for the average home user. They are plug it up and go devices that need little or no configuration by the home user and provides instant protection from the Internet, which can be supplemented by a packet filtering solution at the machine level.
The opreative word here is *inexpensive*.
Duane :)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.