Windows Legacy OS forum

General discussion

Do I need a firewall

Hi, Thank you for the previous replies. My computer emachine AMD Dempron 1.8 gh using XP desktop is starting to work better. I cleaned my computer as best as I could I had a problem in that I could not get the back off but the front popped off and I sprayed the computer with the air compressor I bought. I installed Avast, got rid of AVG 8.0.and I deleted my Jetico firewall. I also changed some of the start up programs. It only takes 5 min instead of 10 to boot up. My question is, do I need another firewall or is the firewall associated with XP sufficient. Any suggestions. Thanks again.

Discussion is locked
You are posting a reply to: Do I need a firewall
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Do I need a firewall
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
In my opinion

In reply to: Do I need a firewall

In my opinion, for probably 99% of all Windows users, the Windows firewall is perfectly adequate. I actually consider it one of the very few examples of good software engineering on Microsoft's part, which means they probably lifted it from one of the BSD operating systems. I'd guess FreeBSD, which Microsoft has been known to take networking code from in the past. All perfectly legal by the terms of the BSD license for anyone who might have some panty bunching going on.

Anyway, for the majority of people it's perfectly adequate. Some will claim it's lack of support for outbound filtering is a reason to get another firewall. I say that outbound filtering is vastly overrated. Firewalls are for keeping things OUT, not in. Besides, by the time outbound filtering is of any real use to you, you almost certainly already have the problem of a malware or virus infestation, so all it's really doing is performing something of an early warning system. Personally, I like to just prevent viruses and malware from ever getting on my system, not assuming that it is inevitable that I am hit by these things, and focusing my efforts on trapping and containing them.

Collapse -
Do I need a firewall

In reply to: In my opinion

Thank you Jimmy for your response. In your efforts to combat difficulties relating to virus, what do you do? I am currently using Avast and Ccleaner. Thank you again.

Collapse -
Well

In reply to: Do I need a firewall

Well, I have Avast running, but for the most part I just follow a set of rules that I often post for other people.

TIPS FOR A SMOOTH RUNNING SYSTEM
================================

The more of these suggestions you follow, the fewer problems you should have. Follow them all, and you've probably eliminated at least 95% of all potential problem sources.

Things you should NOT do
--------------------------------
1: Use Internet Explorer
2: Use any browser based on Internet Explorer
3: Use Outlook or Outlook Express
4: Open email attachments you haven't manually scanned with your virus scanner
5: Open email attachments you were not expecting, no matter who they appear to be from
6: Respond to spam messages, including using unsubscribe links
7: Visit questionable websites (e.g. porn, warez, hacking)
8: Poke unnecessary holes in your firewall by clicking "Allow" every time some program requests access to the Internet
9: Click directly on links in email messages
10: Use file sharing or P2P programs
11: Use pirated programs

Things you SHOULD do
-----------------------------
1: Use a non-IE or IE based browser
2: Always have an up to date virus scanner running
3: Always have a firewall running
4: Install all the latest security updates (the exception to the no-IE rule)
5: Delete all unsolicited emails containing attachments without reading
6: Manually scan all email attachments with your virus scanner, regardless of whether it's supposed to be done automatically
7: Copy and paste URLs from email messages into your web browser
8: Inspect links copied and pasted into your web browser to ensure they don't seem to contain a second/different address

To date, I don't think I've ever had a single problem since adopting those rules. But I keep programs like Avast around just in case. I may get a little arrogant from time to time, but I don't think that my system outlined above is going to prevent everything.

Should it ever happen that I get a virus, if my AV program can't clean it up pretty quickly, I don't hesitate to blow everything away and start fresh by formatting and reinstalling everything.

Collapse -
Another View

In reply to: Well

I have always used Internet Explorer for my browser and Outlook for my E-Mail. I have always trusted automatic E-Mail scanning for two reasons
1. If it does not work, then my protection system is flawed and needs to be fixed or replaced.
2. The scan engine for manual scanning is the same as that for automatic scanning, if the automatic scan fails to find a problem sol will a manual scan.
Since the mid 1990's when when I first started to use protection software, I have not been sucessfully invaded. PS The only firewall I have is the one builtin to my router.

Collapse -
There's always one

In reply to: Another View

There's always one person like you. You think that because you haven't had any problems, it somehow invalidates the experiences of hundreds of other people who HAVE had problems.

In statistics, you would be considered an outlier result. That being some data point WAY off from the norm. Another way to look at it, is that you're the exception that proves the rule. The odds of any one person winning the lottery are astronomical, yet it can and does happen to someone. There's always that one in a billion chance.

Just remember that because you've been lucky so far doesn't mean that it will always be that way. All it takes is one wrong click with IE, and you'll get to spend a delightful couple of hours, maybe days, cleaning up the mess that's created. I know from personal experience. I once spent a very hot summer afternoon in a building with no air conditioning and very low ceilings, cleaning up after someone who made just one wrong click with IE.

