alientrap-forum-archives

[Urmel]

What's wrong with them?

I'd like to quote a post I've read in another forum where the author got the point in an easy and understandable way. Everybody who's engaged with stuff like that knows what he's talking about:

If you see a little can with a label "mortal contact poison!", you usually dont get the idea to test if this is correct and dont touch it (except 4m ofcourze ).

A personal software firewall usually is acting completely otherwise: It would open the can, touch the content and then wonder why getting so dizzy.

That's why the whole concept of software firewalls is kinda stupid isnt it?

[divVerent]

I think you don't understand me.

Your statement certainly holds for these personal firewalls like ZoneAlarm or *shudder* Norton Internet Security. But what is wrong with stuff like Win2k's IPSec policies (apart from the naming, since they can be used quite well for packet filtering WITHOUT IPSec), or pf, ipf, ipfw, iptables?

The thing is - these do what you tell them and not more. They don't pop up alarming dialog boxes for PR reasons (WOAH! Someone ATTEMPTED TO PING YOU! Me, the glorious firewall, blocked him. Man, I'm good.) or that you can accidentally answer wrong (192.66.2.15 attempted to access port 445. Do you want to allow it?), but just execute their fixed ruleset. They can of course log denied packets or just LOG rules. But once set up, they do what you told them and nothing else.

However, to use them, you have to understand the basics. Otherwise, you won't even get them set up or disable your own internet access too easily... but if you know what you are doing, these sort of packet filters work quite well - no matter if they are in software or in dedicated hardware.

[Urmel]

Don't forget, you kinda represent a minority. For me, I don't really understand what I'm doing when configuring my Internet access. The majority puts loads of crap on their system to feel secure, all they get is a lack of performance and the annoying popups you were talking about.

[divVerent]

Well, the main danger about such "security tools" is the "secure feeling", leading to overcompensation.

Some people think that just because they have an antivirus and a firewall, they can click on every EXE they find, even the ones they receive via email. That is WRONG. The problem is that this happens subconsciously - some people just feel much more secure and stop thinking about the ever present danger because that Norton face pops up every time they boot their computer.

If that effect weren't there, a personal firewall maybe still wouldn't help - but it wouldn't do any harm either. But this effect of overcompensation is just too real...

Oh, and another problem with personal firewalls... people tend to COMPLETELY DISABLE THEM when there is any kind of problem. If you can afford to disable your firewall, that means you obviously don't need it at all. OTOH, more than once a minute, everyone receives a data packet that tries to infect unpatched Windows systems. So if the firewall is all you do for security, you are screwed when you disable it for just one minute.

SPEAKING OF PATCHES. Windows users, keep your Windows current with Windows Update -> http://windowsupdate.microsoft.com. Same goes for Mac and Linux users - use the online update feature you have. Even Microsoft sometimes fixes a severe security hole (the one Blaster used was for example fixed a month before Blaster started spreading, so Blaster's "popularity" was a proof of how few people use the update feature), and the online update is the only way to get these fixes early enough.

Do not be afraid of Microsoft detecting that you are using a warez copy of Windows. They don't care. They won't give you service pack 2 and additional features, though, but you can still access the most important updates. Don't be afraid - they won't track you down and take your computer. Actually, warez is the main reason of WIndows' quasi monopoly position, and Microsoft knows that. If you aren't a company, MS doesn't care if you use warez or not, they just don't want you to use a competing OS...

[The mysterious Mr. 4m]

Blablabla... Just to let you know: I just installed _Comodo Personal Firewall_ and it looks okay.

Alternatives if you don't like Comodo:
http://www.iopus.com/guides/free-firewall.htm

To all who don't know the difference between a good and a bad firewall:
A GOOD firewall will at least TRY to control access TO and FROM your system. A firewall is like a boat: Even if it's leaking - you can still float for a while. It's much harder without one.

[divVerent]

To all who don't know the difference between a good and a bad firewall:
A GOOD firewall will at least TRY to control access TO and FROM your system. A firewall is like a boat: Even if it's leaking - you can still float for a while. It's much harder without one.

Sorry, reality isn't like that. You can do that for yourself and that's okay. But tell Joe User that he has a new firewall, and he WILL click on one EXE after the other. Why should he care about security, he has a firewall to do that.

If you KNOW that the firewall doesn't make you secure by itself, you can very well use one and MAYBE even gain more control using it.

BTW, tell me a firewall that does NOT try to control access to/from the system. You can even use iptables to only allow Firefox to make network requests. It even works. However, malware could just go outside using the web browser...

[PHREAK]

People need to realize that software firewalls are so easy to circumvent, thet using one is simply a waste of CPU/ram, etc.
Get a decent hardware option and watch what you do with your comp.
It's quite simple.
I'm not saying that hardware FW is PERFECT. But the shitties one beats the best foftware version out there.
Correct me if I'm wrong, but this has been my standard practice when it comes to PC use for years and I've yet to get a virus/troyan or have my sys hacked.

[tChr]

I dont use any koind ofSoftware firewall, I use external hardware firewalls (or more precisely, IP table controlns on the external linux riuter). HOwever I do Use anti-virus software

[divVerent]

People need to realize that software firewalls are so easy to circumvent, thet using one is simply a waste of CPU/ram, etc.
Get a decent hardware option and watch what you do with your comp.
It's quite simple.
I'm not saying that hardware FW is PERFECT. But the shitties one beats the best foftware version out there.
Correct me if I'm wrong, but this has been my standard practice when it comes to PC use for years and I've yet to get a virus/troyan or have my sys hacked.

You are partially wrong with that. A software packet filter like iptables, pf, ipf, ipfw or maybe even Win2k's IPSec polciies is just as hard to circumvent as a hardware firewall - namely, only if the OS has a serious security hole that can be used for that. Actually, many "hardware firewalls" are in fact Linux or BSD boxes in a small case, although the majority probably uses Cisco's own OS. All of them are basically software solutions, but run on dedicated hardware. Not that it would really matter, but see below.

Plus, hardware firewalls don't protect you from malware you start by cutting off their internet access. No, software firewalls can't do that either - it's just that they CLAIM to be able to do that, but it is known for a fact that these restrictions are easy to circumvent.

The reason why people prefer hardware firewalls over software solutions is another one. If the firewall gets hacked, you don't want the hacker to have full access to your important servers. This means two things:

• the firewall should run on dedicated hardware, so an attacker who successfully exploits the firewall doesn't have immediate access to your data. When you can't do that, run it on an UNIMPORTANT server. That is, if you have one - neither file, mail, print nor web servers are "unimportant enough" for that...
• if the firewall runs on another OS than your servers, an attacker who successfully exploited a flaw in the firewall OS can't use the same exploit to get access to your servers. This is the main advantage of "hardware firewalls", as you call them (although they DO run in software...). A dedicated Linux router firewalling a Windows network has the same advantage, but firewalling a Linux network with another Linux box won't protect you from attackers exploiting kernel flaws from the outside if there are any. But since nobody runs servers on Cisco's IOS...

[Ed]

I use a router that runs BSD and that provides a firewall. One advantage I see is that it protects every machine in our house at once. I don't think I'd ever buy a software firewall, I bought Norton Systemworks 2004 and it was the biggest waste of money I've aver spent on computers.