Software Firewalls
October 26, 2004 8:49 AM   Subscribe

Software Firewalls:
a) Are they necessary/useful at all?
b) which one works OK and will not screw up my Apache, SMTP, Pop3 and Imap servers or my use of ICS to give my wife's laptop net access (< -dealbreaker)?br> I am on an XP Pro box, connected directly to a cable modem. I am not going to buy a router/hardware firewall.
posted by signal to Computers & Internet (12 answers total)
 
They're useful, but preferably as a backup for a hardware firewall and to stop trojans that open outgoing connections without your knowledge.

Why won't you buy a router/hardware firewall?
posted by smackfu at 9:00 AM on October 26, 2004


which one works OK and will not screw up my Apache, SMTP, Pop3 and Imap servers or my use of ICS to give my wife's laptop net access

The firewall built into windows XP should be able to do that. You will need to configure it. That's pretty easy, just push the settings button where you enable it. The rest is obvious. The firewall with windows XP, especially XP SP2 is very reasonable, although "professionals" use sygate. :-)

Those routers are really a better deal, though, because having a dual line of defense is nice. You should at least consider one.
posted by shepd at 10:42 AM on October 26, 2004


Study released yesterday.
posted by adampsyche at 11:04 AM on October 26, 2004


Without a doubt, a hardware firewall is going to be more secure and more configurable, but if it's really not an option for you, then you should probably look into something more secure than the Windows XP SP2 firewall. The Windows firewall is not only much less configurable, but it only blocks inbound traffic--if your machine did somehow get infected, it wouldn't stop your PC from messing up your home network, participating in a DDOS, etc.

I've been using ZoneAlarm for a while on my XP laptop, and it seems to work well. The Pro version that I got to try for 30 days was better--after I switched to the free "Basic" version, it seems to be "forgetting" settings on a regular basis, which just makes it kind of nagware. (I have to keep giving the same apps permission to reach out, or act as a server--not all, but some.)
posted by LairBob at 11:26 AM on October 26, 2004


I recommend Kerio.

However, stateful packet filtering cannot be replaced by software.
posted by four panels at 11:38 AM on October 26, 2004


I've used SPF (free for home use) for monitoring outgoing traffic and liked it fine for that purpose but I wouldn't dream of relying on it or any other software firewall to keep the wolves at bay. A quick scan of Pricewatch shows several firewalling routers for less than $30, which I think is money well spent.

(Or get a PC from the trash plus a NIC you probably have lying around, and a dedicated floppy based Linux distribution. Total cost: $0).
posted by TimeFactor at 12:35 PM on October 26, 2004


Thanks for all the answers so far. Truth is, I'm very low on cash and have like 20 things to buy that come first than internet security, so in the meantime I wonder if it's worth it to install ZoneAlarm or something else.
I hace used, in the past, ZA, XP's firewall and Kerio, and found that the last 2 screw up ICS, whereas ZA Pro does not.
posted by signal at 1:04 PM on October 26, 2004


LairBob, if your machine is infected, no software firewall will protect you no matter what. One assumes the infected machine has allowed the infection root/admin access, and therefore the infection can disable any software firewalls. It's too late.

An outgoing firewall is more useful to stop craplications from "phoning home". Personally, I just refuse to run crapware that needs to phone home.
posted by shepd at 1:46 PM on October 26, 2004


Um.

Software firewalls are mostly useful for disabling spyware features of useful programs, or for stopping spyware and viruses which either do not have administrator access or do not know how to deal with that particular firewall. They can do what hardware firewalls cannot do because they treat communications on a per-process basis, not just a per-port or per-connection basis, providing greater permissions granularity until the OSs evolve enough to do it.

Viruses which disable various software firewalls are not very common. Spyware (especially in milder forms) is. If you're afraid of getting sophisticated viruses, get a good antivirus.
posted by azazello at 2:00 PM on October 26, 2004


Viruses which disable various software firewalls are not very common.

Yeah, but if the user gets an error "SULFNBK is trying to access 172.20.0.1, let it?" they'll click no. And then, since the virus has zero protection against errors, it promptly crashes the entire computer and the user ends up losing the war against the virus anyways. :-)

Ok, so yeah, sure, maybe you might be able to stop it going on the internet. But you still get to reformat, or, at least, you get to play the "beat the virus to the internet" game with your anti-virus software. Or you can always boot windows PE and hope stinger takes care of it.

I'm not saying software firewalls are bad, but they're not a panacea that's going to stop an infected machine from having problems. Once you have a virus on the machine, you're generally just screwed. Spyware, on the other hand, is sometimes easier to wrestle with.

Myself, I run a separate firewall on the router, VirusScan 6.0, and no software firewalls. I was last infected by Taipan-666 approx. 10 years ago when I downloaded a DOOM cheat that, well, wasn't. I have no spyware or popups on this computer. Then again, the computer is pretty much warez-free, too. I've noticed a very strong link between warez and the computer's likelyhood of infection with crap. :-D
posted by shepd at 3:33 PM on October 26, 2004


re: ZoneAlarm (free version)

Since the last update, my hard drive started thrashing whenever I was online. It stopped as soon as I shut down ZoneAlarm, and immediately started when I started it back up.

Using some monitoring utilities, I verified that it was indeed ZoneAlarm that was causing the thrashing.

I am relying on the XP version now, but I don't want to trust it for very long.
posted by mischief at 4:13 PM on October 26, 2004


Go with the built in firewall. Most people dont need to analyze every program that uses the net. As long as the most basic ports are blocked you are just as safe as some uber-nag firewall.

A windows firewall realy just protects you from exploits that may come up in the future. By blocking printer and file sharing you are doing 99% of the work. Run a virus scanner and scan for adware now and again and you'll be fine.

No need for stateful filtering, throttling, complex rules, etc for a home machine.
posted by skallas at 7:28 PM on October 26, 2004


« Older Drug Therapy for Child with ADD?   |   A Day Without Mexicans Newer »
This thread is closed to new comments.