Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1

    Default Usefulness of Firewalls on Home Computers [Forked Thread]

    This thread is a fork of the firewall discussion on http://forums.pcworld.co.nz/showthread.php?p=467919 to avoid further hijacking. A message has been posted there about this fork.

  2. #2
    Large Member plod's Avatar
    Join Date
    Mar 2005
    Posts
    7,413

    Default Re: Usefulness of Firewalls on Home Computers [Forked Thread]

    I use both a software firewall and a router. And find these very useful

  3. #3
    6146-B Billy T's Avatar
    Join Date
    Dec 2004
    Location
    Middle Earth
    Posts
    6,887

    Default Re: Usefulness of Firewalls on Home Computers [Forked Thread]

    Quote Originally Posted by TGoddard
    This thread is a fork of the firewall discussion on http://forums.pcworld.co.nz/showthread.php?p=467919 to avoid further hijacking. A message has been posted there about this fork.
    It wasn't hijacked TG, it's just that your opinion was a minority of one, i.e. nobody agreed with you. Probably nobody has noticed that you have forked off either.

    Rejection is such a bitter pill.

    Cheers

    Billy 8-{)
    Some days it's not even worth chewing through my restraints!

  4. #4

    Default Re: Usefulness of Firewalls on Home Computers [Forked Thread]

    Quote Originally Posted by tweak'e
    apologies for the hijacked thread.

    software firewalls are not that easy to disable. sure they are plenty of AV and firewall killing malware around but av and firewalls do have defences against this. there are ways around firewalls fortunately they are not common and generally have fixes for that released not long after they have been found.
    It's true that older and simpler worms and trojans my be prevented from phoning home. The simplest way around them is simply to delete or corrupt the executables for the firewall. Doing it silently would be harder.

    2ndly hardware firewalls cannot stop any process running on a remote pc, simple as that. they have done and never will. they can't even stop malicious traffic going through them, after all how does a remote hardware firewall tell what program generates the traffic and if its malicious or not. its up to PEOPLE to decide whats malicious or not.
    That's not what I meant by 'services', my comment should have been clearer. Application-based filtering can only be effective when an administrator user imposes the filtering mechanism on restricted users.

    You can, however, block ports that the computer does not have a legitimate service running on at the external firewall. If only essential services normally run and all other ports are closed by means of a secure external device then the malware cannot receive connections on an arbitrary port. An external firewall can also be relied on to provide accurate logs of network traffic, possibly revealing suspicious activity.

    3rd, a hardware firewall is nothing more than software firewall running on hardware. they can be hacked, exploited and bypassed just like pc's.
    I'm aware that they actually use software, hence my habit of putting single quotes around hardware in the phrase 'hardware' firewall. Most dedicated firewalls run few services though and as a result are very difficult to break in to. A system can only be compromised if it exposes services which a hacker can use to gain control of the machine. These dedicated firewalls are far from the weakest link in the chain of security.

    On a system where the operating system can reliably protect the firewall from being damaged, usually by restricting user permissions, a firewall could be an effective security measure. This is, unfortunately, the vast minority of home computers.

    In a world where hacking and worm authoring is becoming increasingly commercial for systems of spam relays and potential for extortion or espionage using botnets to coordinate attacks and anonymise attackers, we need real defenses on vulnerable computers to prevent them from falling into malicious hands.

    I wouldn't feel comfortable shelling out large sums for a product when a smart malware writer could bypass the system with only a few lines of code. By the stage the malware is on there, the damage is irrevocably and permanently done.

  5. #5
    Elite
    Join Date
    Feb 2005
    Location
    Dunedin
    Posts
    1,597

    Default Re: Usefulness of Firewalls on Home Computers [Forked Thread]

    To clear this up. Are we debating the usefulness of firewalls on your ADSL router, for example?
    --
    Me pics

  6. #6
    tweakedgeek tweak'e's Avatar
    Join Date
    Dec 2004
    Location
    winterlessnorth (well almost)
    Posts
    4,928

    Default Re: Usefulness of Firewalls on Home Computers [Forked Thread]

    o god ....not again. sorry but none of your points are new and this has been bashed around security forums for years which is basicly why steel cap boots are required when someone brings it up yet again.

    most good malware don't try to disaable the firewall...why because when they do it kills the net connection stopping everthing making the excerise pointless. also it brings the techs in which find and kill whatever it is. most of the really nasty ones try to sneak through it. everything from dll injection, contoling the mouse to click the right boxes, to simply using a comman program name.

    hardware firewall.....helpfull but a lot of malware simply use comman ports which are alwasy open. ie web browsers, emails etc.

    An external firewall can also be relied on to provide accurate logs of network traffic, possibly revealing suspicious activity.
    this is home pc's where talking about, no one reads logs on an external device.

    majority of malware don't get past firewalls unless the user let it through.

