 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Hi Everyone
I have just read on a website (ask Leo) that if you have a nat enabled router you do not need a Firewall is this true if so I have a Netgear DG834GSP can anyone tell me is this nat enabled or how I can find out if it is nat enabled. I did try to find out on Netgear website but there must be a problem with the site at the moment.
Cheers Steve
Discussion is locked
Yes, install a firewall. Recommended is Zone Alarm free.
NAT itself is no substitute for a proper firewall, though it's a concept a lot of self-styled computer experts have a tough time wrapping their heads around. It's one way to help weed out the wannabe security experts from the real experts.
Most routers today have a firewall built into the firmware, which generally does a pretty good job of things. However, there are basically two schools of thought on whether or not a second firewall is useful or not.
On the one hand, firewall protection does not tend to stack. Having 2 firewalls does not automatically make for 2X the protection. Usually it makes for 2X the complications, with no added security.
On the other hand, if you have more than one system on your own internal LAN, and one of them becomes infested with something, your other LAN systems are likely completely undefended against this.
IMO, if for whatever reason you insist on using Internet Explorer as your main browser, you'd be wise to have a second firewall around. If you're not particularly attached to IE, and are willing to/already have switch to Firefox/Opera/Safari... Probably not so important.
If your router really does only have NAT, and no firewall of any kind, then you should probably switch on XP's firewall. It's the only software firewall for Windows that I approve of, and that's because it's not this giant bloated mess of a program that has a kitchen sink feature thrown in there somewhere just for good measure. It's small, basic, functional, light on resource use, and it gets the job done as far as the average user is concerned. It's one of the rare instances of good software engineering on the part of Microsoft.
I personally find ZoneAlarm, and others like it, to be this huge bloated mess of a program that wastes RAM and CPU time on pointless activity indicators and making things look pretty. Flashing lights and shiny exteriors have long been a staple of marketing things to the less intelligent, and it's a sad testament to our culture that it continues to work so well. Once you strip away all the pomp and flash and look at ZoneAlarm as a firewall... It's really no more effective than XP's firewall when you get down to it, and it uses several times the resources.
And I'm sure there will be at least one person who has to chime in with the obligatory, "XP's firewall doesn't do outbound filtering!!!1!11!!! Durrrrrr!" The comment itself is false, but even if it weren't, it's really not the job of the firewall to filter outgoing traffic. A firewall is supposed to make sure traffic coming IN is safe. Ensuring traffic going OUT is safe is more the domain of the virus scanner and the user. After all, you CAN control what programs are on your computer, but you CAN'T control what programs are on other people's computers. So filtering traffic from other systems makes sense, but filtering your own... Not so much.
Hi Jackson
First of all thank you for an extremely informative piece of advice I did have Comodo Firewall but I have uninstalled it now and turned my windows firewall back on I agree also with what you say about huge bloated mess of programmes which I believe to be true when talking about most antivirus and spyware programmes. Your post answered all my question cheers. And yes I am still using IE but am seriously thinking of trying safari.
THanks
Steve
Don't switch browser because someone tells you to. Its perfectly easy to secure IE against many things by setting the internet zone security settings all to "disable" or high security. Thusly, only sites you allow into the trusted zone will allow scripts or whatnot. Then there's putting your cookies up to "high" and again, only allowing the sites you wish. Of course you move onto blocking execute permission from your local temp folder (cripples nearly all forms of software installation - that goes for malware too) and then of course Group Policy and Registry Editing. No to mention that you should be running as a standard user - not the administrator, and that all profiles, even the guest, should be password protected with a long and sophisticated password that is, in good practice, more than 15 characters long, I believe.
Too many people are just eager to jump on the bandwagon at false information. And I know, because I myself used to be a Firefox fanboy until it became apparent that its really just another piece of software.
Many people simply misunderstand the architecture of Windows (like I say, I have been down the "avoid MS software at all costs!!!1 zomg rofl" road and when you find your head you will (1) learn to become more fair towards all types of software and (2) wake up and realise that Windows is actually very securable.
First off, relying simply on the trusted domain system is not a wise idea. Say Cnet is in your trusted domain list, and tomorrow someone hacks into the Cnet servers, and alters some of the scripts to include malicious content? All that trusted domain security flies right out the window. There's also the issue of cross-site scripting attacks, which will tend to sidestep that trusted domain system.
Secondly... That's an awful lot of work to go to to secure Internet Explorer/Windows, when simply using something else nets you pretty much the same results.
Granted, user ignorance is probably the leading cause of all security problems, and likely will continue to be the far and away leader for quite some time. If every user of Internet Explorer stopped to think for a second before just clicking "Yes" to every dialog box that popped up in front of them, malware would be a minor annoyance instead of a growing plague. If every Outlook/Outlook Express user were to stop and ponder why someone they don't know would be sending them nude photos of some celebrity, events like those with the Melissa worm of a few years ago probably never would have happened.
Yes, Windows and other Microsoft products can be secured, but there will ALWAYS be gaps in that security, and it will ALWAYS be considerably more effort to do than virtually anything else. The reason for this is quite simple, and it's that Microsoft doesn't consider security important. It's a distant second to usability in Microsoft's corporate culture.
Now, if Microsoft were to do an about face on this, and redesign every last one of their programs, from scratch, with security on an equal footing to usability... I would be among the first to condone their actions. I would actually be quite happy to see a completely rewritten version of Windows, even if it offered no new features... Even if it had fewer features, I would see it as a very positive first step. From the bits and pieces I keep hearing from different sources, the Windows code base has gone about as far as it's going to go, and a completely rewritten Windows is likely to be the only option left to Microsoft soon. If, at that time, they take security more seriously, I'll applaud their efforts.
And for that matter, the same goes for pretty much any major program. I'd love to see the Mozilla developers scrap the current code base, and rewrite the entire browser from nothing, incorporating all the lessons they've learned thus far. Same goes for the Linux kernel, Xorg, and KDE (though the KDE developers do tend to be quite willing to toss out huge chunks of the codebase when someone comes up with something new and better). I'm not just singling out Microsoft, though they arguably have the most to prove, as well as gain.
That security issues are a function of the market share or popularity of a program... Just take a minute to really think about that, and see if you can't spot some of the numerous gaping holes in that line of reasoning.
If you meant something else... Then I guess I missed it.
If you insist on doing high risk things like use file sharing programs, Internet Explorer, etc... Then it's a good idea to have one around in addition to a router with a firewall.
If you avoid high risk behavior, and know the basics of safe browsing... It's probably not necessary.
If you have an older router without a firewall in the firmware, it's an absolutely yes, regardless of high risk behaviors.
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic