Do i need a software firewall when i have a router ?

[ciproxr]

ive used sygate and linksys router for a while and had no problems but recently connectivy problems showed up , im not 100% sure but so far sygate seems to be the problem, could be the problem, could be that i didnt allow genereic host service , but i have disabled sygate and so far have not had a connectivy freeze........was wondering do i really need 2 firewalls ?

 

[blemoine]

no uninstall sygate.

 

[RebateMonger]

You didn't mention your OS. If it's XP SP2, then I wouldn't bother with a 3rd-party firewall like Sygate. I WOULD use XP SP2's built-in Firewall. 3rd-party firewalls cause people a lot of problems with connectivity.

Frankly, if you are running a NAT router and aren't forwarding any ports, it's REALLY tough for much to get through. The biggest dangers become internal - people clicking on the wrong things and enabling viruses, worms, trojans, etc. from INSIDE your network. If THAT happens, then it can be "nice" to have an outgoing firewall. If you are paying attention, an outbound firewall can help catch things. Assuming that the new infection hasn't disabled the firewall already.

 

[deathwalker]

In theory ..no. I have found when you start stacking hardware and software firewalls that trouble shooting access problems becomes considerabley more annoying.

 

[JackMDS]

You need, Software Firewall, AntiVirus, AntiSpyware.

AS far as consumer use of home computers, the Router's NAT Firewall protects only from a fraction of the Trouble that the Internet might "Dish" you In and Out.

Basic Protection for Broadband Internet Installation.

Freeware Security suit for Internet Connection Protection.

Make sure to write down the name people that think that you do not need more protection. It is a Good thing to have because might be that hey would be kind enough to take your computer for cleaning and reinstalling the system when the time comes.:shocked:

:sun:

 

[spike spiegal]

You need, Software Firewall, AntiVirus, AntiSpyware.

BS. Why don't you stop giving money to third party security software writers who only bog down your system and learn how to use a darn computer?

I don't run software firewalls on the corporate networks I support, and I don't run anti-spyware products on those networks, and I've never had a problem with security. Why?

Because my users DONT HAVE ADMIN RIGHTS TO THE BOX! Spyware and virus's can't write to critical system areas, so it's no issue. At home I lock Internet Explorer into a user shell that doesn't have admin rights, and the problem goes away.

I get constant requests from friends to clean up their systems infected with high level trojans' and Malware all the time, and the scenario is always the same:

- They are always running a McAfee or Symantec type security suite including a software Firewall.

- The account they use to surf has Admin rights.

- Box is still trashed, but above mentioned security suite tells me there is a problem without being able to do a thing about it.

The biggest myth in the universe, and the most damaging in terms of mis-educating computers users (see above), is the stupid and idiotic belief that a software firewall helps prevent Malware/Virus's from getting on the box when it does no such thing. At best, your software firewall will tell you after the fact, and after your machine has been trashed. Yippe!

 

[blemoine]

You need, Software Firewall, AntiVirus, AntiSpyware

This is a matter of opinion & not fact. The ideal situation is one where your security is layered & you always follow "best practices" when using the internet. Since this is not practical you need to evaluate your current situation. if your computer contains no important data and your can re install windows yourself then by all means surf with no protection. on the other hand if you have important data go the extra distance to protect yourself.

 

[nweaver]

You only need a software firewall if you can't trust the rest of the network. If you share the router with roomates, or take the computer to other networks, then I would use it. If it's just you/your machines, and yout keep them up to date, patched, and stuff, then probably not.

 

[JackMDS]

Originally posted by: blemoine

You need, Software Firewall, AntiVirus, AntiSpyware

This is a matter of opinion & not fact.

Yap, and I guess that so are Car's Sit Belts, and smoking cigarettes, and excessive alcohol consumption?:shocked:

Originally posted by: spike spiegalBS. Why don't you stop giving money to third party security software writers who only bog down your system and learn how to use a darn computer?

1. Hmmm BS, I did not know the Institute of British Standards (http://www.bsi-global.com/British_Standards/index.xalter ) issued a standard concerning this issue.

2. In case you did not notice the second link in my previous post provided source for Excellent FREE security applications.

:sun:

 

[Nothinman]

Because my users DONT HAVE ADMIN RIGHTS TO THE BOX! Spyware and virus's can't write to critical system areas, so it's no issue. At home I lock Internet Explorer into a user shell that doesn't have admin rights, and the problem goes away.

Most spyware and viruses don't need admin rights to do their job, they can simply infect the profile that they were run under and still have like 80% of the same coverage. Of course they won't be able to do really nefarious things like hide from the process lists, but most people don't know what should and shouldn't be in that list in the first place. And once Vista is released this will probably become a lot more common since Vista users will be unpriviledged by default.

 

[spidey07]

best practices call for software firewall, hardware firewall, antivirus and antispam.

These days you can get a worm/virus/trojan just by going to a website.

without all of these mechanisms in place it is very easy for your machine to get infected.