Also, just for the record, I wasn't suggesting that somehow a manual scan is more accurate. I suggested running a manual scan because you can never really be sure if the automatic scan was even run. If you scan the file(s) manually, then you know that they have been inspected. It's more about having a healthy dose of paranoia given how many people there are out there with viruses and/or spyware on their systems and don't even know it.

This isn't some anti-Microsoft thing, it's acknowledging the reality that Microsoft products are frequently exploited. You're welcome to whatever theory you want as to why, but it doesn't change facts. If and when Microsoft starts taking security seriously in its products, I may well have to revise some of my rules/suggestions. I just don't see that happening until Ballmer, and the rest of the Microsoft "old guard" is gone. They are still stuck in the mentality of the 80s and 90s where computers are islands unto themselves, that you sell upgrades by just cramming as many new features into a program as possible, and that usability trumps security every time. I honestly think that once the "old guard" has left Microsoft, it will very quickly be able to compete against other products on merits, and not have to resort to smear campaigns and monopolistic market tricks.

Collapse -
Hold on a second, please ...

In reply to: There's always one

Hi ...

The comment above "always one person like you" just made the hair on the back of my neck stand up ...

I'd like to submit that the "one person like you" (being me in this instance) has probably worked in the tech field for some time and is invariable the one spending most weekends with friends in front of said friend's PC trying to back them out of all the crap that they have installed on their system as a result of scare tactics like "don't use IExplorer" or Outlook in favor of a version 1.0 trial-ware (or worse yet free-ware) app.

As a Level3 Desktop Support Analyst for 15+ years I have discovered that in the corporate world there are usually really good reasons that certain products and companies are standardized ... for their support and most importantly their stability.

While I cannot say that I fully understand the direction Microsoft has taken since Mr. Gates stepped aside, I will say that after years of anti-Microsoft BS-ing and resistance, my time is much happier spent doing WORK as opposed to fixing errors and removing HORRIBLE untested software these days.

This is another "one like you" who will never back down from the tried and true and (a note to all mac-tempted consumers) WILL ABSOLUTELY NOT learn MAC (if even possible) as well as I know the PC world just to support my friends who are tired of living with the type of advice given above.

I turn to C-Net regulary to guide me in my computing decisions (both personal and professional). I'm very surprised to read advice guiding the home computer user from using tried and true software.

Collapse -
Hold on a second, please ...

In reply to: Hold on a second, please ...

Wish I was a better word-smith, but here goes...

Maybe Jimmy used the wrong term but add me to the list of non IE/Outlook support.

Better than 80% of my repair work is spyware/virus removal from clients who are retired using IE and Outlook. 90% of the infections are of the Smith-fraud family from use of IE.

These clients are the least risky users, not a clue what they are doing, but not willfully exposing them selfs. All are educated to use a web browser for mail and Firefox for browsing. No one has had a re-infection provided the grandkids do not visit.

Yeah IE is standardized, tested and a true spyware/virus catcher.
Everyone should use it, keeps Computer Shops/ self-help hero gurus busy.

Firefox is new, non-standardized, un-tested and ....
well too new to say if it becomes a spyware/virus catcher.


Bill

Collapse -
You know

In reply to: Hold on a second, please ...

You know, I really don't care what you do for a living, when you said you turn to Cnet regularly for anything besides some simple amusement, you lost all credibility with me as far as your technical aptitude goes. That, and your narrow minded views on not learning the Mac platform, which is gaining quite a significant bit of ground lately.

Standardization is a double edged sword. On the one hand, yes, it does make life of the support person easier. You can count on such and such programs being present, that they will be some specific version, etc. On the other hand, that works equally well for any hackers or other ne're do wells out there. They can probe one system and be able to reasonably assume that most or all systems on that network will be the same. So all it takes is ONE unpatched vulnerability and you've got a huge mess on your hands.

Security is achieved, in part, through variety. It's one layer on the onion so to speak. Things like the Melissa or Code Red worms would never have been able to spread as effectively as they did had the world not essentially standardized on Microsoft products. If there had been a bit more variety in the programs used, whole companies wouldn't have been brought to a grinding halt.

Still, that's not really the point. The point is is that many popular Microsoft products are riddled with security vulnerabilities. Now you can say that's because Microsoft products are so popular that they're targeted by more people... Or you can spend 5 seconds to see what a complete crock that theory is by realizing that it doesn't matter how many people poke and prod some program, there has to be something there for them to find in the first place. I could hire a million people to try and find some exploit in my simple hello world program, and I'll bet you that all one million of them will come up empty.

