I've used Zone Alarm for many years. But 99.99% of its warnings have been false alarms. AFAIK, it hasn't blocked the spyware applets that Spybot finds just about every time I run it, so what's ZA's actual value? The little icon that tells me there's net traffic doesn't seem to be worth the money. I've turned off its A/V and e-mail scan, as that conflicts with AVG.
So, really, I wonder whether it's worth keeping. I'm using a router, its hardware firewall should be enough to block external attacks, right?
Most people in the firwall group think software firwalls are useless. Programs that want to access the net will bypass them anyway.
I use ZA only to keep track of what "legal" programs access the net. So that I can block MS applications and games from accessing the net.
My NAT router with firewall block all incoming "spam"/"attacks" anyway
I have never had any real threaths blocked either in all my years.
Besides I have an AV that catches things in mails and from downloads, with a web-filter and network and on-access scanning. So I doubt that anything would be able to start anyway.
Also scan regularrily with Spybot S&D and Ad-aware to be sure.
So... I hvae been thinking the same: Do I really need a SW firewall?
FWIW, I'd describe them as host based firewall, rather than software.
The issue comes down to the fact that much modem malware actively seeks to bypass or disable anti-malware software.
So, you software (host based) firewall pops up a warning..."Process XcRyT7B9.exe wants to access the internet - cancel/allow?". Assuming XcRyT7B9.exe is malware you've already been infected - what else in your defences is broken?
If XcRyT7B9.exe is malware and its quietly disabled you firewall you won't get any warning. So, you sit there happily surfing, getting no untoward warnings from your firewall... is that because there's no malware or there's some semi-intelligent malware?
Don't get me wrong - in the absence of anything else I'll take a host-based firewall but I'd rather have something else.
So if you have a NAT router with a firwall, a decent anti-virus programs that scan on-access, and web-pages and mail, and you check your system for malware/adware often. Do you then need a SW firwall?
| | So if you have a NAT router with a firwall, a decent anti-virus | programs that scan on-access, and web-pages and mail, and you check | your system for malware/adware often. Do you then need a SW firwall?
And that's the problem. A normal user cannot answer such a question in a sensible way. It's idiotic to ask the user: she/he is the person to protect, not the person who should be responsible to protect.
And think about "Process ADOBEUPTR.EXE wants to access the internet - cancel/allow?" Clicking "cancel" makes your machine less secure.
If you are using a router, make sure you turn off the Upnp "feature", otherwise your dns servers, and other router settings can be changed, by visiting a site (including hacked ad servers), with flash, or any other plugin, that allows sending a SOAP request, from your computer, back to your router.
Note that this security hole affects all operating systems, and all browsers that support plugins.
If you've got a decent PC (i.e not one thats going to slow down noticeably) then why not - as long as you don't pay too much for the privilege.
Some host based firewalls have other vaguely useful features like measuring traffic levels.
Personally I tend not to bother and rely on the Windows firewall, on the rare occasions I use Windows. I don't want to sound superior, or like I'm Linux zealot, but I rarely use Windows in anger. I just prefer using Linux and KDE/Gnome/Xfce 'cos they suit the way I work. I don't believe that makes me immune to such problems, just much less likely to suffer.
. | | If you are using a router, make sure you turn off the Upnp "feature", otherwise | your dns servers, and other router settings can be changed, by visiting a | site (including hacked ad servers), with flash, or any other plugin, that | allows sending a SOAP request, from your computer, back to your router. | | Note that this security hole affects all operating systems, and all browsers | that support plugins. | | See
Almost all routers, including cable and dsl modem/routers, have upnp enabled by default.
For anyone who doesn't want to check the above sited, the upnp "feature" allows the dns servers returned from the router, to be altered, which means a malicious person can redirect all of your internet traffic, to sites they control.
The security implications of this one, are mind boggling, to say the least.
| | You're welcome. This one shocked me! | | Almost all routers, including cable and dsl modem/routers, have upnp enabled | by default. | | For anyone who doesn't want to check the above sited, the upnp "feature" allows | the dns servers returned from the router, to be altered, which means a malicious | person can redirect all of your internet traffic, to sites they control. | | The security implications of this one, are mind boggling, to say the least. | | Regards, Dave Hodgins |
I am well aware of DNS Changer Trojans but one that uses uPnP to change SOHO Routers... That's new.
I think I should clarify. It isn't the dns hijacking, I find mind boggling. It's the scale, and difficulty in fixing, that I find mind boggling.
How many routers, and high speed modems, with built in nat routing are in use? Most of them have upnp enabled by default. For a long time, standard advice for windows users, has been to use a nat router, to help protect the system. Now that has to be quailified, with "but, be sure to disable the upnp feature".
The upnp feature was created, to allow programs like skype, to get a port forwarded to the computer, without the user having to understand ports, or how to configure the firewall. There are so many users who are just not capable of configuring a firewall, or more accurately, are unwilling to even think about trying to do it.
Now they have to turn off upnp, to protect their router settings, but that means, they can't run the software, they want, without learning about port forwarding, ip, and mac addresses, or getting someone to do it for them, everytime they want to install a program that requires an incoming port.
The article in the link stresses, that this isn't a software bug, that can be patched. While flash was used in the example, there are many other possible ways to exploit the problem. Every piece of the problem, is working exactly the way it was designed to work.
Whatever fix comes up is going to be very difficult, to get implemented on existing hardware.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.