Firewall vs. Packet Filter?

Let's say you are running anti-virus and anti-spyware programs that provide real-time protection. How important is it to have a firewall with application protection, versus just a packet filter?

Reply to
d
Loading thread data ...

"Firewall" is a very broad term, and its meaning depends strongly on what definition you are using. However, judging from your question I assume that you are talking about personal firewalls here, and by "application protection" you mean attempts to control what program may or may not communicate outbound.

I wouldn't recommend using "application protection" as it is not reliable. Stick with anti-virus (to prevent malware from actually being run) and packet filter (to prevent worms/attackers from exploiting vulnerabilities in network services). If you configure the computer to not provide any network services in the first place, you don't even need the packet filter.

In addition to that: use a normal user account for day-to-day work, and keep all software on the computer up-to-date.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

What services should one disable on a Home PC and still have internet connection working?

Reply to
Crispy Critter

formatting link
Depending on your ISP's requirements you may need to re-enable the DHCP-Client service, but in general you don't need to provide any network service to have Internet connectivity.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

OK, thx. I'll do as that site says and see how it goes. I've read websites that say what services to disable before and they always have different ideas as to what should be disabled. Some have caused certain functions I wanted to stop running too. Some people say you don't need to disable any network services if XP is fully patched.

Reply to
Crispy Critter

They are right, to a certain extent. Patches should eliminate all known bugs, so any worm/attacker targeting a known vulnerability should fail. However, there's always the possibility of a 0-day, or an undisclosed bug, or a patch not working as supposed. Also some network services may allow for additional attack vectors (e.g. administrative shares + weak admin password, or messenger spam). Thus it's better to not expose services you don't need to expose.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Yea, that makes sense, thanks.

Reply to
Crispy Critter

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.