Anyway, it doesn't matter WHY you think it is that Microsoft programs are so frequently exploited, fact is they are. So, from a purely pragmatic vantage point, the best course of action is to avoid using the unsafe programs. I'm not claiming that Firefox or any of the others are free of exploits, just that they have a considerably lower number of them compared to Internet Explorer, that they are usually fixed faster, fixed properly the first time (Microsoft likes to come up with half-arsed fixes that only address the immediate exploit, not the mechanism being exploited, leaving room for variants) and the relative severity of those exploits found is lower than IE, or any of the other programs mention.

So, getting back to the security is like an onion, being full of layers with program variety being one of those layers... If there was more variety in the operating systems and web browsers people used, there would be much less risk of malware. The ideal situation would be having at least three operating systems and web browsers with an equal share of the overall market.

Anyway, for someone who claims to be some big shot tech but still relies on Cnet, and refuses to learn other platforms out of some misguided sense of loyalty, I think I've spent enough time on you. Respond if you like, and tell me what an arrogant ******* I am, etc, etc. Get it all out. I'll give you the last word, because I'm going to go do something more productive with my time than debate an issue with someone who places far too much importance on their job title and has a narrow minded view of the world.

Collapse -
WOW ...

In reply to: You know

Guy, take a pill ... switch to decaf or take a vacation ... or something.

You handed off some reckless advice ... and I said something about it when you made a nasty-sounding judement call on someone for rendering their opinion. I offered my exerience to validate my opinion. I try to help people ... not combat them and make them feel stupid for asking their questions.

As for the Mac thing; well, tell you what. You go out and buy one for yourself, then replace all your applications (if you can find effective replacements for your PC apps) and get your productive self back to work as soon as you can. My experience is showing me that most people coming from a PC based life are having a really difficult time grappling with Mac's inability to do what they just wanted it to do in the first place; get their work done.

Lighten up, Jimmy.

ps most real big shots that i know have a something or someone that they seek advice from occassionaly.

Collapse -
Ecellent advise...

In reply to: Well

Additionally, there are some software programs that can take care of possible malware infection when the computer in between the time the antivirus updates itself. Most free software anti-virus software updates only once a day. An infection can occur during 24 hr period while your computer is waiting for an update. That's when Comodo BOClean free software comes into play, as well as Threatfire. Read up on them. Wink

Collapse -
Excellent Advice???

In reply to: Ecellent advise...

I direct your attention to the comment "Should it ever happen that I get a virus, if my AV program can't clean it up pretty quickly, I don't hesitate to blow everything away and start fresh by formatting and reinstalling everything."

When was the last time you (or any consumer computer user) performed a complete wipe out, reformat and reinstall?

In case you haven't done one recently (and my I strongly suggest that you belive in your backup/recovery system as strongly as you do your religion), it takes roughly 1 hour to wipe and restore the original OS to the factory default condition.

However, reinstalling, reconfiguring (you did save all your indivudal program configuration settings and included them in your current and complete backups, right?) software AND data without the benefit of a corporate network can take a really, really long time. If you are ever able to fully recover everything.

My excellent advice? Spend two minutes with anyone seekng my advice on such matters educating them as to the horrors of opening unsolicited email, using LimeWire and that an offer of "free-porn" is absolute rubbish (and by trying to access such a site will also probably render their PC rubbish as well).

The PC has really come a long way ... and I couldn't be happier and more productive at home. But if you need the data on that PC and inevitably use the machine for more than a media player, BE CAREFUL with it!

An old, old, old DOS term comes to mind ... "Garbage In {means that you will get} Garbage Out."

Collapse -
Since that was my comment

In reply to: Excellent Advice???

Since that was my comment you quoted I'll respond.

I've formatted my system and done a complete reinstall so many times I could have the whole thing back up and running in about 2 hours. That included reinstalling programs, redoing custom settings, etc.

Though lest you get the wrong idea, I have kind of a fickle personality. So the reason I was formatting so often is that every couple of months I'd decide I wanted to run Linux for a while. Then after a couple months of that, I'd decide to go back to Windows, rinse and repeat.

But in general, I believe in prevention over damage control.

Collapse -
do you need a firewall

In reply to: Do I need a firewall

You do need a firewall. I believe that what windows offers is not enough. It's very easy to find a good one. go to google and write "best firewalls". You will find some free. you can write again in google search "best antivirus" and there are some free also. I like zone alarm and I use it.

Collapse -
I Prefer a Two-way Firewall

In reply to: In my opinion

May I respectfully disagree with your assessment that a firewall covering only your incoming traffic is sufficient?

I am by NO means an expert, but in my view it's completely plausible for someone to inadvertently install some spyware that is NOT destructive and if you're not running an anti-spyware utility, the spyware might go unnoticed. You ask, "Well, if it's not destructive, what's the problem?"

The problem is that the malware/spyware would be searching for personal info on your system. Once collected, the malware would try to send the personal info over the net. If there's no firewall watching what goes out, you lose. With a two-way wall, you'd get an alert that "Spyware.exe is trying to access the Internet." Whenever I get an alert for something I'm not running, I deny such requests. If there's some doubt, I try to check on unfamiliar process names at http://www.processlibrary.com/ .

Just my humble opinion.

Collapse -
Certainly

In reply to: I Prefer a Two-way Firewall

Certainly, you can respectfully disagree, just as I will with your reasoning.

To my mind, it's better to prevent the malware or whatever from ever getting on the system in the first place. That, and firewalls aren't really the right tool for the job if you're looking for some kind of early malware warning system. If you're that worried about it, then some malware scanner with real-time scanning would be a MUCH better option.

Plus, the XP firewall DOES actually do both in and out filtering. It's just you have to go in and manually configure it, which was rather difficult pre-SP2, and by that point this nonsense about it not doing outbound filtering had 2 years to take hold.

Still, I stand by the statement that the XP/Vista firewall is perfectly sufficient for virtually all Windows users. Inbound filtering only or not, the majority of what people need in a firewall is something to keep the automated probes at bay long enough to install security patches plugging any holes they might exploit.

Collapse -
I disagree

In reply to: I Prefer a Two-way Firewall

If it gets into your system in the first place, it's game over. Spyware also traditionally masquerades as a system service, and believe me once you've said "yes" to every single legitimate program on your computer to access the internet, you'll say "yes" to anything that looks important.

That's why "I use Internet Explorer and Outlook Express and an anti-virus" is an example of shutting the gate after the horse has bolted. If your anti-virus software doesn't know about the infection yet, once the malware is on your system it can do ANYTHING. It can disable your anti-virus software, it can start spying on you.

A virus coming down the pipe can actually be formed in such a way that it overflows the buffer of the virus scanner, and inserts code directly into the anti-virus program to run system commands. Then it's game over without you know a darn thing.

Collapse -
heres what i use

In reply to: Do I need a firewall

i use windows xp professional, along with these 2 programs. i use the norton internet security antispyware edition, which i believe is a much better, more secure and more up to date firewall than the one that microsoft offers. it doesnt use hardly any system resources and gets almost all viruses, but doesnt fare too well on the spyware front. for that i use a free program called Spyware Terminator. i think that it is the best freeware spyware scanner. it nets nearly 100% of all spyware/adware/malware/ect, and the rest can be taken care of typically by dumping the temporary internet files, which i would recommend doing anyways.

Collapse -
Firewalls

In reply to: heres what i use

The problem with many third party firewalls is that they will ko any network! If you have several computers networked together, networking will no longer function after installing added firewall. I have found the one in XP Pro to be sufficient for me...as for spyware, I use Spyware Doctor, and my AV is Avast on all networked computers...no problems. Avast also scans my email automatically.

Collapse -
Yes, Firewalls Sometimes Cause Problems

In reply to: Firewalls

I have to agree that firewalls can make life a little difficult sometimes. In my own case I've learned that some things will not install. For instance, as I just installed Windows Home Server (WHS), the installation utility was repeatedly failing. I never suspected the firewall because I supposed that the my firewall software would generate an access request and I'd simply respond appropriately and everything would be okay.

However, as I tried to install WHS, I got no access requests and no error messages either; it simply didn't work. Eventually I began to suspect Zone Alarm. I shut it down while performing the installation and was finally able to get it installed. Afterward, I re-started Zone Alarm, it popped up a few access requests that I answered, and everything has been okay ever since.

Collapse -
Say no to Firewall

In reply to: Do I need a firewall

The firewall built into XP sufficient is absolutely a RUBBISH.I never believe THAT THING will work.Anyway,I don't get any firewall in my PC.Humanity is clever than any softwave.

Collapse -
And so what

In reply to: Say no to Firewall

And so what evidence do you have to back up the claim that the XP firewall is rubbish? In all likelihood, it's an adapted version of FreeBSD's ipfw, widely considered one of the best firewalls around, just with a distinctly Microsoft front end to it. Virtually all the rest of the Windows networking stack came from FreeBSD, why not the firewall?

Collapse -
firewall yes or no i say yes

In reply to: Do I need a firewall

I have Sygate 5.6 installed on everything I use. When someone says to me outgoing doesn't need to be monitored, I say to them its the stuff leaving my machine that is the problem. None of my personal information comes from somewhere else. Its on the machine I'm using. If a Trojan or Worm gets in and my info leaves my machine to someone else, then I have a problem. Also a 5 minute boot time on an 1800 machine is ridiculous, and its been my experience that its the precursor to hard drive failure. You might want to look into making a backup onto some other drive or media of your critical files ASAP.
P.S. I'm not a big fan of the firewall installed in XP if I can find the machine with the firewall turned on and no hole its not doing its job

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.