Firewall Question
Thread Starter
Join Date: Jun 2003
Location: UK
Posts: 474
Likes: 0
Received 0 Likes
on
0 Posts
Firewall Question
I'm a bit confused. I've been told by my computer-savvy friend,that, since I access the internet a router, with anti-virus software on my system, I don't need a third-party firewall, since Windows' inbuilt Firewall, which I have switched on all the time, will do the job adequately.
However, if this is the case, why would anyone purchase third-party firewall protection? Am I safe?
However, if this is the case, why would anyone purchase third-party firewall protection? Am I safe?
Yeah, you should be fine. I'm assuming your router does NAT (Network Address Translation), which means that your computer isn't actually on the Internet (in IP Address terms) and can't be accessed directly from there.
(There is a way of allowing access from the other Internet systems, called "port forwarding" on the router, but you'd have to turn it on and set it up. If anyone (or a website) tells you to do that, be sure you understand the reasons in full: if not, don't.)
(There is a way of allowing access from the other Internet systems, called "port forwarding" on the router, but you'd have to turn it on and set it up. If anyone (or a website) tells you to do that, be sure you understand the reasons in full: if not, don't.)
More bang for your buck
Join Date: Nov 2005
Location: land of the clanger
Age: 82
Posts: 3,512
Likes: 0
Received 0 Likes
on
0 Posts
One advantage of using something like Zone Alarm firewall is that it can be set to ask you before it allows a program to access the internet giving you the chance to stop any rogue programs, such as keyloggers, from leaking passwords etc.
what GG said.
Think of it as a safety net, the last chance to prevent any undetected malware from phoning home. (Even that isn't guaranteed. Some malware installs/modifies a system file, so it looks like the system -previously allowed- is phoning home, and not all firewalls are necessarily able to detect the change. Most should.)
Prior to that situation occurring, you have defenses in place that should stop the vast majority of it. In theory.
Think of it as a safety net, the last chance to prevent any undetected malware from phoning home. (Even that isn't guaranteed. Some malware installs/modifies a system file, so it looks like the system -previously allowed- is phoning home, and not all firewalls are necessarily able to detect the change. Most should.)
Prior to that situation occurring, you have defenses in place that should stop the vast majority of it. In theory.
Spoon PPRuNerist & Mad Inistrator
I would suggest that if one operates with a hardware firewall, good (regularly updated) antivirus and (crucially), not as an admin then one really has very little to worry about. AV should be set to on-access scanning, with regular full sweeps.
A SW firewall and anti-malware are good to have, but not as important.
Obviously, if one is using public access points with your laptop, then a good SW firewall is essential (not Windows, although it's better than nothing). And again, running as an ordinary user.
SD
A SW firewall and anti-malware are good to have, but not as important.
Obviously, if one is using public access points with your laptop, then a good SW firewall is essential (not Windows, although it's better than nothing). And again, running as an ordinary user.
SD
Upto The Buffers
Join Date: Apr 2006
Location: Leeds/Bradford
Age: 48
Posts: 1,112
Likes: 0
Received 0 Likes
on
0 Posts
Good article on the use of svchost here:
What is svchost.exe And Why Is It Running? - the How-To Geek
What is svchost.exe And Why Is It Running? - the How-To Geek
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
I'm assuming your router does NAT (Network Address Translation), which means that your computer isn't actually on the Internet (in IP Address terms) and can't be accessed directly from there.
See .....
TeamViewer - Free Remote Access and Remote Desktop Sharing over the Internet
and many other similar "legit" examples..... then consider the "dark side" possibilities.
It's easy to create a backdoor in through NAT......
The way those kinds of programs work, they require the client PC to open up a connection first. Only then is there an open NAT port through which data can enter. Assuming the NAT itself isn't broken and ports aren't being forwarded, an external computer can not open a port: it has to be invited in. That's also how multi-player games can be made to work through NAT, by the client connecting to a central server, thus opening a connection through which game data can be transferred. That's not a back door, it's a front door. 
Of course rogue programs can do this from the PC, but when that happens, a firewall isn't guaranteed to help, either. I never said NAT was a total security solution, but if you run a good up-to-date virus checker, and surf responsibly (using Firefox with NoScript), you can be pretty confident IMHO.
Of course rogue programs can do this from the PC, but when that happens, a firewall isn't guaranteed to help, either. I never said NAT was a total security solution, but if you run a good up-to-date virus checker, and surf responsibly (using Firefox with NoScript), you can be pretty confident IMHO.