 

[blemoine]

a firewall is only as good as its configuration i say. you don't know how configure it correctly you can do more harm than good. sometimes the contents of the workstation are not worth the time and money to protect them. especially if you have a restore partition (ie new dells).

Spidey live on the edge. its wonderful out here.

 

[oddyager]

Originally posted by: nweaver
You only need a software firewall if you can't trust the rest of the network. If you share the router with roomates, or take the computer to other networks, then I would use it. If it's just you/your machines, and yout keep them up to date, patched, and stuff, then probably not.

And we have a winner.

 

[JackMDS]

Fact 1, most consumer software that is used today has the capacity to call home.

Fact 2, when you are connected to a Website or downloading files, a lot of junk can get to your Hard Drive.

Since you requested the pages from the site the NAT Firewall will not block what comes in from this site.

If the ?Site Keeper? loaded the pages with ?Junk? it will get to your computer.

Remember the movie Johnny Mnemonic. It was about a guy that had computer memory implant in his brain (like human Flash Drive). http://www.imdb.com/title/tt0113481

Well, I figure out that few guys probably got the same implant. They found a way to load a combo Kismet Ethereal into the Brian implant, and connected the output to the finger that dose the mouse left clicking.

When Kismet sniffs and detects Internet ?Junk? ?Infestation?, it sends an impulse to the finger inhibiting the click. Bingo, No need for security software it is in it (the brain).

:sun:

 

[Rottie]

I have Sygate Personal firewall on my laptop and Linksys WRT54G router I don't have any problem at all but I decided not to use Sygate at home because I don't get much attack or virus, etc. I also run AntiVir along with Spy search and destory and Adware SE.
I will use Sygate if I take laptop for travel.

 

[nweaver]

Yes, especially since there is a critical alert for IE as of last night

 

[spidey07]

Originally posted by: nweaver
Yes, especially since there is a critical alert for IE as of last night

hahahaha....also don't forget about the zero day virus/worms out there. The ones that there is no patch for yet.

MS just about had egg on it's face a few months ago because they would release a patch for a known buffer overflow in windows media player that allowed web sites to execute code on you machine.

A personal firewall isn't gonna do jack for you there, but the whole "defense in depth" methodology still applies.

 

[GimpyFuzznut]

When I run a software firewall behind my hardware firewall I am more concerned with things going OUT not coming in. Downloading lots of pirated files and the likes (always from trusted sources, but you never know), there could always be something contained in one of those downloads... some sort of backdoor program, worm, virus, or whatever. Having a software firewall usually blocks all that junk from sending connections out, making them useless. Also, certain legitimate software programs always try to connect to the net to possibly send information about me, check serials or registration information, check for updates etc - and I HATE when programs do that without asking. I guess Windows Firewall can stop all those things however so there is no need for a 3rd party solution.

 

[ColKurtz]

Originally posted by: GimpyFuzznut
When I run a software firewall behind my hardware firewall I am more concerned with things going OUT not coming in.

Exactly! I run a software firewall not to keep things out, but so that I am alerted if something ever tries to phone home.

 

[blemoine]

i think some of us work in high security enviroments and then want to recreate the level of security at home when its really not necessary. i think the 1st question you should ask when designing a security solution is "Is said device mission critical?" for home use i would say an updated ghost image & removable hard drive are enough security. but thats just me.

 

[ivwshane]

LOL aint that the truth!

Usuaully though if they do have anti virus running and anti spyware running the definitions are out of date making them useless.
So either way, if you run protection software or you don't, the best way to protect yourself is to educate yourself. It's much easier to not open an unknown attachment than to remove a virus that your out of date anti virus program can't detect.
If you have multiple users then it gets a little trickier but creating separate accounts for them that are limited and installing firefox with a few key extensions can help keep the system fairly clean.

Regarding software firewalls, you can either spend the time watching and configuring it to let certain programs out or you could just educate yourself and learn what programs are "safe" to install and run. Either way you can't just install something and assume you are protected.

Originally posted by: spike spiegal

You need, Software Firewall, AntiVirus, AntiSpyware.

BS. Why don't you stop giving money to third party security software writers who only bog down your system and learn how to use a darn computer?

I don't run software firewalls on the corporate networks I support, and I don't run anti-spyware products on those networks, and I've never had a problem with security. Why?

Because my users DONT HAVE ADMIN RIGHTS TO THE BOX! Spyware and virus's can't write to critical system areas, so it's no issue. At home I lock Internet Explorer into a user shell that doesn't have admin rights, and the problem goes away.

I get constant requests from friends to clean up their systems infected with high level trojans' and Malware all the time, and the scenario is always the same:

- They are always running a McAfee or Symantec type security suite including a software Firewall.

- The account they use to surf has Admin rights.

- Box is still trashed, but above mentioned security suite tells me there is a problem without being able to do a thing about it.

The biggest myth in the universe, and the most damaging in terms of mis-educating computers users (see above), is the stupid and idiotic belief that a software firewall helps prevent Malware/Virus's from getting on the box when it does no such thing. At best, your software firewall will tell you after the fact, and after your machine has been trashed. Yippe!