1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

To Firewall, or not

Discussion in 'Bits & Bytes' started by btdude, Oct 30, 2002.

  1. btdude

    btdude Veteran Member

    I would go to DSLR, but I'm not really interested in how many certs people have, and listing what my "box" is made of. I just want some answers.

    I have a cable connection. I do have Norton Internet Security now. Renewal time is coming. I only want to have the anti-virus component. Is this safe? I really don't ever leave the modem or the computer on, I shut it down when I am done.

    The only thing I like about the firewall software is that is has ad blocking. I use the webcam for video conferencing and meetings, so I have most of the firewall disabled anyway.
  2. tke711

    tke711 Oink Oink Staff Member

    I run Zone Alarm Pro on my box, and a bunch of other "security" software because I'm a paranoid freak :).

    Actually, of all the software I run, I consider ZAP to be the most valuable. I really like being able to control what programs can talk to the net and which programs cannont. In addition, with ZAP I can control exactly what ports those programs use.

    Personally, I wouldn't run a machine without at least the free version of Zone Alarm, but that's just me. If you want to check it out, you can find it here .

    Also, if you want to maintain the ad blocking, I would suggest using a free program called Proxomitron. It's a little work to set up, but once your done, it makes surfing the web much more enjoyable. I know of two good places to help you set it up. One place is the security forum at the "other" place, and the other is ComputerCops which is Z-X's web site. Just check out his forums and you will find an entire section dedicated to Proxo.
  3. btdude

    btdude Veteran Member

    This is what I am looking to purchase. I have a hankering to tweak and play with stuff, and this let's me do that.
  4. tke711

    tke711 Oink Oink Staff Member

    Personally, I'm not a big fan of Norton products, but I've heard many others say good things about both of those programs.
  5. jfcjrus

    jfcjrus Veteran Member

    I'm certainly no expert, but I've taken the advice of others and, so far, have been pretty bored.
    I run:
    NAV2002 (I suspect I'll go to NAV2003, when I have to renew)

    ZAF (Like tke711, I like how it tells me what's trying to access the net. I don't have the controls he has with ZAPro, but I probably wouldn't know what to do with them anyway).

    TDS3 (a respected Trojan detector/killer - perhaps a little overkill, I dunno)

    Proxomitron (I like this one the best. I never get adds/popups/popunders/scrollyads/etc. I never spent any time setting it up, I just use the defaults - well, there was one thing I had to click to allow antimated avatars, but that was it. All cookies are changed to session - no 'doubleclick' tracking for my machine.)

    Once a week, or lately once every few weeks, I'll run a full system scan with NAV, or TDS3, or AdAware, or Spy-Bot, and they find nothing. Boring.

  6. ethics

    ethics Pomp-Dumpster Staff Member

    ZoneAlarm Pro for me, folks. And even that's not on all the time. :)
  7. Domh

    Domh Full Member

    dude - tell me a little bit about your box, os etc.

    if you REALLY power everything including your cable modem off when you are done using your machine, then personal firewall should work fine for you.

    i would suggest you not fiddle around with system works. in my experience it causes more problems than it solves.
  8. mikeky

    mikeky Member

    Many will say you don't need a firewall if you can tighten down your computer settings, and I guess I mostly agree with them. But, it's so easy to miss something, and if it's the wrong something, big ouch. Given that, if your system resources can handle it without much drain, you're probably safer to run a firewall.

    I use ZAP, with all machines behind a NAT router.
  9. Sir Joseph

    Sir Joseph Registered User

    I use a router with NAT.
    a) I have more than one computer.
    b) The "firewall" is much easier and safer than software firewalls.

    You can pick up routers for $40 or so, to me that's a great deal and allows for expansion without having to purchase more firewalls per PC.
  10. Sunriser13

    Sunriser13 Knee Deep in Paradise

    One of the biggest reasons for running a properly-configured firewall is to catch what may be trying to get <b>out</b> of your machine. I run Kerio Personal Firewall, which I love because I can control exactly what each and every program on my machine is allowed to do, and where and when it's allowed to do it.

    I also run virus protection, a popup/banner removal program, and the router with NAT. If anything, I am over-cautious... better safe than sorry, as they say...
  11. ethics

    ethics Pomp-Dumpster Staff Member

    Is linksys good enough as a hard firewall?
  12. Steve

    Steve Is that it, then?

    A linksys home router should do the trick, as long as it does NAT.

    btdude, NAT is probably fine for you, given that you shut down when not in use. If you get a NAT router, disable file and printer sharing, and unbind Netbios from TCP/IP, and give yourself "strong" passwords, you can probably get by just fine without a software firewall.
  13. jfcjrus

    jfcjrus Veteran Member

    Again, I'm not an expert, but;
    I have a Linksys BEFSR41 and, along with giving me local net capabilities and Internet access on all machines, I believe it also affords pretty good protection on 'inbound' intrusion attempts on my machines.

    It's logs are forever recording various attempts on this port or that port. I gather most of these attempts are explained by normal traffic, but many are real blocks to nefarious attempts to screw with my machines.

    So, I think my 'linky' does a good job of stopping unwelcomed probes to my home lan. But, I gather, it doesn't know squat about something on my machine accessing the net without my knowledge.

    So, the other stuff (ZA, NAV, TDS, Proxo, etc) does the rest of the job to protect me from the other evils that might lurk on the net, namely some app that snuck on my machine.
    In my opinion, all necessary layers of protection.

    Kind of sad that it's up to us to add this stuff to protect our machines or privacy, but, so be it.
    Good luck in your quest of secure surfing.
  14. midranger4

    midranger4 Banned


    Just my two cents. Firewall and anti-virus protection is always a must for any system I own or support.

    I use Norton personal firewall and AVG (freebie) virus protection

    I strongly advise against System Works. A couple others have mentioned this, and I will as well....Norton Systemworks causes more problems than it solves.

    I dread nothing more than a call asking for help with a PC that just ran Norton's win doctor or similar utility.

    Good luck. If you want a link to AVG let me know and I will dig it up. It is unintrusive and seems to do a good job.
  15. jamming

    jamming Banned

    NAT Router's generally do not stop outbound connections. So if the Trojan has made it past your defenses it has no trouble phoning home.
  16. Sierra Mike

    Sierra Mike The Dude Abides Staff Member

    Gosh, so you think that Cisco 3800 series router I have running extended ACLs is a waste?

    SM (actually, the router's under my bed, collecting dust. But I can run ATM over it, though.)
  17. Sir Joseph

    Sir Joseph Registered User

    With a hardware filter, you can stop outbound as well. One of my computers used to be running Kazaa all the time and I blocked all outgoing ports other than 80.
  18. Sunriser13

    Sunriser13 Knee Deep in Paradise

    Sir Joseph, a router with a built-in firewall usually does give you some control over outgoing, but I think what needs to be noted is that NAT is not a firewall. It affords relatively minimal protection, but absolutely no outgoing control... without a specific firewall built into the software of the router.
  19. Sir Joseph

    Sir Joseph Registered User

    However, you can't come into my system. My IP is a 192. Secondly, if I allow only port 80 out then it would seem enough and there would be no need for a purchase of a firewall program.
  20. Sunriser13

    Sunriser13 Knee Deep in Paradise

    Let me clarify just a little - not all routers have a built in firewall, Sir Joseph. Although NAT assigns internal addresses, thereby making the computer "invisible", so to speak, NAT in and of itself cannot protect from outgoing processes.

    In your particular case, if you can control and limit your outgoing ports, you have a software firewall built into the router.

    Does that help you see the point I'm trying to make?

Share This Page