| Re: Leo Laporte says software firewall not needed! No, They were talking about security with Windows behind a router and that he does not install a firewall BUT uses the Firewall built within Windows with SP2 and all updates running. |
|
|
|
| reply to email scope
Anytime someones makes a blanket statement like you don't need a software/client firewall, it cracks me up. Context matter, it varies according to user needs and expectations. Other responders have given more than ample examples of situations in which having a software/client-based firewall is useful. Here's some more.
Suppose you have a LAN and you often invite friends, collegues, whomever, to hop on your network, even a malicous outsider clever enough to hop on to your wireless network. NOW YOU HAVE A PROBLEM! You potentially have a fox in the hen house! If that PC/laptop that has just joined your network is infected (knowingly or unknowingly), your router (and it's firewall) are USELESS! You're assuming that there are no ENEMIES WITHIN, again, knowingly or unknowingly. That's precisely why you LAYER protection! No one solution is comprehensive enough, nor anyone clever enough, to consider all contingencies. We use layering to protect ourselves from our own technological hubris!
Another problem, sometimes multiple users have different or unique needs wrt the firewall. A hardware router treats ALL users the same. Granted, you can muck around with it to configure specific users/MACs, but this may be impractical and limited. The hardware router may be content with one or more protocols/ports entering the network, but my wife or collegue may not. A software firewall permits fine tuning, per user.
Or suppose you have a laptop typically stationed on your LAN. Now you head out onto the road. Surprise, your dial-up connection has no protection! What am I suppose to do now?! Install and uninstall a software firewall every time I enter/leave my LAN? Heck no, instead I install a software firewall, configure it for the LAN, and then when I hit the road, I take those protections with me  No fuss, no muss.
And as others have mentioned, yes, it is useful to know what traffic is leaving your network. I want to know which apps are most active, and whether it's justified. There are apps I don't want "calling home".
Personally, I use a router and Norton Internet Security on the clients. Combination works quite well.
Again, the problem is the generalization about "need". You just can't generalize in this case. You don't have sufficient information about network usage, who's on it, wired vs. wireless, etc. The only generalization I believe you can make is, the key to security is
layering. Several layers of good security are usually better than one behemoth solution.
JMTC
eibgrad |
|
 C0deZer0Oc'D To Rhythm And PolicePremium
join:2001-10-03
Davenport, FL | reply to gate1975mlm
I think the important thing is that whatever method you do use, if you are competent enough to know how to properly configure it, you could have just one layer of protection, be it a software firewall, a router or simply port blocking altogether.
For those that already have a good router w/ hardware firewall, having a software firewall can needlessly consume precious system resources that could otherwise be used more effectively on other tasks. e.g. say you're setting up a Wintendo box. You go out of your way to find the fastest/most compatible drivers for the games you want to set up on it, endlessly tweak system internals and other some-such things, but then if you got an ever-present software firewall running, it could mean the difference between acceptable performance at a given setting while playing online vs. having choppiness and lag that would ultimately be frustrating. In this case, if you can have another piece of equipment (or dedicated hardware) handle this without requiring your main processor to address the issue, it is a win on your end.
In my case, I do a firewall setup much like I do my anti-spyware - in multiple layers.
I have a router (with latest available firmware), a software firewall integrated with my Antivirus (BitDefender Pro+), and Microsoft's Windows Firewall (simply because it's there).
--
VIA sux GameCube online CSS stats Fortress 4ever FLF |
|
 jig
join:2001-01-05
Hacienda Heights, CA | reply to gate1975mlm
i think leo has a point, but i also think he's representing the backlash there has been because most software firewalls have become cumbersome, confusing, and bloated. some even bug prone.
software firewalls are good to have handy for special circumstances, or if you have to be connected directly to a net over which you have no control. having one available at home is nice, but you shouldn't have to run it constantly, or feel like you do. |
|
| reply to gate1975mlm
I would just like to throw a different twist in this. If you have a capable software firewall (like ZA, Kerio, Sygate, etc), do you guys think it's still necessary to get a router to protect the PC? Why or why not? |
|
 Frydays
join:2005-10-21
South Padre Island, TX | reply to gate1975mlm
theres no need for a software firewall none at all after u get a router leo is correct |
|
 underlord2Lolcat is LolPremium
join:2005-01-06
Belleville, MI
 ·AT&T Yahoo
| reply to gate1975mlm
Although I have Spybot, Adaware, Mcafee antivirus, and a router, (Using firefox and opera) I feel 99.9% safe right now compared to 10 months ago just using Internet Explorer alone 
--
Etanod esaelp, pihsrebmem muimerp eerf tnaw I! |
|
| reply to gate1975mlm
First I think Leo is nothing more the a tech wannabe. I never liked him or the stupid TechTV show Call for help.
I have never used a software firewall and never will. All I use is a router, I don't even install any anti-virus crap, and I only scan for adware about ever other month. Why? Because I know what I am doing! In 10 years I have never used anti-virus software and I have yet to have a virus to begin with.
My 2 cents |
|
| reply to eibgrad
eibgrad,
When you "configure it for the LAN, and then when I hit the road, I take those protections with me", I hope you remember to use a set of rules appropriate for the new location.
I see you have NIS so here is a reminder from the NIS2004Pro Help:
Use Network Detector to create and customize security settings for different networks. This makes it easy for mobile users who connect to the Internet from the road to stay protected at all times.
joselso. |
|
 hhawkmanPremium
join:2001-02-08
Port Hueneme, CA
 ·RoadRunner Cable
| reply to PentiumIII
said by PentiumIII:I would just like to throw a different twist in this. If you have a capable software firewall (like ZA, Kerio, Sygate, etc), do you guys think it's still necessary to get a router to protect the PC? Why or why not? The Key word here is "capable", and it's a 2 way street. There are many Software firewalls, and PROPERLY CONFIGURED, No, you don't need a hardware firewall.
I played with ZAPro not long ago, One of the first things that popped up was "IEXPLORE.EXE is attempting to access the internet Allow?". It actually confused me for a minute. OF COURSE I'll allow it, what a stupid question, I thought. Then after I enabled it, I thought some more. Hmmm, maybe I should look at where it's connecting to. DNS Server, no problem, but wait, I thought DNS was handled by some process external to IE. Now I'm really confused. Then I started second guessing every popup that came through. Eventually, I had screwed up the rules so much, nothing worked.
It was like being in networking 101 class. what ports do I allow, and to where? I'm not an "expert" in networking, but I'm no slouch either. I ended up feeling really stupid. By the time I figured I got everything perfect, and started running speed tests with and without the hardware firewall, I had 27 viruses on my machine.
A software firewall is only as good as it's configuration. And unless you know what you are doing, it's easy to expose yourself without meaning to. (maybe I should rephrase that last part ) |
|
| reply to gate1975mlm
Share your computer with your 6 kids ages ranging from 19 to 7, kids who only want the computer to go when they say so, kids who put any cd they find into the computer and load programs (they come in cereal boxes), kids who have no ideal how a computer works, only know how to turn their favorite game on and somehow are able to find teen chat websites that run on java. There are so many programs listed in the firewall it's not funny. Most are blocked, but when the kids ever figure out how to use the firewall program........ |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4
1 edit | reply to salzan
said by salzan:The way I see it, the idea is to keep something from getting out as much as keeping something out. On a machine without a software firewall, should malware somehow get installed on the computer, you have no idea when it's calling home (with any info it's looking for). With a software firewall (especially if it's admin is password protected) you at least have a reasonable chance of getting a warning that something's wrong. Why do you think you need a software firewall to know what calls home/gets out? Use KIS 2006 (when it's out) or ProcessGuard. Why use a software firewall?
--
Around 2005 a sudden spark will catalyze a Crisis mood. The very survival of the nation will seem to be at stake.Sometime before 2025, America will pass through a great gate in history. The risk and promise will be very high. The Fourth Turning Wm. Straus |
|
| reply to gate1975mlm
Leo is absolutely correct. There is no need for a software firewall if you have a router with built in NAT, which most do. Now, as several people have already stated, a software firewall does monitor outgoing trafiic, but, hopefully you KNOW what's going out. I have gone both ways as far as using a software firewall or not and never had any problems either way. It's all about your personal preference.
--
Spread Free Opera. Fastest browser on Earth or in Cyberspace!! |
|
| reply to gate1975mlm
I don't run a software firewall, because:
a.) I run a router
b.) I block ports within my OS
Guess to be fair, I should mention I don't run Windoze. 
Leo should have recommended people buy a Macintosh
--
FEMA = Federal Emergency Mismanagement Agency |
|
| I think Leo's advice is good for people running non-Microsoft OS's (Mac OS X, OS/2 and unix-based OS's come to mind). For Microsoft boxes? a SW firewall is a definite must. Personally I have Sygate PF, free, solid, customizable. |
|
 mmtxnetPremium
join:2004-11-11
Irving, TX | reply to gate1975mlm
I think that depending on the hardware firewall it is true.
that you dont need a software firewall. But it dosnt hurt have a software firewall with a hardware firewall. It makes it anoying to have to configure both for services behind it. |
|
mmtxnetPremium
join:2004-11-11
Irving, TX | reply to PentiumIII
I would have a hardware firewall hands down over software. Or use software as my second option. Now if you are running one of those "NAT Firewalls" remember those aren't really firewalls. |
|
Reviews:
 ·Frontier FiOS
2 edits | reply to gate1975mlm
As in many things... it all depends upon...
something.
I would like to say that I am glad that I have set up my computer illiterate parents with a router AND software firewall. My dad does his taxes and other financial (investments) stuff on the computer. I set them up as custom power users with firewall rules to alert them (and block) unsolicited outgoing/incoming requests. I also have anti-virus and W2K setup with restrictions and no popup choices to make. I have only received one or two calls usually very minor. I also bought him a W2K for dummies book!
edit: as for my systems, i have a mixture of setups-- some with nothing, some w/ software firewalls and/or antivirus and/or anti-other-malware all behind a router. it all depends upon your needs and what you have to loose or how confident/paranoid you are. but to tell everyone they dont need something is stupid. |
|
mmtxnetPremium
join:2004-11-11
Irving, TX | reply to salvestrini
even running OS X or Unix a firewall is must no matter what OS you are running. |
|