    By the stage the malware is on there, the damage is irrevocably and permanently done.
    you know darn well that firewalls will never prevent malware from installing on a pc. its not its job. a personal firewall is simply there to enable the user to control what access the net from their pc. the user can contain it on the pc untill they can get a fix for it.

    again this is all old hat and by the sounds of your posts you should know all this already. don't forget corpuratre pc sicurity is totally different to home pc sicurity which is why IT pros are some of the worse culprits for slack home pc sicurity.
    Tweak it till it breaks

  7. #7

    Default Re: Usefulness of Firewalls on Home Computers [Forked Thread]

    No, we're discussing software firewalls running on a home PC. I've stated that they're useless as they can be easily bypassed. Several other people have posted saying that they disagree.

    I obviously can't sum up impartially but if you're interested the link for the other thread is in the first post.

  8. #8
    Elite
    Join Date
    Feb 2005
    Location
    Dunedin
    Posts
    1,597

    Default Re: Usefulness of Firewalls on Home Computers [Forked Thread]

    Quote Originally Posted by TGoddard
    No, we're discussing software firewalls running on a home PC. I've stated that they're useless as they can be easily bypassed. Several other people have posted saying that they disagree.

    I obviously can't sum up impartially but if you're interested the link for the other thread is in the first post.
    Well they seem somewhat useful, but are limited by the human who is configuring them. Given the strange services running on Windows I'd go for at least using the XP built-in firewall trying to control outgoing stuff jsut confuses the hell of your ordinary user out there.

    Malware is increasingly trying to disable anti-virus, software firewalls etc but hopefully people aren't running as admins (although privilege escalation is probably easy to achieve in Windows)...
    --
    Me pics

  9. #9

    Default Re: Usefulness of Firewalls on Home Computers [Forked Thread]

    OK, I've thought about this and am willing to cede the point that these firewalls can be useful on home PCs. After some research into how they work, I've realised that the point I've been missing is that however vulnerable they are in theory, in practice they have an advantage simply by complicating the issue.

    Computers running software firewalls are not intrinsically secure in themselves - bypassing the firewall is certainly possible - but the fact that there are many easier targets out there means that few malware authors will bother adding firewall disabling abilities. It only takes a slight edge to make the difference.

    I still believe there are much more serious problems to be faced on most home PCs, but a firewall may add that small extra margin needed to be just a bit more secure than everyone else.

  10. #10
    Senior Member pctek's Avatar
    Join Date
    Feb 2005
    Location
    In the Wild West
    Posts
    24,212

    Default Re: Usefulness of Firewalls on Home Computers [Forked Thread]

    Quote Originally Posted by TGoddard
    OK, I've thought about this and am willing to cede the point that these firewalls can be useful on home PCs.

    Computers running software firewalls are not intrinsically secure in themselves - bypassing the firewall is certainly possible - but the fact that there are many easier targets out there means that few malware authors will bother adding firewall disabling abilities.
    Finally!!
    Look, I just did one of these yesterday. This lady had XP, broadband, kids doing music downloading and no AV, no antispyware and no firewall.
    Shall I send you over so you can tell her not to use a firewall?

    I installed a firewall, showed her its basics and explained how it works and the necessity of configuring it.
    I installed an AV and 2 antispywares.
    Explained the necessity of running them every day.
    Explained about music sharing and the fact the kids will be inviting a lot of the malware in by doing this.
    I also gave her an analogy - its like your house. You close the windows and doors, you can lock them all too, and in addition get a dog and an alarm.
    It still won't make the house burglar proof 100% but it all helps.

    The more protection the better, along with some common sense.
    And in addition recommended she be the only admin account and the kids have limited user accounts. That way they can happily use it but she will be in charge of its security and maintenance.

    None of them are particularly computer literate so shes just had a crash course in basic security. Note I said basic. I've told her she's likley to still get malware but it will cut it down heaps, she can catch it before its had much time to do any damage and its a start. You can't give them a 3 year computing course in 1 hour.

    Dismissing firewalls is stupid, at the very least it would give her some warning about whats trying to access the net, however much use it will be in preventing anything coming in.
    I have more than this on my own PC, but then I've had a hell of a lot more experience and have a pretty good idea of what I'm doing.

    You know what makes a good tech is continuing to learn, not thinking they know it all already and everyone else is an idiot.
    Go away and do some more research.

Similar Threads

  1. Firewalls
    By heaton in forum PressF1
    Replies: 5
    Last Post: 07-09-2005, 07:57 PM
  2. Insult somebody else's thread, thread
    By plod in forum PC World Chat
    Replies: 9
    Last Post: 29-04-2005, 12:40 AM
  3. Regarding the "LOCKED THREAD" thread
    By Baldy in forum PressF1
    Replies: 30
    Last Post: 06-11-2004, 11:34 AM
  4. Firewalls
    By in forum PressF1
    Replies: 0
    Last Post: 16-06-2002, 07:42 PM
  5. Firewalls.
    By in forum PressF1
    Replies: 0
    Last Post: 04-06-2002, 11:48 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •