OT: Which firewall is best? - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: OT: Which firewall is best?

only.invalid says...
Quoted text here. Click to load it

But that's because you are aware, others, most people, don't have a
clue.

Quoted text here. Click to load it

But you just showed a application/device that punches holes in XP and
doesn't even alert the user - why discount this SERIOUS flaw/threat?

Quoted text here. Click to load it

If you had a quality device you could run SIP and VOIP through a
firewall appliance, prioritize traffic, and not have any issues.

You could also put the VOIP device as the first device, many of them
have NAT and several ports built into them for users to access as a LAN
- serves the same purpose.

Quoted text here. Click to load it

And what good is it if the firewall app asks/alerts the user and they
blindly click OK/Accept?

Quoted text here. Click to load it

Only if you monitor, routinely, all exceptions and your OS is fully
patched and there are no 0-day exploits being hit.

Quoted text here. Click to load it

And that's what we're talking about - Windows XP firewall is very
commonly NOT configured properly, not to mention the ease that apps
punch holes through it.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: OT: Which firewall is best?

Quoted text here. Click to load it

It allows me to attach a network storage device to my LAN. That in turn
allows me to attach several USB storage devices. :o)

Even without other 'devices', it is nice to have a "firewall", dropping
init packets, that can't be configured by possibly malicious software
running on the "protected"
network's computer. If some outbound filtering is also done by the
"firewall" it's a plus (value added feature).

The key element in a "firewall" is that it stands *between* the
protected network and the possibly hostile network.

Personal firewall applications are only an attempt to bring real
firewall features "onboard" the computer and they *do* serve a useful
purpose. Having a device is better as far as the "firewall" goes - even
if some "features" are lost in the process.



Re: OT: Which firewall is best?

FromTheRafters wrote:
Quoted text here. Click to load it

But isn't the router just a box containing and running some filtration
software? ...and how is that better than that same software running
inside the 'box' of your computer?
It's not like bad packets are going to leap off the circuitry and start
to form a slime mold on the inside of the case.

Re: OT: Which firewall is best?

Quoted text here. Click to load it

Because the ADMIN of the computer doesn't control the BOX, and the BOX
has a lot less code to check, less services to check, etc....

If you want a Firewall based on a OS + Firewall App, you really need one
of two things - Dedicated Server with Firewall app and at least 2
network cards or a quality firewall application on a computer were the
users have no local control of the firewall application and monitor the
rules/in/out.

Just a few years ago AOL software installed HOLES in Windows Firewall
each time you installed it, and so did many others and some still do.

If the user of the computer can't control the firewall there is a better
chance that neither will malware and that the user won't screw up the
firewall either - notice I said BETTER.

In the case of the windows firewall it's really a bad product that was a
good idea that didn't really do what it should have done.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: OT: Which firewall is best?

Leythos wrote:
Quoted text here. Click to load it

So the advantage is more from an network admin POV?
I guess being a single owner/user of this machine allows a freedom from
worrying about whatever 'others' down line might do. No network here
other than connection to the internet or usenet.
...and certainly no AOLuser software <g>

Re: OT: Which firewall is best?

Quoted text here. Click to load it

No, the advantage is a product that you know your software and malware
is not going to punch holes through, that malware is not going to punch
holes through, that no matter how badly you configure your windows
firewall, that you're still protected from unsolicited inbound traffic.

Sorry, you're mistaken on the "no network here...". Your network is the
same as any network connected directly to the internet - you are more
exposed and more vulnerable and more likely to be hacked than anyone
with a NAT router.

1 computer or 10000000 computers, if they are used by people they should
not be connected directly to the internet, even more so if they are
typical windows/linux/mac computers.


--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: OT: Which firewall is best?

Leythos wrote:
Quoted text here. Click to load it

I wasn't advocating for the native windows firewall,
but some second party software like ZA etc.

Quoted text here. Click to load it

Maybe I have an unreasonable trust in my systems immunity,
you're certainly welcome to try and hack it.

Quoted text here. Click to load it

Don't know what's 'typical' these days
but from the level of hysteria that router talk generates,
I guess I'm atypical.

