Discussion in 'General Software Discussion' started by tek, Jan 15, 2005.
i dont use my routers firewall, ms firewall or any
Not in every way though. Typical hardware firewalls can't do much about a piece of software that has already gotten onto your computer, whereas software firewalls can. I would definitely run a simple no-bull software firewall like Kerio 2.15 when being behind a hardware firewall. I'm about as interested in keeping the installed software in a leash as keeping inbound traffic filtered.
True, by default software firewalls block all outbound traffic whereas the hardware firewalls don't. But you can set up rules fairly easy to block all outbound traffic just like the software does but with the added benefit of being able to do the same for the whole network or just specific rigs If you're really paranoid you can seal yourself up pretty good
@Tek, my choice for BT is azureus with the safepeer plugin. Works good and you only have to open a single port to be connectable
I use Zone Alarm pro, works great, no problems. Using it for a year and a half now. Tried Norton, didn't like it, I didn't use it for very long and had already been used to zone alarm, so don't know if it's good or bad, but i prefer zonealarm. Easy to use and works. Oh and Legally Free.
yes but some hardware firewalls do, those are the ones worth getting. - especially those that log all traffic to a file so you have even further piece of mind.
As I said in the post above for most cases you are right but the better routers or hardware firewalls do have outbound blocking/filtering and some can even log all the traffic to a file and allow specific applications/ports to outward transmit, what quite a few people dont know is that there are specific trojans which are built to totally circumvent specific software outbound filtering and dont even show up via that application. Nothing touches a good hardware firewall if its configured correctly. Of course the massive downside is the price.
Just as a pointer to any reader, blocking specific ports in a hardware firewall isn't doing any good against menacing software's outbound traffic. This is because pretty much anything can be done through for instance port 80 wich every home user must keep open for web usage. While there are hardware firewalls that really does analyse the traffic in such an advanced manner that some real level of outbound safety is reached, for what I know the must still be so expensive that their existance is nigh on irrelevant in this context.
Naturally any software solution can be circumvented by another piece of software. One should certainly keep an eye out for information regarding the program one uses to see if security threats have been found, as basic safety thinking dictates. And antivirus/antispyware software is a natural thing to have in either case. Ruling out user interference and specialised trojans for the sake of separating different arguments; I still haven't seen anything that breaks Kerio 2.15 even though it has not been updated for well over a year. That makes me feel like I can put at least as much trust in it as a home user firewall/router and get more control at the same time. I might pay for that on human error some day, but I'll take that with the benefits.
Edit: Just short little hands-on experience. Tried the demo for TopSpin, a Microsoft released tennis game. Every time one starts up the demo it "phones home" to Microsoft, probably telling them that the demo was used. While not likely a security threat, that's a very typical kind of software behavior that most hardware firewalls/routers can't do anything about. I just prefer to say no to these things, and they are becoming all the more common.
Hardware only for me. I got so sick of the various s/w apps that kept displaying popups (McAfee is very guilty of this) to tell me about various attempts to get into my system when they were just normal network traffic.
I have my buffalo router but this sits behind my Cisco PIX 515E Firewall. The Cisco is rather large but slim (designed for 19" racks) and so lies down the side of my desk.
Indeed. Some firewalls definitely try to make themselves sound more important than what they are, with BS wordings to their notices. That and the bloating of most suites are unfortunate developments.
I'm behind my ISP's NAT, that's all
Actually, out-bound ports are not the same as the ports that servers use. You don't use port 80 to connect to a website's port 80.
(eg. I'm using 3985 right now... TCP digitalis:3985 driverheaven.net:http ESTABLISHED
windows xp firewall
good enough for me
Of course it is...
Agnitum Outpost Firewall Pro 2.5
yep yep, and that's why I've loved kerio 2.1.5 for so long...good logging, protection, minimal resources used, and it's not bothering you all the time creating rules.
No matter what you do or what you have, someone will alwaysknowhowtoget around it. So the moral of the story is nothing is100%soUPDATEAND SCAN OFTEN.......and lay off the porn..... andyou'llbeingoodshapemost of the time.
P.S. I've edited this 3 time, it won't keep my spaces. What's the deal with that?
any of you guys use your nForce firewall?
There's an nForce firewall? Wtf... :wtf:
I've been reading through my Xincom manual and although i have outbound Firewall enabled.. i haven't setup anything specific. And logs, logs are nice, they tell you want you need to know. I was serprised... i had downloaded something, and for the first time for myself, ended up with a weird virus. Although i was able to manually remove it, it attempted to send itself to the networked machines, my main server. The Router caught the transfer and stopped it.
Pretty impressed so far.
yeah man the nForce3 250Gb has a hardware firewall built-in in to the chipset itself
if you use firefox you probably won't have the popup issue anymore and I haven't had any problems since I started using it. There are alot of security features that keep the unwanted out. zonealarm (alarm to tell you what's happening when it's happening.) for traffic, and norton here and there.
Note: the november update for norton antivirus (on the MAC), writes a line of code into all photoshop files and corrupts them. I found out the hard way and Adobe's tech support told me it was the November Norton Update. They said it would be fixed on later ones. But I uninstalled in at work seeing how in five years I've never gotten a virus on my overpriced, smokin fast MAC. My PC at home is a different story though.
Separate names with a comma.