Firewall conflict problems
December 29, 2007 8:50 AM   Subscribe

They wont necessarily "conflict" in the classical sense (like 2 pieces of software running on the same computer)... but you may find instances where Mcafee is blocking something you configured your router to allow (or vice versa). As long as you keep track of how you have configured both of them, you shouldnt have any problems. (in my 15 years of doing PC/Network support, I've never seen a software firewall conflict with a hardware-firewall)

Firewall enthusiasts will argue that you might actually want to consider running both, because consumer-brand routers (Linksys, D-Link,etc) are not actual "true firewalls" but just NAT redirection, which protects you, but is not technically a firewall in the strict definition. (although in recent years, the options in the web-management interface of routers like Linksys/D-Link have really expanded and provided much more functionallity)

On my system at home, I do NOT run a software-firewall, just relying on my Linksys router. (mostly for simplicity sake) For anti-virus I run NOD32 and Windows Defender.
posted by jmnugent at 8:58 AM on December 29, 2007

A 'conflict' sounds like a load of hoodoo to me. If the Linksys unit is doing that, it's defective and/or buggy, pure and simple.

If you have a recent WRT54G or GS, that's probably the problem. These units used to be phenomenally good, running Linux and being highly hackable. To save money on manufacture, Linksys cut the memory in half and dropped Linux, substituting the slow and sucky VxWorks instead. Ever since, the basic G and GS units have been piles of shit.

The best remedy is to get a WRT54GL, which is the old, large memory version with a default Linux firmware. As a cheaper option, you can put a small version of DD-WRT on your existing G or GS. DD-WRT is a free Linux-based open firmware. The normal, full version isn't much different from having a tiny Linux server, but the mini version to run on the G and GS is fairly feature-limited.

It will, however, function very nicely as a router, firewall, and wireless access point. As long as you run WPA2 encryption, rather than the weak WEP, you can probably drop the software firewall entirely, and save yourself some money and hassle. I suggest turning off UPnP. This allows computers behind the firewall to invisibly open ports. This is nice for ease of use, but it's quite insecure. It's better to always manually open ports you want open.

I don't think you'll ever see the bug you mentioned crop up with a Linux firmware, so you should be fine to run McAfee also if you wish.

jmnugent is wrong, btw. Virtually all modern consumer-level router/APs are fully functional firewalls in all senses of the word.
posted by Malor at 9:21 AM on December 29, 2007

You're probably better off without the PC firewall software. Your Linksys router will act just fine as your firewall. Be sure to keep anti-virus software on your PC, though. And I'm assuming your PC isn't a laptop that you take outside your house sometimes.

The explanation about why your router locked up was nonsense. The truth is consumer routers are pieces of crap that fail all the time. If your router fails like this a couple more times the hardware is probably failing and it's time to throw it out and get a replacement.
posted by Nelson at 9:33 AM on December 29, 2007

Having a software firewall these days is more than just for incoming traffic. They also protect you from spyware/trojans trying to phone home. So, by all means, keep your software firewall. It's incredibly unlikely that the scenario they're depicting is correct. It's more likely that drivers were corrupted when you rebooted.
posted by IronLizard at 9:50 AM on December 29, 2007

About the only, ONLY software firewall I'd ever recommend to anyone is blackice OR Kaspersky, and only one of those to someone NOT behind a router.

DO turn OFF the setting that allows you to access your router from outside the network. DO change the default password.

Everything Norton/Symantec has made since circa 1996 is literally stealing your money.
posted by TomMelee at 11:20 AM on December 29, 2007

I've never found any use for Anti-Virus or Software Firewall software. They can and do cause problems. Do what you want with it, but I would take what front-line tech support agents say with a huge grain of salt.
posted by jeffamaphone at 6:27 PM on December 29, 2007

I've never found any use for Anti-Virus or Software Firewall software.

This, ladies and gentlemen, is how a virus remains in circulation for years after it's been removable by nearly every A/V package available.

But yes, Norton is bloated crap that slows down your PC far more than it should.
posted by IronLizard at 2:04 AM on December 30, 2007

This, ladies and gentlemen, is how a virus remains in circulation for years after it's been removable by nearly every A/V package available.

Bullshit. Not installing security patches is how they stay in circulation. People who click "yes" to any install prompt they see and open and forward any random stupid e-mail they get are how they stay in circulation. Anti-virus software provides the illusion of security by giving people a faulty crutch that causes more problems than they solve.
posted by jeffamaphone at 10:58 AM on December 30, 2007

So I guess you didn't hear about the windows flaw that allowed a worm to enter the system with no user interaction whatsoever and went unpatched for a few months? How many other things have you missed? Don't bother getting pedantic about the virus/worm thing, AV software is for both. The problem with patches is that they are often distributed long after the flaw has been exploited. Good heuristics give you a chance against even undiscovered malware (AntiVir seems to do fairly well here).
posted by IronLizard at 10:32 PM on December 30, 2007

« Older Looking for tested, proven din...   |   Why don't small countries use ... Newer »