How essential is a firewall?

[MMuse]

A year ago I set up my brother's machine. He had been running ME and I set up a multiboot with Win2000, Norton AV 2001 running on both operating systems. My brother is pretty unsophisticated when it comes to computers, and somehow things got really screwed up. I visit him again and he'd had some guy do some stuff on his machine, I don't know what. There was no NAV on his Win2000 partition and NAV was very screwed up on his ME partition and I couldn't reinstall it. He had these viruses on the machine:

Backdoor.Myparty
W32.ElKern.4926
W32.Klez.H@mm

We got him a new HD, installed Win2000 SP3. I installed NAV 2001 and ran Liveupdate before attaching his old HD. I then disinfected his old HD with a full system virus scan. He had around 10,000 infected files, and after deleting an obviously unnecessary hidden directory tree, around 1000. 950 of those were deleted and 59 put in quarantine. Most, if not all of these seemed to be in his ME partition.

Now, he won't multiboot anymore. I'm wondering if he will be OK without a firewall. At home I run Zonealarm freeware, but my brother's unsophisticated about computers and don't know that I want to complicate things by installing a firewall. Is it necessary? He leaves his machine on all the time and has a broadband cable internet connection. I think he got most if not all of the above viruses opening attachments to emails, and he knows that poses a potential problem. Do you think he might be alright as long as he runs Liveupdate frequently? That seemed to work for me before I installed Zonealarm, but I don't know what was going on behind the scenes. I installed Zonealarm not because I noticed problems but because people said a firewall was very important. Thanks for your input.

 

[n0cmonkey]

If you run absolutely no services and have a fairly up to date and simple machine, a firewall is not necessary. If you are running a Modern OS (NT line for Windows, OS X, any Unix-like system) a firewall is the only intelligent choice. With 9x I dont think it was as necessary as long as you ran absolutely no services, but it would still be a good idea.

 

[psianime]

I never use a firewall because it blocks some of the stuff I want to do. I'm suprised that your bro's NAV didn't catch the virii when they infected his system. I would lecture him on how to use it effectivly, and maybe schedule NAV to do nightly virus scans.

-psianime

 

[n0cmonkey]

Originally posted by: psianime
I never use a firewall because it blocks some of the stuff I want to do. I'm suprised that your bro's NAV didn't catch the virii when they infected his system. I would lecture him on how to use it effectivly, and maybe schedule NAV to do nightly virus scans.

-psianime

Can we lecture you on how to use a firewall effectively?

 

[MMuse]

Originally posted by: n0cmonkey

Originally posted by: psianime
I never use a firewall because it blocks some of the stuff I want to do. I'm suprised that your bro's NAV didn't catch the virii when they infected his system. I would lecture him on how to use it effectivly, and maybe schedule NAV to do nightly virus scans.

-psianime

Can we lecture you on how to use a firewall effectively?

Sure can! Fire away...

 

[MMuse]

Originally posted by: n0cmonkey
If you run absolutely no services and have a fairly up to date and simple machine, a firewall is not necessary. If you are running a Modern OS (NT line for Windows, OS X, any Unix-like system) a firewall is the only intelligent choice. With 9x I dont think it was as necessary as long as you ran absolutely no services, but it would still be a good idea.

Windows 2000 Pro has numerous services installed and running by default. Black Viper has an extensive set of recommendations concerning what to run and how as far as Windows 2000 (XP too, but that's a different page), and I've used his recommendations (with my own interpretations - it really requires you to interpret things for yourself). I guess I'll use BV's recommendations to set up my brother's Windows 2000 services. However, even BV doesn't recommend running absolutely NO Win2k services.

 

[MMuse]

Originally posted by: psianime
I never use a firewall because it blocks some of the stuff I want to do. I'm suprised that your bro's NAV didn't catch the virii when they infected his system. I would lecture him on how to use it effectivly, and maybe schedule NAV to do nightly virus scans.

-psianime

At this page, Symantec describes in detail the extensive powers of these new worm viruses. One of the things they do is try to disable your virus protection. Once they do that, they can wreak havoc in pretty short order, obviously. I don't know if having up to date virus definitions effectively protects you. I'd think so, but maybe he didn't have things up to date when he was infected. Judging from the Symantec descriptions, I think it's unwise to open strange attachments. Best to have substantial confidence that it's friend, not foe. The powers of these worms to disguise themselves on many many levels is pretty amazing, compared to the viruses I was familiar with.

 

[MisterMe]

I've had a cable modem since 1997 and run my PCs 24/7. Started with a Win95 machine and progressed through Win98, NT4, Win2000 and now XP. I don't have a firewall but always have had a virus scanner.

Back in the day when the whole cable modem thing was new, I could go into my network neighborhood and if the other PCs in my neighborhood had sharing enabled, I could literally browse through their hard drives - that was as "scary" as it ever got. I could even print to their printers if I wanted to - can you imagine all of a sudden having your printer fire up and start printing a 50 page doc? Talk about getting freaked out! The guys at GTE finally got thier act together and put an end to that. Back to the point, I have never had a virus get past the scanner or had any indication that anybody has gotten into my machine.

Do you need a firewall? "Sure, why not?" Will you die without one? Probably not. If you have one, will you be alerted to "activity"? Most likely. If you do see activity, does it mean that you would have died without a firewall? Almost certainly not. Don't let paranoia get the best of you...

 

[Mem]

Look at it this way,there`re quite a few good free Firewalls like ZoneAlarm,Sygate,tiny etc so no reason why you shouldn`t be using one,the extra protection is always better then nothing .

Nowadays it`s wise to have one especially with more hackers online now then ever.

 

[mjquilly]

Originally posted by: MisterMe
I've had a cable modem since 1997 and run my PCs 24/7. Started with a Win95 machine and progressed through Win98, NT4, Win2000 and now XP. I don't have a firewall but always have had a virus scanner.

Back in the day when the whole cable modem thing was new, I could go into my network neighborhood and if the other PCs in my neighborhood had sharing enabled, I could literally browse through their hard drives - that was as "scary" as it ever got. I could even print to their printers if I wanted to - can you imagine all of a sudden having your printer fire up and start printing a 50 page doc? Talk about getting freaked out! The guys at GTE finally got thier act together and put an end to that. Back to the point, I have never had a virus get past the scanner or had any indication that anybody has gotten into my machine.

Do you need a firewall? "Sure, why not?" Will you die without one? Probably not. If you have one, will you be alerted to "activity"? Most likely. If you do see activity, does it mean that you would have died without a firewall? Almost certainly not. Don't let paranoia get the best of you...

holy crap, you had a cable modem in 97????? I can remember right when I got DSL (summer 2000), and I saw the same deal you mention about being able to view other people's PC's in Network Neighborhood. I wouldn't blame it on your ISP though. (I assume GTE to be your ISP) I'd blame it on an OS that wasn't designed for the common user on a broadband connection.

back to the original question, how essential is a firewall?

-if you don't care about the data you have on your PC, not essential at all. (although you could be leaving your machine open to be used for a dos attack, be prepared to handle that)

-if you do value the data on your PC, it is quite essential.

Don't let paranoia get the best of you...

True, but I wouldn't consider running some sort of firewall paranoia. Just like I wouldn't consider you paranoid for locking the doors to your house/apartment/whatever.

 

[MMuse]

Originally posted by: MisterMe
I've had a cable modem since 1997 and run my PCs 24/7. Started with a Win95 machine and progressed through Win98, NT4, Win2000 and now XP. I don't have a firewall but always have had a virus scanner.

Back in the day when the whole cable modem thing was new, I could go into my network neighborhood and if the other PCs in my neighborhood had sharing enabled, I could literally browse through their hard drives - that was as "scary" as it ever got. I could even print to their printers if I wanted to - can you imagine all of a sudden having your printer fire up and start printing a 50 page doc? Talk about getting freaked out! The guys at GTE finally got thier act together and put an end to that. Back to the point, I have never had a virus get past the scanner or had any indication that anybody has gotten into my machine.

Do you need a firewall? "Sure, why not?" Will you die without one? Probably not. If you have one, will you be alerted to "activity"? Most likely. If you do see activity, does it mean that you would have died without a firewall? Almost certainly not. Don't let paranoia get the best of you...

Thanks. I just looked and saw that the whole new HD (it's one 40 GB partition) had sharing enabled by default in Windows 2000 Pro. I disabled it the moment I saw your first sentence about others seeing shared HDs. It may not be necessary these days but I don't know why he'd want to have his HD shared. The wife is on the same cable connection and I guess that would be a reason to have it shared, but they don't currently share files so it's not an issue... unless they decide to start sharing files, that is - an interesting idea.

 

[MisterMe]

holy crap, you had a cable modem in 97????? I can remember right when I got DSL (summer 2000), and I saw the same deal you mention about being able to view other people's PC's in Network Neighborhood. I wouldn't blame it on your ISP though. (I assume GTE to be your ISP) I'd blame it on an OS that wasn't designed for the common user on a broadband connection.

Back then they had ALL the ports open including 139 for NetBios. They started blocking all the common ports and subsequently now have a network more suited for common users....

Don't let paranoia get the best of you...

True, but I wouldn't consider running some sort of firewall paranoia. Just like I wouldn't consider you paranoid for locking the doors to your house/apartment/whatever.

I guess paranoia is too strong a word but what I'm eluding to is the same frame a mind a person has when they lock their car door when they pump gas. I mean, c'mon! You're standing right next to your car - nobody's getting in. Same thing for firewalls. The fact that you don't have one obviously increases risk but it doesn't automatically insure you as the recipient of a > successfull < attack, takeover or other malicious activity...

 

[mjquilly]

I guess paranoia is too strong a word but what I'm eluding to is the same frame a mind a person has when they lock their car door when they pump gas. I mean, c'mon! You're standing right next to your car - nobody's getting in. Same thing for firewalls. The fact that you don't have one obviously increases risk but it doesn't automatically insure you as the recipient of a > successfull < attack, takeover or other malicious activity...

True, but I guess I was assuming the PC will run 24x7, as my machine w/ the DSL connection does. In that case, you can't watch your car all the time!

 

[n0cmonkey]

Originally posted by: MisterMe
I guess paranoia is too strong a word but what I'm eluding to is the same frame a mind a person has when they lock their car door when they pump gas. I mean, c'mon! You're standing right next to your car - nobody's getting in. Same thing for firewalls. The fact that you don't have one obviously increases risk but it doesn't automatically insure you as the recipient of a > successfull < attack, takeover or other malicious activity...

Is it worth the risk? You risk losing your privacy, posibly money, and can look at getting punished if you are part of a DDoS or worse.

 

[everman]

Originally posted by: MMuse

Originally posted by: n0cmonkey

Originally posted by: psianime
I never use a firewall because it blocks some of the stuff I want to do. I'm suprised that your bro's NAV didn't catch the virii when they infected his system. I would lecture him on how to use it effectivly, and maybe schedule NAV to do nightly virus scans.

-psianime

Can we lecture you on how to use a firewall effectively?

Sure can! Fire away...

Lock and load
A very easy to use and effective for home use firewall is Zone Alarm. It will stop any program from accessing the net unless you specifically tell it to allow that program to, such as a game.

Now with a hardware firewall, you can manually open and close ports, such as some games might need to use port 9000 for example. If the firewall has that blocked off, you can simply open it and forward it to the pc playing the game.

There's a whole lot more that can be said, but those are some basic things. A firewall configured correctly is something you really should have and shouldn't cause you any trouble.

 

[DirtylilTechBoy]

The Internet is a big loose nasty vagina that has the potential to feel reaaaalllly good if you work it right but can also melt your cock off if you work it the wrong way...........and you don't want to wear a condom? If you could wear firewalls like condoms i'd have on three. Because before you know it you have an internal system error and you can't work anything any more because nobody else's system will accept you in.

Unfortunately with firewalls, once you put on more than one you go limp and can't work anything anything because the senses in your cock/comp get confused and cant detect any in and out movement, especially from the main ports.

Clear? Wear a rubber unless you are dipping into a thoroughly inspected and certified private internet that has had very few if any users in the past. Its even safer if you can blow up (air) your own intranet and be the only one ever "working" it. Unfortunately, if your intranet hasn't experienced any other users, it isn't that much fun and lays there doing almost nothing excepts a moan or grunt hear and there.

 

[DirtylilTechBoy]

Oh yeah, and you got a "Back door virus from a party service" (Backdoor.Myparty) (back door party sounds like more than just dual
boot(ing)y which means you caught something from an asshole of the internet while others that you dont know were up in it, even worse than that nasty vagina.


PS> Sorry about this post ladies, crude rude, and to the point, which is all I am trying to make.

 

[Nothinman]

If you're not smart enough to avoid Klez and the like, you need one (well, you need more than a firewall and virus scanner but that's beside the point).

A properly setup firewall won't stop you from doing anything but it will stop others on the network and software on your box from doing things to you that you don't want them doing. It's usually a win-win situation.

 

[ncage]

If you think your brother isn't smart enough to figure out some of the messages that zone alarm gives you just get him a good cheap hardware firewall. I asure you he won't have any problems with a hardware firewall if you set it up correctly. You can find them sometimes in the hot deal forums for under 30.00. I have a linksys router and it works great.

Ncage

 

[tgillitzr]

anyone using broadband should have a firewall of some sort.

The analogy of locking the car door while filling with gas does not work. You are not able to watch all the "doors"(ports) to your computer all the time, even when you are using it.

 

[igiveup]

LOL, good point. Since when did your car have in excess of 10,000 doors??? 4 are easy to watch... IANA.org Port Listing

 

[drag]

IMO its up to everyone to at least have a basic working understanding of things they use everyday. And its also your responsibility to protect yourself, If it was just you you had to worry about, I would not give a damn, but hacked computers are used everyday for general evil from ruining a person's day to be a launching pad for stealing credit card information.

If you don't want to spend the time to learn about ports and services and the TCP/IP protocol stack, just cough up the doagh for a 50 dollar router.

I use cable internet and at any time I can do a port scan on my local netblock (which I did only once or twice for researching purposes) and find out of 100 computers 5-20 compromised systems.

It just like any other part of life.. Your job and wellbeing may depend on your car. You need it to get to work and if can't get to work you may get fired, right? If you are to lazy to go out and learn how to change a tire and you lose your job because you get stuck out the middle of nowhere because of a flat tire and you can't change it, are you a moron? I think so. Of course you can always compensate your ignorance with using a cell phone and buying a AAA membership.

So get a router/firewall...

....if you use a permanate connection to the internet.

PS Hardware firewalls are preferable over software, because you don't have to worry about a extra program sucking up your reasorces or mangling your registry. Also subscribe to a good anti-virus software with regular updates, otherwise your e-mail buddies will eventually learn to hate you.... (or if you run a unix, don't bother with antivirus, just don't as root unless you absolutly have to)

PPS And If you (or your freind) still does't want to follow my advise. Just remember to turn the friggin thing off when you are not using it!

 

[Doh!]

I always lock my doors when I leave my house. When I'm at home, I keep the door locked after I make sure the person ringing the bell is not a stranger or wearing a ski mask with a loaded gun in his hand (or a jehovah's witness who wants 30 mintues of your time to share the good news). When on line, I basically apply the same principles.

 

[Muse]

Originally posted by: MisterMe
I've had a cable modem since 1997 and run my PCs 24/7. Started with a Win95 machine and progressed through Win98, NT4, Win2000 and now XP. I don't have a firewall but always have had a virus scanner.

Back in the day when the whole cable modem thing was new, I could go into my network neighborhood and if the other PCs in my neighborhood had sharing enabled, I could literally browse through their hard drives - that was as "scary" as it ever got. I could even print to their printers if I wanted to - can you imagine all of a sudden having your printer fire up and start printing a 50 page doc? Talk about getting freaked out! The guys at GTE finally got thier act together and put an end to that. Back to the point, I have never had a virus get past the scanner or had any indication that anybody has gotten into my machine.

Do you need a firewall? "Sure, why not?" Will you die without one? Probably not. If you have one, will you be alerted to "activity"? Most likely. If you do see activity, does it mean that you would have died without a firewall? Almost certainly not. Don't let paranoia get the best of you...

I had a similar experience in that I'd never caught a virus due to my internet connection or from email, at least to my knowledge.

BTW, I'm the same guy who started this thread but I created a new user named MMuse when I did that (I'm posting as Muse now). That's because I was visiting my brother and wanted emails concerning threads I was participating in to go to my brother's email address and not mine.

When I finally did install a firewall on my own system over a year ago (Zonealarm freeware, 2.6x, I believe), it was an absolute revelation to me how many intrusions were actually happening to my system. Every few minutes Zonealarm would pop up a message that this or that IP was doing or trying to do this or that to my system. I let Zonealarm do this for a while and responded to Zonealarm's messages as seemed appropriate, but eventually turned off the notification options in Zonealarm because I didn't want to be bothered all the time. That is, I turned it off for intrusions. I still get messages when a program on my computer tries to access the Internet in a manner that I've not already indicated is acceptable (to Zonealarm).

The question, from my point of view, is just how threatening all these intrusions are. Zonealarm puts a shield up against all kinds of stuff that used to not be there - i.e. IP's had various ways of checking out or even utilizing my system, as I make out. I don't know how necessary a firewall is, but just the process of setting up Zonealarm was a revelation.

I decided not to install Zonealarm on my brother's system. He's a really busy guy and doesn't want to be bothered with having to deal with too much complexity with his computer. His tolerance for computer complications isn't very great. I could still set it up since I have a remote connection to his computer with Timbuktu (like PCAnywhere), but it might be tricky. If his system goes south again, I guess I'll consider setting up a firewall. However, if he insists on opening strange attachments I wonder if a firewall would help him.

 

[Muse]

Originally posted by: ncage
If you think your brother isn't smart enough to figure out some of the messages that zone alarm gives you just get him a good cheap hardware firewall. I asure you he won't have any problems with a hardware firewall if you set it up correctly. You can find them sometimes in the hot deal forums for under 30.00. I have a linksys router and it works great.

Ncage

That's interesting. I'm setting up a second computer in my house and I figure I'll get a DSL router so I have an Internet connection active for both machines. I know that some of these routers incorporate a hardware firewall, but I don't know what that is. If I get such a router do I stop using Zonealarm? What's the process of setting up something like that?