cancel
Showing results for 
Search instead for 
Did you mean: 

Is a software firewall needed?

Cliff_Jordan
Grafter
Posts: 228
Registered: ‎01-08-2007

Is a software firewall needed?

I presently use ZoneAlarm software for the firewall and antivirus to my desktop computer, but the license is due for renewal this month and I am considering alternatives. The reasons are that the firewall seems to be developing "Norton like" tendencies to take over the computer and the antivirus, while reasonable, does not score very highly against competitors.
The antivirus solution is my top priority and for that reason I have homed in on Kaspersy v7 as my prefered choice. The question is whether to get the IS version, which includes a software firewall, or the simpler (and cheaper) AV version. The IS version contains other feature which I know I will not use and so the question come down to - do I actually need a software firewall anymore.
When I started using ZoneAlarm I connected through a USB modem and so a software firewall was essential. Now I have PlusNet's firewall activated on my account and connect through a router using a NAT firewall. In such circumstances would Kaspersky AV (which seems to include some "firewall like" features to prevent malware on your computer connecting with the outside world) together with the Windows (XP SP2) firewall be adequate.
I would welcome opinions on this, particularly from those that have used, or have considered using, such a solution.
Cliff
33 REPLIES
Community Veteran
Posts: 18,884
Thanks: 290
Registered: ‎12-08-2007

Re: Is a software firewall needed?


For some years I have used AVG free edition and find it excellent.
For a firewall I use the one built into Windows XP.
notheruser
Grafter
Posts: 139
Registered: ‎08-01-2008

Re: Is a software firewall needed?

Whiffler - in my opinion, if you have good Anti-Virus and Anti-Spyware protection, Windows Firewall is quite adequate in your circumstances, since you already have your router firewall and PlusNet's protection in place.
These measures ought to be fine, provided you are a "sensible surfer" - i.e. the sort of person who faced with a dialogue box from a web site saying "Cheap but convincing looking software knows your IP address - this is a threat - would you like to install our useless software for $25 and scan your PC while we install some spyware" knows to close the dialogue box rather than click either OK or Cancel (since they probably both do the same thing!).
Not applicable

Re: Is a software firewall needed?

Whether you need a "software"* firewall or not depends upon your network configuration.
If your PC sits behind a router on a wired network, any firewall you install should never have any work to do anyway.
If you connect wirelessly, its important to use a firewall on your local machine.
If you have a notebook, and you use it on other networks, again, its important you have a local firewall.
*don't get me started on the difference between 'software' and 'hardware' firewalls - they are both types of software firewall in reality.....
notheruser
Grafter
Posts: 139
Registered: ‎08-01-2008

Re: Is a software firewall needed?

James_H I wouldn't quite agree with the need for a firewall on a wirelessly connected machine. If you've set up WPA security on your router, it's as good as a wired connection. (And anyone capable of hacking your WPA encryption will make short work of your firewall!)
Agree with what you say about the software/hardware issue - perhaps the correct terminology would be local or remote firewall, but i suppose it's just a way of distinguishing between software run on the protected PC, and a discrete hardware box running firewall software.
Not applicable

Re: Is a software firewall needed?

Quote from: notheruser
(And anyone capable of hacking your WPA encryption will make short work of your firewall!)

Its pretty straightforward to download software which will take advantage of the advanced features of some network cards (Cisco ones are particularly popular with hackers) and the software more or less automates the procedure.
Its unlikely, but with my paranoid head on I can only expect it to become even easier and faster - thus I find it worthwhile advising to use firewalls on WiFi networks. (The XP one is more than adequate)
I don't bother at home though - Wink
Ya pays yer money and takes yer choice as they say. Grin
notheruser
Grafter
Posts: 139
Registered: ‎08-01-2008

Re: Is a software firewall needed?

Quote from: James_H
Quote from: notheruser
(And anyone capable of hacking your WPA encryption will make short work of your firewall!)

Its pretty straightforward to download software which will take advantage of the advanced features of some network cards (Cisco ones are particularly popular with hackers) and the software more or less automates the procedure.

Agreed - but does does this help the potential hacker crack the WPA encryption? Even if the SSID is visible, and the hacker can get a good signal, all he can do is capture useless data - for it to be of any use to him, he's got too crack WPA. It's pretty well accepted that with current computing power, this is next to impossible. But if yoour paranoid... Grin
(Just because you're paranoid doesn't mean they're not out to get you!)
Cliff_Jordan
Grafter
Posts: 228
Registered: ‎01-08-2007

Re: Is a software firewall needed?

Thanks for comments so far.
On the question of wired or wireless network I think I am with "notheruser" here. My connection was wired but for the past month or so has been wireless (WPA-PSK), due to temporary rearrangement of furniture, but I have noticed no difference in the ZoneAlarm firewall logs - nothing before and nothing after.
Getting back on to the original question (where's a moderator when you need one  Roll eyes) the subtle difference between a proper software firewall, such as ZoneAlarm, and the XP firewall, which I regard as half-a-firewall, is the crucial issue. However half a firewall is better than none and may be more than adequate in this situation, as the replies seem to indicate.
More opinions please - if possible before 4th February when the 30% discount on Kaspersky ends.
Cliff
Pendragon
Rising Star
Posts: 430
Thanks: 3
Fixes: 1
Registered: ‎07-04-2007

Re: Is a software firewall needed?

We always install Zone Alarm (free, and an old pre all the extras version) firewall on all our PC’s and Laptops, not to prevent incoming threats, but to prevent unwanted programs from connecting to the internet (or our LAN) without our knowledge.
It’s surprising how many programs either while installing or when running want internet access for no real reason other then to report some information back ‘home’ or to constantly check for updates. Zone Alarm will stop such behaviour in its tracks.
Just my 2p’s worth, P.
VileReynard
All Star
Posts: 11,175
Thanks: 303
Fixes: 11
Registered: ‎01-09-2007

Re: Is a software firewall needed?

Why are software firewalls necessary?
Even on a totally insecure wireless connection how is it possible to access "useful" data?
How is it possible to access my data - if I haven't given explicit authority to do so. All bank transactions are https - so even clear text won't help the cracker.
Obviously, my network is quite a bit more secure than this (just in case).  Grin
But I don't have a software firewall (as such).

Community Veteran
Posts: 14,439
Thanks: 728
Fixes: 12
Registered: ‎01-08-2007

Re: Is a software firewall needed?

Point is that you can get software for WPA cracking.
How many of those people actually have the raw skill to hack through a firewall though? - Few I would expect.
I have a software firewall on every PC on my network including the laptop for the wireless connection. That is despite having a software firewall built into my router..
I do use the XP firewall on one computer but thats due to ICS being used and with wifi setup so that the box can act in a similar way to a router with no user logged on (or keyboard /mouse /monitor connected). The XP firewall also allows you to setup port forwarding on the network if it is an ICS host.
Every other computer has ZA due to its ability to block outgoing traffic which isn't authorised.
I need a new signature... i'm bored of the old one!
pierre_pierre
Grafter
Posts: 19,757
Registered: ‎30-07-2007

Re: Is a software firewall needed?

I am surprised no one picked up on this from Whiffler
Quote
computer connecting with the outside world) together with the Windows (XP SP2) firewall be adequate.

I have seen in numerous magazine that Bill Gates firewall doesn't stop rouge outgoing items, and is not 100% on incoming
notheruser
Grafter
Posts: 139
Registered: ‎08-01-2008

Re: Is a software firewall needed?

Quote from: okrzynska
Point is that you can get software for WPA cracking.

I think you'll find you can't.
Wikipedia may not be the most reliable source in the world, but its article on WPA is very good.
"WPA2 implements the mandatory elements of 802.11i. In particular, it introduces a new AES-based algorithm, CCMP, that is considered fully secure." (My emphasis).
"To protect against a brute force attack, a truly random passphrase of at least 20 characters should be used, and 33 characters or more is recommended"
Brute Force attacks are at the moment, the only known way of attempting to crack WPA, so as long as you chose a suitable passphrase, you can consider it to be completly secure.
Hackers usually don't hack the firewall itself - they exploit vulnerabilities on the machines behind them. Succeed at that, and it will probably not be too long until you capture the password for the firewall - after that, it's all over! I reckon this would count as having "the raw skill to hack through a firewall " - and it happens on a regular basis.
Having access to a number of firewalls on commercial networks, I regularly read the logs, and can see the numerous attempts made to probe our network. The vast majority of those though, is simple "port scanning" - trying the same port against all of our IP addresses, or trying a range of ports against each in turn.
Fortunately the default settings on most domestic firewalls will prevent any success with this type of probing, so unless users do silly things like opening ports on the firewall that they don't really need, they will be fairly well defended.
VileReynard
All Star
Posts: 11,175
Thanks: 303
Fixes: 11
Registered: ‎01-09-2007

Re: Is a software firewall needed?

At risk of doing a Jeremy Clarkson  Grin Grin Grin
I've been with PN approximately 5 months.
I've had PN firewall switched off.
I've had PN virus scanning switched off.
I've had PN port blocking switched off.
I've even had PN mail spam checking switched off.
I don't run any firewalls on any machines at all.
I don't run any virus checkers at all.
I never run any spyware checkers.
I do use the firewall builtin my router and I do use NAT.
I've had absolutely no problems whatsoever with any foreign software - not  a single one.

Community Veteran
Posts: 1,112
Registered: ‎30-07-2007

Re: Is a software firewall needed?

I am using Kaspersky KIS 7 and the firewall seems pretty comprehensive.
As someone pointed out to me recently you can get legit licences for Kaspersky on ebay very cheaply. I recently paid under £17 for a three user one year KIS licence. A bargain I reckon ;-)
Others have already mentioned we are pretty safe behind our router firewalls. TBH I use my software firewall to control what dials out rather than what comes in!