Re: OT: Which firewall is best?



ASCII wrote:
[snip]
Quoted text here. Click to load it
Unreasonable trust? Seems like I heard you cutting someone down, hard, for a
similar post.
WTF are you coming from? Ninth grade?
Buffalo



Re: OT: Which firewall is best?

Buffalo wrote:
Quoted text here. Click to load it

Your faulty memory aside,
I'll extend the challenge for you too to try and hack me.
Just remember as low as you try to label me,
it only illustrates the simplicity of challenge you fail to meet.
So think you can overwhelm a ninth grader huh?

Re: OT: Which firewall is best?



Quoted text here. Click to load it

Well if you're not going to be an advocate for the windows firewall
then I will. Don't listen to Leythos' rubbish. It's full of half
thought out nonsense.

There is absolutely nothing wrong with the windows firewall. It is
light on resources by comparison to some of the other third party
security systems which attempt to take over your computer and has an
excellent record for not misfiring. Something that can't be said of
zonealarm. Of the immense number of problem posts I've come across
over the years where the issue was a misfiring firewall or security
system, windows firewall is almost never the culprit.

This software he mentions doesn't "punch holes" in the firewall at
all. If you configure the firewall to allow connections on a
particular port then that's what it will do. What do you want it to
do? Disobey your instructions?

Now if you value the outgoing notification of resource guzzling third
party firewalls then by all means use one, but expect an overhead not
only in resources but also when you are tearing your hair out because
you can't connect. You're telling yourself to change ISP's and all the
time it's your own firewall causing the problem. Of course you have to
also bear in mind that for something to be notified as outgoing it
means it's already running on your pc and could therefore stop such
notification if it wanted to. So you tend to find that these
notifications are for things that don't mind getting caught like Real
Player profiling. Anything that seriously wanted to subvert your
outgoing notification could do so easily by (say) pretending to be
your browser which already has an established outbound path through
the firewall.

As regards the other issue of whether a nat device is useful between a
single pc connection to the Internet. It certainly is, but the idea of
it being a separate device and therefore it can't be controlled by a
compromised computer isn't quite right. If the router has upnp enabled
it may well be re-configured by the compromised pc

This post by David Hodgins refers. (Good heavens it was nearly a year
ago! Doesn't time fly?)
http://groups.google.co.uk/group/alt.comp.anti-virus/browse_thread/thread/547ae583f3c8c754?hl=en&q=soap+group:alt.comp .*+author:David+author:W.+author:Hodgins#f27c81b8221b86ac
http://preview.tinyurl.com/btrv7j
http://tinyurl.com/btrv7j


Jim.


Re: OT: Which firewall is best?

Quoted text here. Click to load it

Nope, I was very specific and stated exactly what the problem is with
windows firewall - go back and read it again.

Quoted text here. Click to load it

Windows firewall runs blind, meaning that applications put holes in it
without the user really knowing that it's being done - the old "Since
you're installing our program you must have also wanted a hole in the
firewall, but we're not going to make a big deal about that hold and
tell you or anythign".....

Oh, and lets not forget that many systems come with File and Printer
sharing enabled and that a LOT of people don't use a password....

Quoted text here. Click to load it

No, many applications DO PUNCH HOLES IN THE WINDOWS FIREWALL, and they
do it without specifically warning you about it - they might say "do you
want xxxxx to configure windows firewall to work with our program?", and
users are going to click "YES" most of the time - and what you'll find
is that most of the time the INBOUND Exception is not needed to use the
features that they wanted to punch the hole for.

Quoted text here. Click to load it

Just so you understand, I'm not advocating another Soft firewall on the
PC, I'm not suggesting that Windows Firewall be disabled, I'm adding a
device to the network to limit the exposure to the PC from outside.

Quoted text here. Click to load it

UPnP should be disabled on any router, and on most of them it is
disabled, some vendors shipped with it enabled by default, others with
it disabled, most have learned to send out disabled by default.

So, other than a UPnP enabled router, by your own post, my statement
stands as correct - Windows firewall is about useless for most people
because of the default holes by many vendors, by holes that applications
put in the exceptions that people don't actually understand. I'm not
advocating that it be disabled or replaced, only that a cheap,
inexpensive NAT router is a better security device than the Windows
Firewall.

One thing that the NAT Router will do in most cases - shows OUTBOUND
TRAFFIC and Who is connected on the LAN side of it. Many NAT routers can
also BLOCK OUTBOUND traffic, and if you have several computers, the
ability to monitor outbound is a great security tool.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: OT: Which firewall is best?

spam999free@rrohio.com says...
Quoted text here. Click to load it


The is where Leythos exposes the real heart of the Windows XP Firewall
dilemma. The poor dumb user has no clue what they have just done.

**********************************************************************

To enable the wizzbang features of our wonderful application software
you need to enable a firewall connection to Wizzbang dot com.

        Do you wish to allow this connection?

        Yes            No            Gosh, why not? I'm feeling lucky!

******************************************************************

From this point on the user no longer exercises control over his
computer. It belongs to Wizzbang, whoever the hell they are. Thus a
path is created through the Windows XP Firewall. For security purposes
we can call that a hole. What else could it be called? This is a very
bad security practice. The user has no way of judging the security
implications of the requested action to allow connection. It's a blind
choice.

Quoted text here. Click to load it

I find it amazing how many programs request server status and thus
claim they need to listen to an open port. AAAAAHHHHH! A very great
deal of this stuff is absolute nonsense.

In addition many users are not even aware of the fact that Windows XP
Firewall filters only inbound traffic. Or they fail to understand the
security implications of that fact.

--
James E. Morrow Email to jamesemorrow@email.com --

                MICROSOFT ERROR

A Microsoft Error has occurred. All user data will be irretrievably
lost. Your Windows configuration is invalid. Windows will now close.
Thank you for using Microsoft, THE POWER OF INNOVATION.

Re: OT: Which firewall is best?

wrote:

Quoted text here. Click to load it

How do I check this? I have a WRT54G.

--

Dennis

Re: OT: Which firewall is best?

nobody@nowhere.invalid says...
Quoted text here. Click to load it

Logon to it, then go through the menu and settings - you will find a
option for it on one of the pages.

A quick google search indicates the UPnP setting is on one of the Admin
pages.


--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: OT: Which firewall is best?


Quoted text here. Click to load it


See http://register.wireless.utoronto.ca/?page=linksys

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)


Re: OT: Which firewall is best?


wrote:

Quoted text here. Click to load it

You weren't specific at all. I'm not re-reading your drivel.

You are well known for talking crap and when you mislead people it
needs to be pointed out. Now and in the future.


Jim.


Re: OT: Which firewall is best?



Quoted text here. Click to load it

My current recommendations ...

Use a nat router that defaults to having upnp disabled (and keep upnp
disabled.
Change the ip address of the router to something other then the default.
Change the admin loginid, and password.
Don't use dns server addresses returned from dhcp.  Hardcode the
addresses in the network connection setup.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)


Re: OT: Which firewall is best?

James Egan wrote:
Quoted text here. Click to load it

Maybe I should restate so that my comments won't carry a false
assumption of attack of the native firewall.
I was referring to something that has stateful outbound packet
evaluation which I don't believe my onboard FW has.
If there's no malware installed in the first place that capability isn't
needed, and if there IS malware afoot then all bets are off as to what
can and likely will happen.

Quoted text here. Click to load it

FWIW: Participation in usenet fora is an occasional educational
experience and a constant entertainment, therefore I don't take
intentional slurs and derogatory comments as more than circumstantial
chaff.

Re: OT: Which firewall is best?



ASCII wrote:
Quoted text here. Click to load it

That's good,
 I believe you will be getting a lot more, so you should look forward to
really being entertained.



Re: OT: Which firewall is best?

jamesemorrow@email.com says...
Quoted text here. Click to load it

Just imagine all the crap that Instant Messenger (various vendors)
installs in order to get more control - so many things installed, so
many holes...

I use to try and petition ISP's to enabled NAT on their residential
routers by default, but it was on deaf ears in most cases.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Site Timeline