LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 11-26-2007, 03:52 PM   #1
Mega Man X
Guru
 
Registered: Apr 2003
Location: ~
Distribution: Ubuntu, FreeBSD, Solaris, DSL
Posts: 5,339

Rep: Reputation: 63
Windows: Do I really need a firewall (Software-wise)


So, this is more a Windows question, but it could also help someone with Linux, I guess.

The thing is, for quite a long time, I've been using ZoneAlarm - Free Edition. I don't really have any problems with it. It does, use some resources according to benchmarks and can even slow down a few games, but I can accept that. ZoneAlarm, however can be very annoying when you try to play a game, especially games that update themselves, such as WoW, Guild Wars or Steam games.

In some cases, forgetting to add a game to ZoneAlarm "trusted" program, may even lock your computer when the game tries to connect to the Internet, for example, San Andreas multiplayer and Dungeon Siege 2.

Another issue is in the case I try to remotely connect to my machine, either with VNC or whatever, install a program remotely and that program asks to grant connection to the Internet. That can't be done remotely, because ZoneAlarm won't let me to click on the checkbox/Allow button through a VNC session. There might be ways to get around this though, but I never really searched for a solution for this.

I am behind a router, which also acts as a firewall. All my ports are closed, except for the ones I open to uTorrent. Common server ports such as web and ftp-servers: all closed. The router is an older SMC which I've been very happy with for the past years: Simple interface, good firmware updates, can be configured from any Browser with any OS.

The problem is, in one of my computers, I am using Vista and ZoneAlarm won't play nicely with it. I can even get some BSOD because of it. So either I use the inbuilt Windows Firewall or try to find something else.

But the question is: Considering I already have a Firewall (within my router), do I really need another Firewall/Program on my Windows machine? I am afraid of the limitations of Windows Firewall (especially the XP one), but using another program asking all the time to "allow the program to connect" seems to be a bit overkill. Besides, it does use resources that apparently the Windows Firewall doesn't. It also slightly increases the time to startup and shutdown the OS.

So, I know that the most paranoid will want to have a "better" protection than Windows Firewall, but do I really need it?. It feels like I am wasting more time clicking on "allow" checkboxes with ZoneAlarm than I need (or want) to and I am not sure that it is really increasing my security, since I have already a router/firewall.

Note: I can't build one Linux box just to use as a firewall. If I could do that, I would not be using my router, but a Linux box for that as well .

Suggestions?

Thanks in advance!

Last edited by Mega Man X; 11-26-2007 at 04:25 PM.
 
Old 11-26-2007, 04:05 PM   #2
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware 14.1 64-bit with multilib
Posts: 2,074

Rep: Reputation: 193Reputation: 193
If you have a NAT router, then running a software firewall is in most ways just pointless, unless you are worried about spyware suddenly getting on and trying to 'call home' but I assume that you are well aware of not running in admin mode in the first place (but who knows, whatever game you decide to play might want admin privleges). Knowing how to use port triggering and port forwarding can be very useful if you need to play games and access your machine from another computer outside your network, (of course consult the documentation for your router).

I stopped using a soft. firewall immediately after I got a NAT router. Just no real point in my opinion. Now my desktop is Linux, and I don't bother with any firewall scripts and such. I'm behind a router, and never work as root, and I keep up with security updates for my distro as well as turn off any unneeded services, so I'm as secure as I am ever going to be.
 
Old 11-26-2007, 04:08 PM   #3
pljvaldez
Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Squeeze (x86)
Posts: 6,092

Rep: Reputation: 269Reputation: 269Reputation: 269
There are really two reasons for using a software firewall in your case. The first is that I'm pretty sure your router may be "allow all" from your network to the internet. This is bad in the event you get infected with something on windows because most home routers won't stop your machine from connecting outbound, just stop any inbound traffic. I may be wrong about that behavior, but I know my Linksys WRT54G did it until I went and installed a third party firmware that I could load a more rigorous firewall to it.

The second reason for a software firewall is if another machine on your internal network gets infected, then it could attack local machines without passing through the firewall.
 
