Do I need to use a personal firewall application rather than Windows' own firewall for home desktops?

[Battousai001]

I would like to ask if I still need to use a specialized personal firewall aplication like Kerio or Sygate rather than use Windows' own SP2 firewall or my antivirus' firewall which is Trend OfficeScan, if Im just using a desktop home PC and uses the desktop for surfing the net, downloading stuff and doing some multimedia works?

Is the Windows SP2 firewall enough already just for a home desktop PC? or just turn it off and just use the built-in firewall of my antivirus which is Trend OfficeScan? or I still have to use a separate firewall application for my firewall? what will be the better choice for a home desktop PC?

Im thinking that if it will just be enough to just use the SP2 firewall or the built-in firewall of my antivirus (whichever is better) Im going to free up more resources and start-up speed from the separate firewall application like Kerio or Sygate.

What would be your suggestion?

 

[Schadenfroh]

put sygate or keiro on it or the one trend provided you and then disable windows firewall

 

[JackMDS]

The Win XP SP2 is pretty good as an additional firewall to a Router Firewall.

If you do not have a Router, you are much better of with one comprehensive Package like Norton Security.

Why?

Norton Internet Security (as an example) is a Firewall, Antivirus, Popup Buster, Ad -Buster, and more in one package.

My experience shows that One package is better and less troublesome for the TCP/IP Stack. Otherwise, the Stack is intercepted by few programs each doing its own things and sooner or later it goes to the Moon.

However the final decision has to be made by understanding the hazards and assessing your surfing Habits.

Additional readings about the issue.

Link: Basic Protection for Broadband Internet Installation.

Link to: Internet infestation - Or, how you are getting Internet "Junk" in and compromise your Computer/Network?

Link to: Basic Steps in cleaning Internet "Junk".

:sun:

 

[Battousai001]

Im on dial-up connection... so is software firewall enough?

Im using Kerio now and had problems with Sygate, Sygate crashes and sometimes seizes to run after installation, had tried reinstalling but still the problem persist and Zone Alarm has conflicts with my antivirus so I went to Kerio instead... but my prbolem is I dont have any knowledge in setting up firewalls, specially in configuring Kerio. But there is a menu after installation wether to run Kerio as "simple mode" or "advance mode" (the advance mode is the one that will prompt or ask me wether there is a connection in/out of my computer or there is an application that is being launched)

 

[JackMDS]

On dialup I use WinXP SP2 Firewall and AntiVir works well for me.

In situations that I use Kerio I like to use the older version v215 much easier to deal with, and seem to be ?Gentler? on DialUp works well with AntiVir too.

Link to: AntiVir Personal Edition.

Link to: Kerio v215.

:sun:

 

[Navid]

The XP firewall is only checking the incoming traffic. If you get spyware, that wants to phone home, that firewall does nothing!

 

[Battousai001]

does Kerio or any personal firewall application affect my dial-up internet speed?

 

[dfi]

I set up a few firewall rules on my router, and I only use winxp's firewall. I still scan my system with an anti-virus and adware scanners now and then, but it always comes up clean.

I believe the key to my setup is NOT using an administrator account 99.9% of the time. Since my normal user account can't modify system files, registry, or install new programs, there's not much to fear except pop-ups. And since I use firefox, the pop-up problem is taken care of.

dfi

 

[Battousai001]

Does Windows XP SP2 firewall does its job properly (what I mean is does it properly prevents outside sources in accesing your system) even though it does not function as a pure full featured firewall application (because it does not monitor outgoing information from your system)?

 

[Link19]

Because the Windows XP SP2 firewall does not monitor outbound connections, would you say it;s useless if you have a hardware firewall like a router? I mean a router already is the best firewall for blocking inbound connections, so what benifit would there be to using the XP SP2 firewall if you laready have a router and the XP SP2 one doesn't have the ability to block outbound connections?

 

[mechBgon]

Originally posted by: Navid
The XP firewall is only checking the incoming traffic. If you get spyware, that wants to phone home, that firewall does nothing!

That is not entirely accurate. I've had WinXP's firewall block stuff (Mechwarrior4 Mercenaries, actually ) and tell me "hey, you wanta this to access the intahweb, you getta the Administratah to allow it, foo" since I was using a Limited-class account.

