Windows: Do I really need a firewall (Software-wise)
GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Windows: Do I really need a firewall (Software-wise)
So, this is more a Windows question, but it could also help someone with Linux, I guess.
The thing is, for quite a long time, I've been using ZoneAlarm - Free Edition. I don't really have any problems with it. It does, use some resources according to benchmarks and can even slow down a few games, but I can accept that. ZoneAlarm, however can be very annoying when you try to play a game, especially games that update themselves, such as WoW, Guild Wars or Steam games.
In some cases, forgetting to add a game to ZoneAlarm "trusted" program, may even lock your computer when the game tries to connect to the Internet, for example, San Andreas multiplayer and Dungeon Siege 2.
Another issue is in the case I try to remotely connect to my machine, either with VNC or whatever, install a program remotely and that program asks to grant connection to the Internet. That can't be done remotely, because ZoneAlarm won't let me to click on the checkbox/Allow button through a VNC session. There might be ways to get around this though, but I never really searched for a solution for this.
I am behind a router, which also acts as a firewall. All my ports are closed, except for the ones I open to uTorrent. Common server ports such as web and ftp-servers: all closed. The router is an older SMC which I've been very happy with for the past years: Simple interface, good firmware updates, can be configured from any Browser with any OS.
The problem is, in one of my computers, I am using Vista and ZoneAlarm won't play nicely with it. I can even get some BSOD because of it. So either I use the inbuilt Windows Firewall or try to find something else.
But the question is: Considering I already have a Firewall (within my router), do I really need another Firewall/Program on my Windows machine? I am afraid of the limitations of Windows Firewall (especially the XP one), but using another program asking all the time to "allow the program to connect" seems to be a bit overkill. Besides, it does use resources that apparently the Windows Firewall doesn't. It also slightly increases the time to startup and shutdown the OS.
So, I know that the most paranoid will want to have a "better" protection than Windows Firewall, but do I really need it?. It feels like I am wasting more time clicking on "allow" checkboxes with ZoneAlarm than I need (or want) to and I am not sure that it is really increasing my security, since I have already a router/firewall.
Note: I can't build one Linux box just to use as a firewall. If I could do that, I would not be using my router, but a Linux box for that as well .
Thanks in advance!
Last edited by Mega Man X; 11-26-2007 at 04:25 PM.
If you have a NAT router, then running a software firewall is in most ways just pointless, unless you are worried about spyware suddenly getting on and trying to 'call home' but I assume that you are well aware of not running in admin mode in the first place (but who knows, whatever game you decide to play might want admin privleges). Knowing how to use port triggering and port forwarding can be very useful if you need to play games and access your machine from another computer outside your network, (of course consult the documentation for your router).
I stopped using a soft. firewall immediately after I got a NAT router. Just no real point in my opinion. Now my desktop is Linux, and I don't bother with any firewall scripts and such. I'm behind a router, and never work as root, and I keep up with security updates for my distro as well as turn off any unneeded services, so I'm as secure as I am ever going to be.
There are really two reasons for using a software firewall in your case. The first is that I'm pretty sure your router may be "allow all" from your network to the internet. This is bad in the event you get infected with something on windows because most home routers won't stop your machine from connecting outbound, just stop any inbound traffic. I may be wrong about that behavior, but I know my Linksys WRT54G did it until I went and installed a third party firmware that I could load a more rigorous firewall to it.
The second reason for a software firewall is if another machine on your internal network gets infected, then it could attack local machines without passing through the firewall.
Hi there guys. Thanks a lot for the help. Very interesting points. I think I will consider using only the Windows Firewall. It does not feel like something heavier really is necessary with my current configuration. And Windows Firewall is not at all annoying, not as much as ZoneAlarm at least
Interesting also how a virus/spyware could spread through my home network behind the firewall. I haven't thought about that .
Running as non-admin in Windows is relatively hard. Many programs won't run and games are definitely on the top of the list that requires admin to run.
I will see if I can find any alternative firmware to my router just in case. It has not control for outbound trafic, as pljvaldez mentioned.
Anyway, thanks again for the help. Time to do some google-digging now
I don't run a software firewall on my machine. I have a firewall in my router and modem and feel this is a waste of resources. I frequent sites I know are safe like here at LQ and a few other sites and email and such. I watch and make sure I do nothing that would compromise security on my system and I run spyware tools often. GRC on my machine returns a full stealth rating and I don't even answer pings, so from a hackers standpoint I don't exist! I feel if you know what you are running there really is no reason to fear outbound traffic. Would I recommend that my mother not use a software firewall? No...She should use one as she don't know the difference between a system service and a rogue program, but for us that have some knowhow I would say we are safe with the firewalls that are provided with our routers. As far as the windows firewall goes.... It's a waste it will let the program access the net while showing the permission dialog behind the program it's asking about. Only thing I have found it to be good at is if you direct connect it will not answer pings and will report a stealth status on GRC, but your router should already do that so I would call Windows firewall (although lite) a waste of resources.
Hope I was a help!
BTW-I am also a gamer and have no problems at all and don't have to worry about a program I clicked (and obviously want launched) popping up and asking if I am sure I want to do this! I clicked it...LOL well YES!
Thanks for the tip. I went to GRC and tested my security with their shield's up. It has been a long time since I last did anything like this. I am glad you pointed me there .
I had two problems with my current settings: Port 113 was being reported as closed and my computer was responding to pings. That is bad, if we want to surf stealthily.
With a little tweak in my router settings, I forwarded port 113 to "nowhere", instead of closing it and chose to hide my IP. Now I get this beautiful message:
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.
It is good to hear "very nice" sometimes. More often than not I hear "you suck", lol. Oh well, thanks again to you all
In most cases, there is no "bright-line rule" that will allow one to distinguish between "an 'outside connection' that should always be accepted" from "an 'outside connection' that should not be allowed." All of the incoming TCP/IP connections are coming into the same interface, and there is no "'local' network." In such a situation, a firewall has nothing to do.
But Windows computers, by default, are still "notoriously friendly." They're running all sorts of services, as though they were connected to "nothing more than an internal, implicitly-trusted network." (And they are probably running all those services, indiscriminately, under a user-identity that is "effectively root.") Not good.
Your firewall, in this situation, cannot protect you because it has no useful rules that would apply: all it can do is to pester you. Useless...
What you need to do, instead, is to shut down those Windows services ... lock-down your computer so that it does not attempt to "share" with the outside-planet.