Old 11-26-2007, 07:21 PM   #4
Mega Man X
Guru
 
Registered: Apr 2003
Location: ~
Distribution: Ubuntu, FreeBSD, Solaris, DSL
Posts: 5,339

Original Poster
Rep: Reputation: 63
Hi there guys. Thanks a lot for the help. Very interesting points. I think I will consider using only the Windows Firewall. It does not feel like something heavier really is necessary with my current configuration. And Windows Firewall is not at all annoying, not as much as ZoneAlarm at least

Interesting also how a virus/spyware could spread through my home network behind the firewall. I haven't thought about that .

Running as non-admin in Windows is relatively hard. Many programs won't run and games are definitely on the top of the list that requires admin to run.

I will see if I can find any alternative firmware to my router just in case. It has not control for outbound trafic, as pljvaldez mentioned.

Anyway, thanks again for the help. Time to do some google-digging now

Cheers!
 
Old 11-26-2007, 10:26 PM   #5
corbintechboy
Member
 
Registered: Sep 2003
Location: Kentucky
Posts: 480
Blog Entries: 1

Rep: Reputation: 51
I don't run a software firewall on my machine. I have a firewall in my router and modem and feel this is a waste of resources. I frequent sites I know are safe like here at LQ and a few other sites and email and such. I watch and make sure I do nothing that would compromise security on my system and I run spyware tools often. GRC on my machine returns a full stealth rating and I don't even answer pings, so from a hackers standpoint I don't exist! I feel if you know what you are running there really is no reason to fear outbound traffic. Would I recommend that my mother not use a software firewall? No...She should use one as she don't know the difference between a system service and a rogue program, but for us that have some knowhow I would say we are safe with the firewalls that are provided with our routers. As far as the windows firewall goes.... It's a waste it will let the program access the net while showing the permission dialog behind the program it's asking about. Only thing I have found it to be good at is if you direct connect it will not answer pings and will report a stealth status on GRC, but your router should already do that so I would call Windows firewall (although lite) a waste of resources.

Hope I was a help!

BTW-I am also a gamer and have no problems at all and don't have to worry about a program I clicked (and obviously want launched) popping up and asking if I am sure I want to do this! I clicked it...LOL well YES!
 
Old 11-27-2007, 03:32 AM   #6
Mega Man X
Guru
 
Registered: Apr 2003
Location: ~
Distribution: Ubuntu, FreeBSD, Solaris, DSL
Posts: 5,339

Original Poster
Rep: Reputation: 63
Hey corbintechboy!

Thanks for the tip. I went to GRC and tested my security with their shield's up. It has been a long time since I last did anything like this. I am glad you pointed me there .

I had two problems with my current settings: Port 113 was being reported as closed and my computer was responding to pings. That is bad, if we want to surf stealthily.

With a little tweak in my router settings, I forwarded port 113 to "nowhere", instead of closing it and chose to hide my IP. Now I get this beautiful message:

Quote:
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.
It is good to hear "very nice" sometimes. More often than not I hear "you suck", lol. Oh well, thanks again to you all
 
Old 11-27-2007, 08:28 PM   #7
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,283

Rep: Reputation: 1088Reputation: 1088Reputation: 1088Reputation: 1088Reputation: 1088Reputation: 1088Reputation: 1088Reputation: 1088
In most cases, there is no "bright-line rule" that will allow one to distinguish between "an 'outside connection' that should always be accepted" from "an 'outside connection' that should not be allowed." All of the incoming TCP/IP connections are coming into the same interface, and there is no "'local' network." In such a situation, a firewall has nothing to do.

But Windows computers, by default, are still "notoriously friendly." They're running all sorts of services, as though they were connected to "nothing more than an internal, implicitly-trusted network." (And they are probably running all those services, indiscriminately, under a user-identity that is "effectively root.") Not good.

Your firewall, in this situation, cannot protect you because it has no useful rules that would apply: all it can do is to pester you. Useless...

What you need to do, instead, is to shut down those Windows services ... lock-down your computer so that it does not attempt to "share" with the outside-planet.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
router billion 5102 has firewall and software firewall tests aus9 Linux - Security 6 12-31-2006 10:09 PM
delete files date wise hardeep_ubhi Linux - General 1 11-16-2004 02:07 AM
Is it wise to change permissions ? glenn69 Linux - Newbie 1 05-04-2004 08:49 PM
bandwidth allocation by user wise and ip wise basbosco Linux - Networking 1 11-12-2003 02:54 AM
is it wise to upgrade to kernel 2.4.21 duister Slackware 26 08-16-2003 03:39 PM


All times are GMT -5. The time now is 11:25 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration