Anything Wrong with running 2 firewalls?

[Cpt. Duke]

I have been using Norton Internet Security for a while and it seemed to be ok. A couple weeks ago I went on one of the security sites (not grc.com, it's similar but I forget the name) and it said my port 139 was open. I didn't know how to fix this with Norton so I downloaded ZoneAlarm. Besides wasting system resources, are there any theoretical problems with running 2 firewalls? (Something along the lines of 2 condoms actually being worse than just one ) . . .

 

[RagManX]

Most of the security geeks I know do this. I personally don't have 2 on my system, but I'm confident enough with my system config plus NAT on hardware router setup that I feel I'm OK. Nothing wrong with 2. People I know tend to do zonealarm (firewall) plus Black Ice (IDS) together.

RagManX

 

[pochrist]

I have a firewall on my router and Norton personal firewall, I would definately suggest this, especially if you running Win95-98 or ME. Norton cateches trojans that the Router seems to miss. I run Win2k Pro and have had 3 differn't Trojan's blocked by Norton, after research I found out that the can't do any thing in Win 2K Pro only in the Win95-98 Me comps, because Win2k & Winnt have very high security settings that the Home owner version of windows lacks.

 

[Need4Speed]

damn you guys are paranoid ...port 139 is netbios, you can disable it under your network porperties or config the firewall to block port 139. though there is no harm in running 2 firewalls, 1 should be sufficient when configured correctly. It's more important to have 1 firewall and 1 AntiVirus rather than 2 firewalls....

 

[Cpt. Duke]

ic, thanks guys...

 

[HarveyFish]

Running two firewalls is like wearing two condoms. Either way you might be better off making sure you've got one good method of protection instead of two questionable ones.

Zonealarm should be fine as is.

 

[RagManX]

Zonealarm is insufficient. Zonealarm plus virus-scanner is insufficient. The Nimda worm used a flaw in Internet Explorer 5.0 (not 4.x, 5.5, or 6.0, just 5.0) in which if you connected to an infected webserver, your machine got infected through an Activescript setup that managed to circumvent IE's "built-in" protection against such stuff. Once this happened, you machine started scanning others to infect.

Since Zonealarm stops suspicious incoming connections, and a virus-scanner can only stop a virus it knows about, had that been your protection, you could have gotten infected.

Since Black Ice watches outgoing connections, you still would have gotten infected, but you would have gotten a message the first time the worm tried to scan out, letting you know that some unauthorized program was attempting to open outgoing connections.

Really, learning how to secure your machine is best, but given Microsoft's inability to deliver relatively secure and securable products, running Zonealarm plus Black Ice plus a virus-scanner is the best (if incredibly resource intensive) method to secure yourself. Or just accept the risks of being connected (which is my choice) and plan on the possibility of needing to format and reload at some point.

RagManX