What's the use?



  • Just wondering, someone on the main boards mentioned, at someone saying he didnt run a virus scanner:
    "Uh.... wow. You don't run antivirus? I hope you have a killer
    firewall, and never use IE, and vet everything you download very very
    carefully."

    Now my question is, what do you need a personal firewall for anyway? The only thing a firewall does is stop traffic. But code sent to your computer does not run itself, it is always some program you already have that must run it. If you can trust the programs you currently run, doesn't this make a personal firewall the most useless piece of software ever, or do i miss something? Comments please.

    Note that this is about personal firewalls. Firewalls on routers etc. are a totally different matter.
     



  • Do you trust your operating system?   Some of the exploits found in Windows XP allowed for the execution of code not acquired by the user.



  • @bouk said:

    Now my question is, what do you need a personal firewall for anyway? The only thing a firewall does is stop traffic. But code sent to your computer does not run itself, it is always some program you already have that must run it. If you can trust the programs you currently run, doesn't this make a personal firewall the most useless piece of software ever, or do i miss something? Comments please.

    They're snake oil. You didn't miss anything. These products exist only to extract money from the uninformed. The only firewalls worth having are the independent systems which filter traffic passing through them, on the border of your network.



  • As for the comparison to AV products, there's a big difference in target. AV helps protect from malicios code, PFs help protect from malicious network activity. Sometimes that's the same thing, but by no means all the time.cAnyway, they're useful as an extra layer of security, especially on Windows (which is why it comes with one built in).

    -Not every application/service is configurable on where it accepts connections from. Any decent personal firewall lets you specify who can connect to what apps.

    -They're useful for people who often move between private and public networks. Have it off/low security at home, but switch it on/high when you check your mail in starbucks.

    -While perhaps not really needed in the work environment, how many people have hardware firewalls at home? How many people carry one around to sit between their laptops and (public) wifi? Even anyone who uses wifi, since WEP is negligible protection, and WPA isn't perfect either.

    As long as you accept the use of firewalls per se, and also accept that not everybody is sitting behind a corporate hardware firewall, you have to accept that personal firewalls are also of some use to some people.



  • @asuffield said:

    @bouk said:

    Now my question is, what do you need a personal firewall for anyway? The only thing a firewall does is stop traffic. But code sent to your computer does not run itself, it is always some program you already have that must run it. If you can trust the programs you currently run, doesn't this make a personal firewall the most useless piece of software ever, or do i miss something? Comments please.

    They're snake oil. You didn't miss anything. These products exist only to extract money from the uninformed. The only firewalls worth having are the independent systems which filter traffic passing through them, on the border of your network.

    Well I used the free version of ZoneAlarm for years, and it didn't extract any money from me.  Here are the benefits as I see them:

    • If a new worm is written that exploits a Windows security hole, my NetBIOS and other important ports are blocked.  This saved me from getting a few different worms that swept through local networks.
    • If you like an application but it has some sort of annoying update check that you can't turn off, you can block it from using the internet.
    • You can see what applications are actually using the internet.  For example, you would be notified if your Sony music CD tried to send information about you to HQ.
    • You can setup access lists of trusted IPs.  For example, you can run an FTP and WAP servers that only accept connections from your friends, without having to configure each of the servers seperately.

    I currently don't use a software firewall because I have a hardware firewall and it does everything I need it to do.  If you don't have a hardware firewall, then you probably should have at least a software firewall, but otherwise its just a question of if you want more control over how your applications use the internet.



  • A personal firewall with outgoing program control can provide extra control to the user of a PC.  It will only provide extra protection if the user answers prompts senibly.  The XP firewall allows me to make up for shortcomings in my router firewall by doing things like only allowing filesharing traffic in from a friends server that i want to copy files to/from, it also provides some protection against nastys from other PC's at a LAN party that might otherwise expolit vulnerabilitys in XP.  So, no i dont agree that the only firewalls worth having are hardware based, but I do agree that they are preferable for most situations.  Sadly they are also more expensive, unless you count the NAT based 'firewalls' in most consumer routers, which IMO should not be called a firewall, even the ones that do have an SPI firewall dont normally provide any useful extra protection above what the NAT provides.

     




  • The Sasser is a computer worm that affects computers running vulnerable versions of the Microsoft operating systems Windows XP and Windows 2000. Like other recent worms, Sasser spreads by exploiting the system through a vulnerable network port. Thus it is particularly potent in that it can spread without the help of the user, but it is also easily stopped by a properly configured firewall, or by downloading patches from Windows Update [1]. The specific hole Sasser exploits is documented by Microsoft in its MS04-011 bulletin, for which a patch had been released seventeen days earlier.



