|
Posted by Duane Arnold on October 17, 2006, 1:20 am
If you were Registered and logged in, you could reply and use other advanced thread options
> ijones@TOGLIinterfree.it wrote:
>
>> Hi, I have just bought Netgear DG834GT. I'd like to disable
>> the router firewall and to install Outpost firewall.
>
> Software firewalls are a joke.
You're talking about a host based personal FW/packet filter I would assume,
as there are host based network software FW solutions that run on gateway
computers that are not jokes. Those solutions would be using one NIC facing
the Internet with one or more NIC(s) facing the LAN.
>
> You would be a complete bonehead to disable the firewall on your
> router.
I agree and told this person in another NG he posted to.
>
> There is so much garbage traffic hitting your router that it makes no
> sense to let your computer be exposed to that junk and waste CPU
> processing time as your software firewall deals with that junk. Your
> software firewall can't possibly do the job any better or any more
> efficiently.
>
I would agree only in the case that a NAT router that cannot stop outbound.
But as far as stopping unsolicited inbound traffic from reaching a machine,
the NAT router is an effective border device that sits between the modem and
the LAN and provides the protection from the Internet.
> This advice is DOUBLY true for any NT-based os (like XP, which stands
> for eXtra Processes). I wouldn't connect an XP system to the internet
> without having a NAT-router. I don't care what software firewall is
> running on it (and none should be or need be - not even for out-bound
> firewall "protection").
So what is one to do if you're sitting in a hotel room on a dial-up watching
the unsolicited inbound traffic that is being stopped by the host based
software personal FW/packet filter, which is providing the protection and
doing it well? One cannot use a NAT router in all cases.
BTW, the laptop I am using is running XP pro and I don't have in problem
with it with a direct connection to the Internet, although I wouldn't
recommend any O/S Windows or otherwise be directly connected to the
Internet, unless the user has no choice but to do it..
>
> Any software firewall can be de-activated by malware, which is why
> software firewalls are a joke.
I wouldn't happen if one is applying safehex. The malware has to reach the
machine and be executed in order for the malware to take out the personal
FW/packet filter. And if malware has reached the machine and is executing,
then it doesn't make any difference what solution is providing the
protection as the malware is going right through it, until it is found and
removed.
>
> Once upon a time (like 6+ years ago) software firewalls were common
> (in SOHO situations) but these days they're just a leftover and only
> dumb-ass tech journalists continue to recommend them as a primary
> security tool.
Don't kid yourself as many, many, many more home users are using a host
based personal FW/packet filter than that are using an appliance such as a
router. It is not based on what some journalists are making any
recommendations on, but rather. it's the only thing they know to use.
A host based software FW or PFW/packet filter solution of any kind is only
as secure as the O/S platform it is running on. In the case of a Windows NT
based solution, most users don't know how to properly secure the O/S. Those
that do know are not having problems running a PFW/packet filter on the NT
based platform.
Duane :)
| 
XML site map