I notice that a lot of malware (backdoors, downloaders and Trojans) are now designed to disarm the Windows Firewall and also disable the Security Center alerts, to get past the Windows Firewall, so there's some more evidence that it's a hindrance to the malware

A significant bolster to your anti-malware measures is to use a Limited-class account for your daily-driver stuff. Only use an Admin-class account when you actually need admin-level powers, if possible. Limited accounts put malware in a cage. Can't write to or modify the Windows directory, can't add stuff to the important parts of the Registry, can't install software, can't disable the Windows Firewall, can't disable Data Execution Prevention... if the malware was designed around the assumption that your browser, IM proggie or media player would have Admin-level privileges, it's not likely to work.

Maybe give it a try and see if it works for you. Along with that, set a strong password on your Admin-level accounts (right-click My Computer > Manage > Local Users & Groups > Users, right-click each user account and set password). If your software kicks and screams when you try to run it under a Limited-class account, reboot in Safe Mode, right-click its directory, and give the Users group a Full Control privilege just to that program's directory, and see if that overcomes it.

edit: BTW for home use over dial-up, I'd personally just use the Windows Firewall on WinXP SP2. If I had broadband I'd use a router (with all non-essential ports blocked point-blank both inbound and outbound) and then run the Windows Firewall on the computer. If I had "risk fact0rz" then I might lean towards ZoneAlarm for more alerting capability on the outbound stuff.

 

[Link19]

That is not entirely accurate. I've had WinXP's firewall block stuff (Mechwarrior4 Mercenaries, actually ) and tell me "hey, you wanta this to access the intahweb, you getta the Administratah to allow it, foo" since I was using a Limited-class account.

Are you sure about that? Every where I read, it says that the Windows XP SP2 firewall only checks incoming traffic, and does nothing for outbond traffic and says that is why you should use a better firewall. I know there is a service in XP that says it's for 3rd party plugins for the Windows Firewall/ICS. Are there any third party plugins that add the outbound traffic abilitiy to the Windows Firewall?

 

[mechBgon]

Originally posted by: Link19

That is not entirely accurate. I've had WinXP's firewall block stuff (Mechwarrior4 Mercenaries, actually ) and tell me "hey, you wanta this to access the intahweb, you getta the Administratah to allow it, foo" since I was using a Limited-class account.

Are you sure about that? Every where I read, it says that the Windows XP SP2 firewall only checks incoming traffic, and does nothing for outbond traffic and says that is why you should use a better firewall. I know there is a service in XP that says it's for 3rd party plugins for the Windows Firewall/ICS. Are there any third party plugins that add the outbound traffic abilitiy to the Windows Firewall?

Yes. Read any twenty-five malware descriptions at Symantec's or McAfee's sites and you'll see that the malware is being set up to disable the Windows Firewall and shut off the Security Center alerting so people don't get wise to it. They're not doing that just for fun

edit: random sample from Symantec's site: http://securityresponse.symantec.com/avcenter/venc/data/w32.elitper.a@mm.html

As for the outbound blocking, yes, I think I even took a screenshot of it blocking my MW4 Mercs from making a connection like I described (it's an Internet-capable game, so it's logical it would try). My WinXP box is back down at the office again, but I'll see if I still have that screenshot tomorrow.

 

[Link19]

As for the outbound blocking, yes, I think I even took a screenshot of it blocking my MW4 Mercs from making a connection like I described (it's an Internet-capable game, so it's logical it would try). My WinXP box is back down at the office again, but I'll see if I still have that screenshot tomorrow.

Are you sure that wasn't asking about it opening an inbound connection access for that game? Because I know someone else on Neowin asked the same thing about AIM, and someone said it was because AIM needed to open an Inbound connection for something. The link here: http://www.neowin.net/forum/index.php?showtopic=258827&st=30

I don't think the Windows Firewall monitors Outgoing connections unfortunately. However, there is a service that allows for third party plugins for the Windows Firewall. So are there any third party plugins that add that featue to the WIndows firewall?

 

[mechBgon]

Yes, I'm sure. The program was trying to initiate a connection. I use dial-up, and my dial-up connection was down at the time, so there was no chance of anything connecting from the outside in at the time.

If you don't like using the Windows Firewall, can I suggest setting your router to only allow outbound traffic on ports with a legit purpose. This would provide damage containment in the cases of a lot of the backdoors and Trojans that are looking to establish connections on random or specific ports. What I would leave open:

20 and 21 for FTP
25 for SMTP email if I use it
53 for DNS
80 for standard Web
110 for POP3 email if I use it
443 for HTTPS secure Web

and that would be it. Block TCP and UDP traffic on every port except those. I'd use a router if I had broadband... maybe someday. Those Comcast ads featuring cheetahs are definitely getting to me :Q