  • If you're a very careful driver, what do you need seatbelts and airbags for anyway?



  • Everyone should use a personal firewall that blocks incoming traffic (except where desired). But blocking outgoing traffic... well, IMO this is relatively useless. If malicious software is already running on your PC, something has already gone terribly wrong.



  • I don't use any AV software i find it's usually more annoying than actually having a virus.  But i certainly don't use IE for anything except sharepoint and checking code i have written to make sure it works in IE.

    I did install avast recently because i thought i might have had a
    virus, turned out i didn't and it must be a year or so since i
    formatted this box.  I also had norton on this box too(it's a work pc, i wouldn't buy norton) but i ended up just uninstalling it, it has more annoying popups and hogs more system resources than any virus or malware i've ever seen.
     

    I think if you're sensible about what you download, down click ads, don't install any "FREE" virus or "System Scan" crap then you're generally pretty good, assuming also that if you're using windows you update it.  I think these days the vast majority of malware and viruses get onto someones computer via a social engineering tactic ie.

    "Is your computer running slow?

    Click here for a free XXXXX"

    i''m always amazed but users actually click it even though it seems so obviously a trick.  but most people seem to be fooled.

    I can only imagine a personal firewall being very useful if you have one of those crappy little usb adsl modems you get for free from your isp when you sign up, most decent modems these days have some form of firewall which is most likely going to be better than the windows one so in most home use situations people should probably use that. 



  • I have a dell desktop (it's about 16" x 24" x 3" high) 600mhz, 16 gig drive, 3 network cards (2 pci and 1 onboard). this is my firewall / router.

    I use IPCop, and i have zero complaints. ok 1 complaint... every so often i have to restart squid. and if that doesn't fix it, i have to reboot the entire machine.

    But other than that, it stays up months at a time, with only minor system maintenence or a power failure taking it offline. I even have one of those mini CD-RWs with the latest version of IPcop on it. 🙂

     ❤ ipcop!



  • @ammoQ said:

    Everyone should use a personal firewall that blocks incoming traffic (except where desired). But blocking outgoing traffic... well, IMO this is relatively useless. If malicious software is already running on your PC, something has already gone terribly wrong.

     Are you sure? If you don't run any bad software on your pc, no incoming traffic should be able to do something bad to your computer, except if you specifically allow it (like VNC or so). Don't get me wrong, i use a firewall while under windows, but under linux or  macOSX, i don't see the use. I don't run a virusscanner on my linux as well, but i think it is reasonably secure anyway.
     



  • @RayS said:

    -While perhaps not really needed in the work environment, how many people have hardware firewalls at home?

    There is no excuse for not having one. You can pick up an adequete box for home use from netgear for a pittance - usually less than the cost of those worthless windows toys.

    When you have a real firewall, those 'personal firewall' things are just another exploitable application (and yes, many of them have been exploited).



  • @bouk said:

    Are you sure? If you don't run any bad software on your pc, no incoming traffic should be able to do something bad to your computer, except if you specifically allow it (like VNC or so). Don't get me wrong, i use a firewall while under windows, but under linux or  macOSX, i don't see the use. I don't run a virusscanner on my linux as well, but i think it is reasonably secure anyway.

    Some programs on my PC, e.g. the Oracle database, listen to the network, but I don't want them to be accessible from the internet. Therefore the firewall blocking all incoming traffic.



  • @asuffield said:

    @RayS said:

    -While perhaps not really needed in the work environment, how many people have hardware firewalls at home?

    There is no excuse for not having one. You can pick up an adequete box for home use from netgear for a pittance - usually less than the cost of those worthless windows toys.

    When you have a real firewall, those 'personal firewall' things are just another exploitable application (and yes, many of them have been exploited).

    When most home users can't even use a password other than "password, how likely do you think it is that they'll do that?

    And there's still the issue of mobility (using public WiFi hotspots, hotels, etc.)  and the times when hardware firewalls are useless (securing from physically close attacks when using WiFi).



  • @RayS said:

    @asuffield said:

    There is no excuse for not having one. You can pick up an adequete box for home use from netgear for a pittance - usually less than the cost of those worthless windows toys.

    When you have a real firewall, those 'personal firewall' things are just another exploitable application (and yes, many of them have been exploited).

    When most home users can't even use a password other than "password, how likely do you think it is that they'll do that?

    Not really seeing why this matters. Nothing is going to stop those users from being spam-zombies.

    I don't believe there is a class of users that is smart enough to operate a 'personal firewall' correctly (this is quite hard - a user that just clicks "yes" to everything is not going to gain anything from it) yet is too stupid to plug in a hardware firewall.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.