Hello people,

I have windows XP Pro (SP2) installed on my system. I also have broadband- cable. I have a software firewall installed (Panda Internet Security) and a Netgear Wireless Router, MR814v2.

I basically installed the router with its default settings and now I'm concerned if I should have tweaked it. Or, if I even need it since I already have the software.

Any comments or tips?

Kareem

You don't need both. The router should have been configured out of the box to protect you.

You need the Router and one good Software Firewall.

The Router’s NAT Firewall provides security against out side attacks but useless against internally generated security problems.

Link: Basic Protection for Broadband Internet Installation. (http://www.ezlan.net/firewall.html)

:cool:

True, but that's only a concern if you don't keep your machine clean to begin with. :)

Originally posted by r8500
True, but that's only a concern if you don't keep your machine clean to begin with. :)

How do you know if any software you install or have installed is connecting outbound without something to warn you of the activity?

Well, I don't run anything illegal, so I have no real concern as to if my software is trying to call home. Besides, in a network enviroment, and software based firewall can cause many many headaches.

Originally posted by r8500
Well, I don't run anything illegal, so I have no real concern as to if my software is trying to call home. Besides, in a network enviroment, and software based firewall can cause many many headaches.

So if you or anyone on your network install some seemingly clean software with a homemade trojan etc. you are a sitting duck as is the rest of your network.

In my home network all the pc's have software firewalls and we have no headaches.

Well, we generally only run software made by companies like Microsoft, or Adobe and things of that item. I still don't see what a software firewall is going to do for you once you have a trojan on your system. Its definetely not going to remove it for you.

It will alert you to the fact that the trojan etc. is trying to access the net and thus will let you know there is something on your pc. You can then deny access and prevent possible transmition of sensitive data from occurring. This is just my opinion of course, you are welcome to differ.

r8500, let assume for the sake of the discussion that you are right and taking into consideration the way you run your computers there is No need for Software Firewall.

If so, you should indicate this in your first answer, since you do not know how the poster is running is computer, and most people are not as careful as you are.

:cool:

Well, I do assume that I am running my system as clean and safe as possible. But, to be safe and to ensure that **** doesn't get loaded onto myn system, I installed both firewalls. However, I wasn't sure if my having both types of firewalls is overkill which is why I posted the message to begin with. But all of your suggestions (and comments) are being noted.

Ahh such blind trust you have in your Software providers r8500.
Tell me, what Microsoft or Adobe has done to earn such unquestioning faith from you.
Have you never stopped to think why all these components even need web access.
I have locked down all of my software to component level, nothing gets online without my say.

Most of the people I have met whose machines have actively participated in Denial of service attacks all came out with the same drivel that you have.

“I have nothing to hide”
“There’s nothing of interest on my computer”
“Why would anyone be interested in me?”
“I’m not doing anything illegal”
Etc, etc

Nobody thinks “hmm, backdoor access trojan, I think I’ll install one of them”
People that get them are usually smug, self congratulating people who really don’t have a clue. You can get a backdoor access Trojan installed on your machine just by clicking a web link. It doesn’t pop up or tell you its there it just gets on with contacting its owner to inform them of your IP address.
Router firewalls are great for your first line of defence, (I have one myself) they will stop all incoming traffic that is not requested by your IP address. But anything on your side of the firewall will just go straight out.
A software firewall is vital to give you control of your outgoing traffic.
I use Zone Alarm Pro.
Microsofts SP2 Firewall is lame.
Also, many routers out of the box need their firmware updating or they don’t operate in full stealth mode. 2 other people and myself got the same router at the same time from the same place, my firmware was up to date the other 2 where not. Depends how long its been sat in a warehouse.

Originally posted by Kandar
Ahh such blind trust you have in your Software providers r8500.
Tell me, what Microsoft or Adobe has done to earn such unquestioning faith from you.
Have you never stopped to think why all these components even need web access.
I have locked down all of my software to component level, nothing gets online without my say.

Most of the people I have met whose machines have actively participated in Denial of service attacks all came out with the same drivel that you have.

“I have nothing to hide”
“There’s nothing of interest on my computer”
“Why would anyone be interested in me?”
“I’m not doing anything illegal”
Etc, etc

Nobody thinks “hmm, backdoor access trojan, I think I’ll install one of them”
People that get them are usually smug, self congratulating people who really don’t have a clue. You can get a backdoor access Trojan installed on your machine just by clicking a web link. It doesn’t pop up or tell you its there it just gets on with contacting its owner to inform them of your IP address.
Router firewalls are great for your first line of defence, (I have one myself) they will stop all incoming traffic that is not requested by your IP address. But anything on your side of the firewall will just go straight out.
A software firewall is vital to give you control of your outgoing traffic.

Also, many routers out of the box need their firmware updating or they don’t operate in full stealth mode. 2 other people and myself got the same router at the same time from the same place, my firmware was up to date the other 2 where not. Depends how long its been sat in a warehouse.

Well, Since I scan my workstations nightly with Anti-virus scans, and Pest Patrol scans, I am pretty sure that if I got anything on my machine, that I would know.

As far as to your question of what have Microsoft and Adobe done to earn my trust, well I guess they just haven't done anything to lose my trust. I don't download software, I use Firefox, and all of our software is licensed software. I mean for that matter, what makes you so sure that your software firewall is doing what it is supposed to be doing? I mean, if its not working, how would you know?

You make it sound like I put too much faith in the way I use my computer, and the software I run on it. I know what my habits are, and I know how to keep myself protected.

You put all of your faith into your software firewall. Why is that? What happens if it fails to do what it is supposed to do?

I guess in the end it boils down to, if your not an alert enough computer user to keep track of your machine, and notice when it is running poorly, withouth your firewall telling you there is something new on there, then maybe you need to take a look at your computing habits.

Originally posted by r8500
You put all of your faith into your software firewall. Why is that? What happens if it fails to do what it is supposed to do?

That’s a fair and reasonable question. The answer is that most people perhaps wouldn't know. Most pro grade firewalls actively monitor themselves for any non functionality but that doesn’t mean it won’t break. Personally I have an active real time port monitor that shows and logs ALL activity on ANY of the 65,536 ports so I would notice.

As for Microsoft not doing anything to loose your trust.
Your more forgiving than I am. Microsoft can't loose my trust because they have yet to do anything to gain my trust.
There total lack of understanding of any kind of security is laughable.

Some of the most infected machines I have ever encountered are owned by people who simply never do anything remotely dodgy or knowingly download anything.
Sometimes you’re just unlucky and you get bitten, all I’m saying is don't lower your guard. Overconfidence in ones safety is the fist step towards danger.
And I agree that to place ones complete trust in anything is folly.
But I’d rather sit behind my firewalls in the knowledge that I should be hidden if its all working than face the internet knowing I’m exposed.

Kandar, I definetely see your point, and agree that its the people who don't check to make sure everything is ok, that get bitten.

I also wanted to apologize if I came off a bit rude in my last post. I wasn't trying to single you out, as much as explain my position a little better.

:t

No offence taken :t

I just practice safe surfing, install only apps I trust and check occasionally with this.

lcurrports (http://www.nirsoft.net/utils/cports.html)

Lets you know what is open and whats using it.

Im behind a router with stealthed ports and the last time I got anything was when I plugged a contaminated rig into the network like an idiot.

Originally posted by r8500
Well, Since I scan my workstations nightly with Anti-virus scans, and Pest Patrol scans, I am pretty sure that if I got anything on my machine, that I would know.



You make it sound like I put too much faith in the way I use my computer, and the software I run on it. I know what my habits are, and I know how to keep myself protected.

You put all of your faith into your software firewall. Why is that? What happens if it fails to do what it is supposed to do?

I guess in the end it boils down to, if your not an alert enough computer user to keep track of your machine, and notice when it is running poorly, withouth your firewall telling you there is something new on there, then maybe you need to take a look at your computing habits.

Anti virus programs and anti spyware programs are only as good as their last update. Depending on the heuristics of the AV app it may or may not catch trojans etc. of unknown profiles.
My firewall software goes further than most by having application control and windows security etc. I also filter web pages with a web filtering app to remove any possible problems.
My system can prevent all these http://www.firewallleaktester.com/ and anything I have tried on it.
I have never had my pc infected with anything but I like to know that I'm running a tight ship to prevent the possibility.

I don't bother stealthing my pc with my router, I have it set to allow me to be pinged as my IP likes it that way. Stealth is way over rated. A closed port is closed and can't be opened from the outside.

also run msconfig to see if there are other programs running aside from programs you prefer...

Originally posted by cdroman
I don't bother stealthing my pc with my router, I have it set to allow me to be pinged as my IP likes it that way. Stealth is way over rated. A closed port is closed and can't be opened from the outside.

How is Stealth overrated? Please do tell me how something that keeps you hidden from ALL external probes can be “Overrated”.
A "Stealth" port completely ignores any incoming packets without sending any form of reply back to the originator. That makes your system completely opaque and invisible to any and all random scans which continually sweep through the Internet.
It doesn’t come any better than that.
Anyone scanning your IP address will get conformation that a computer exists at that address, a nice big list of all the ports they scanned and a reply from each saying that is closed.

Anyone scanning my IP address gets no conformation of anything. My firewall logs the port probe, sticks two fingers up at you and says nothing.

Okay, I won't say stealth is over rated. But for me it is not necessary. Dropping packets(stealth) is no more safe than closed ports. A scanner doesn't care whether you are stealthed or have closed ports. It's scanning looking for unprotected computers and a computer that is showing closed ports is not considered to be unprotected. If you go onto the internet you will be scanned. The skill of the operator determines the ease of which someone can get in. If you are stealthed and have no open ports and I am not stealthed and have no open ports; am I at risk? If you show stealth but have an open port somewhere; are you at risk? It all depends on how you set it up. You are not stealthed if you can be pinged. I wouldn't say stealthed keeps you hidden unless you don't go on the net, the second you make a request to a web page you are no longer hidden. Ping a non existent address and ping your address while you are stealthed; do you get the same response. They know you are there, they just know you are dropping packets.

"Anyone scanning your IP address will get conformation that a computer exists at that address, a nice big list of all the ports they scanned and a reply from each saying that is closed"
And what does that tell them? They can't get into my pc.

The bottom line is if you feel safer being stealthed then that is the way to go for you. If you feel safe not being stealthed then that's okay too.

if you can afford the hardware router, then why use both. use the hardware.

i used both hardware and software firewalls for years. then several months ago i removed zone alarm. the reason is they issued at least two faulty updates that required me to uninstall and go back to previously working versions. also zone alarm is incompatible with many p2p apps.

posts above make frequent reference to av and spyware sweeps but no one mentioned tds-3 anti trojan sweeps. using tds-3 to check my computers i have not found any trojans since i stopped using zone alarm. tds-3 also has an active process watch app that they say will stop any trojans getting in in real time. but i have not used that.

my experience is that you CAN dispense with resource hogging software firewalls. also, whenever i install any **** adobe or microsoft or any other apps that try to dial out, during installation or later, i do so with the internet disabled. then i turn off any options in the apps that refer to 'automatic updates' or sending info back. usually it is possible to find the exe files which do this and remove them too.

for me there is a conflict in on the one hand reducing as much as possible the resources used --keeping as few background apps like software firewalls running-- as possible against on the other hand maintaining a good level of protection.

i am not at all sure i am doing the right thing. but so far i can't see that not using zone alarm is doing me any harm.

and, i assume the posters who put their trust in software firewalls know that the first thing any good trojan does is TURN OFF the software firewall, something it is very easy to do.

since i go to a lot of crack sites i have seen several trojans downloaded onto my computer. but every time i download something from a suspected source like kazaa i check the files [very quickly] with tds-3 and eliminate anything which i am alerted to as suspicious.

dsrs:

It's up to the user what they want to do. Some people like stealth, some don't; some like the addition of software firewalls to go with the hardware, some don't. Some people don't mind the phone home antics of some apps and if you have AV/trojan protection it may suffice. If you feel you know enough then you're all set.

TDS 3 is very good, I used to have it on my pc.

As far as a trojan turning off my software firewall; I don't think it has been done since my firewall would never let the trojan execute in the first place and even if it did manage to execute it would never be able to get the rights through the windows security my firewall offers.:t

I always practise safe surfing, I use a keyboard condom!

Seriously, I avoid certain types of sites, use adaware/spybot/giant. Also use hardware router/firewall, as well as ZA pro and sp2.

I also go into properties, and tighten up all available security options.

Scan spyware nightly, virus scan weekly, update all securoity programs on the days they release (like wed for symantec, set to auto). If there are alerts for severe threats always do manula patch check.

Interesting that some people, careless/ignorant, with teenage boys in home, on broadband, never have a threat. Then the little old lady on dialup who only emails her sisyter on Sunday gets seriously hijacked. Seems no rhyme or reason, all the more valid to be careful with surf habits, software, and hardware.

The latest processors AMD64 rleased all have integrated security at the chip level, and that is improving. Now its up to M$ to also make it harder for 3rd parties to mess with your core code.
Of course, mebbe they WANT a certain amount of threat, for marketing purposes, and to drive the need for new systems and features.

krazefinn:

I like your layered approach and I do pretty well the same things you do. I also like to use The Proxomitron to have extreme control over web pages as well.:t

It always amazes me how riled up peeps get in these forums.

To get back to the original ?, How much protection can u have? In me op U can never have enough especially when it dont cost sh-- poopy, but a few clock cycles. So throw ZoneAlarm on your comp and use the NAT Router and have a few peaceful nights of sleep knowingits that much harder to get in

nB