I already have a router with an inbuilt firewall. But I've been told that they aren't the best and that you need a software firewall as well. Is this true?
Do I need a software firewall?
- Thread starter TheenDer
- Start date
cleverhandle
Diamond Member
- Dec 17, 2001
- 3,566
- 3
- 81
IMO, that depends on you. Do you know what a firewall is and how it works? (By which I mean "really know something about TCP/IP", not just "a firewall protects me".) If the answer to that is "no", then I think that running a software firewall only tends to cause as many problems as it solves, and tends to hog system resources or otherwise be obnoxious as well. If the answer is "yes" or "no, but I'm interested in learning and will take the time to do so", then I would say that a software firewall can be a useful tool to monitor and control your system's network activity.
Firewalls are, by nature, fairly technical tools. They interfere with your network, by design. That's what they're made for. Sort of like you wouldn't recommend a table saw to every DIY'er, I wouldn't recommend a software firewall to every computer user. Though the effects of a misconfigured firewall are, admittedly, less permanent than losing an appendage...
Also note that the above is taking into account the fact that you're already behind a router. If you were directly connected to the Internet (which is a bad idea, anyway), it would be different.
Firewalls are, by nature, fairly technical tools. They interfere with your network, by design. That's what they're made for. Sort of like you wouldn't recommend a table saw to every DIY'er, I wouldn't recommend a software firewall to every computer user. Though the effects of a misconfigured firewall are, admittedly, less permanent than losing an appendage...
Also note that the above is taking into account the fact that you're already behind a router. If you were directly connected to the Internet (which is a bad idea, anyway), it would be different.
A NAT router is a good inbound firewall. Picture a wall and tons of packets coming at the wall, with some bouncing off. The ones that bounce off are ones that were specifically requested, and travel back to the PC that requested them. The rest are miscellaneous probes, connection requests, or potentially harmful hack attempts and discarded, unless you specifically allow one of them via port forwarding or allow all via DMZ (demilitarized zone). With DMZ they all bounce to one PC, except the ones that are requested by other PCs (which obviously go to the other PCs).
When you have a virus or worm, it may send out Internet packets and the last stage of protection is an outbound firewall. If you never get a virus/worm in the first place, it isn't a problem. Basically outbound firewalls block everything, and it's up to you to configure every last legitimate application you have on your PC to be allowed. Sound annoying? It is. Use safe applications (web-Firefox/Opera, mail-Thunderbird), don't click Yes To Install on every dialog that comes up, and you won't have to worry.
Given IE's track record with spyware I will never consider using it ever again. If the software is a holey piece of crap no amount of human intervention will prevent spyware from getting in.
When you have a virus or worm, it may send out Internet packets and the last stage of protection is an outbound firewall. If you never get a virus/worm in the first place, it isn't a problem. Basically outbound firewalls block everything, and it's up to you to configure every last legitimate application you have on your PC to be allowed. Sound annoying? It is. Use safe applications (web-Firefox/Opera, mail-Thunderbird), don't click Yes To Install on every dialog that comes up, and you won't have to worry.
Given IE's track record with spyware I will never consider using it ever again. If the software is a holey piece of crap no amount of human intervention will prevent spyware from getting in.Long version short.... Good enough for most, but you should use MS's firewall that comes with XP SP2.
cleverhandle
Diamond Member
- Dec 17, 2001
- 3,566
- 3
- 81
Go to ShieldsUp! and click on the free test for "All Service Ports." The link is located in the gray colored bar under the words "ShieldsUP!! Services" about mid-page or lower.
They're at:
<a target=_blank class=ftalternatingbarlinklarge href="https://www.grc.com/x/ne.dll?bh0bkyd2"><a target=_blank class=ftalternatingbarlinklarge href="https://www.grc.com/x/ne.dll?bh0bkyd2">https://www.grc.com/x/ne.dll?bh0bkyd2</a></a>
THen click on the Proceed button & go to the next page where the tests are (in the gray horizontal bars).
It will probe you & see how you look to scanners who flood the internet seeking vulnerable computers to covertly invade, steal information from, use as zombies, etc.
After the test be sure to read the analysis of any bad findings.
While there, also read this.
Short answer: Yes you need a software firewall.
Edit: link repaired
They're at:
<a target=_blank class=ftalternatingbarlinklarge href="https://www.grc.com/x/ne.dll?bh0bkyd2"><a target=_blank class=ftalternatingbarlinklarge href="https://www.grc.com/x/ne.dll?bh0bkyd2">https://www.grc.com/x/ne.dll?bh0bkyd2</a></a>
THen click on the Proceed button & go to the next page where the tests are (in the gray horizontal bars).
It will probe you & see how you look to scanners who flood the internet seeking vulnerable computers to covertly invade, steal information from, use as zombies, etc.
After the test be sure to read the analysis of any bad findings.
While there, also read this.
Short answer: Yes you need a software firewall.
Edit: link repaired
cleverhandle
Diamond Member
- Dec 17, 2001
- 3,566
- 3
- 81
Your conclusion doesn't follow your argument. He's already behind a router - if he goes to ShieldUp, it's going to show no open ports. A software firewall offers him absolutely no more protection against incoming connections than he already has.
cleverhandle,
Well I have both a router & a software firewall.
The router's firewall settings are adjustable, & the ShieldUp! test was able to poke through it, & was detected as an intrusion at the McAfee firewall until I then tweaked the router's firewall settings.
I'm so glad that I did that testing, which was a wake-up for me...I hadn't been as safe as I'd thought!
Also, there's lots of excellent educational value in that site, even though the author there is annoyingly wordy.
Well I have both a router & a software firewall.
The router's firewall settings are adjustable, & the ShieldUp! test was able to poke through it, & was detected as an intrusion at the McAfee firewall until I then tweaked the router's firewall settings.
I'm so glad that I did that testing, which was a wake-up for me...I hadn't been as safe as I'd thought!
Also, there's lots of excellent educational value in that site, even though the author there is annoyingly wordy.
If you are forwarding no ports and aren't plugged into the DMZ port on your router, all ports will appear as filtered. I suppose it's a good test to verify that, but it's better if you just pay attention to your router settings in the first place.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter