It Depends On The Router & Your Network Status
by
Grif Thomas
Forum moderator
October 23, 2006 8:43 AM PDT
..and the type of firewall your router has.
Most routers use a NAT (Network Address Translation) setup which "hides" your internal IP address from the outside. This is not a true firewall although it is occasionally called such. Not all routers use a complete stateful inspection firewall.. The Stateful inspection firewall is better and only the pricier routers have them. It is the recommended type of hardware firewall because it can be configured to provide the best security. Although a NAT provides some security for many home users, it will suffice only as long as your not on a home network with other users and you don't have a lot of valuable information on your computer. If you only have a NAT type firewall, you should probably consider adding something else.
If you are on a home network with other computers that you do not trust, then you may want to consider using a software firewall in addition to the router firewall. If other computers on the network become infected with "Network aware" viruses/trojans/etc., it is possible to infect your computer by working inside the network.
Just my opinion.. And hope this helps.
Grif
Firewalls and routers
by
avsenses
October 23, 2006 9:28 AM PDT
Many thanks, Grif. I share two computers at home with my wife, and they are connected by a router which was given to us. I suspect it is not a valuable one. Since we share everything, there shouldn't be a need for an additional firewall should there?
So What Happens If???
by
Grif Thomas
Forum moderator
October 23, 2006 9:51 AM PDT
...your wife accidently views an e-mail message that has a virus in it.. Her computer gets infected and since you're sharing everything, your computer gets infected too. NOT a good thing.
A software firewall will help prevent that instant spread and BETTER YET....DON'T share everything.. There is no reason to "share" the "Windows" folder or the entire "C" drive.. That's how viruses are spread.. Instead, share ONLY the "My Documents" folder or only specific folders that each of you need. (I tend to create a new "Temp" or "Shared Files" folder so files can be passed back and forth but "Full" access isn't allowed on any other folders in the computer.) In addition, even with those folders that are shared, you may be able to limit the types of "permissions" that each user has.. Think carefully about it.
Hope this helps.
Grif
MOST CAN
Mine has that feature. Most do. You can find the configuration and options in GENERAL SETUP.
To elaborate on Grif's good answers:
by
Paul C
October 24, 2006 7:45 PM PDT
I believe in what in the military is known as "layered defense." That is the notion that the harder it is to break into a PC, the more likely a bad guy will just move on to an easier target. Consider a car thief; most will bypass cars that are locked and seek instead the ones that aren't locked.
A router's firewall, whether NAT or stateful, can do a good job of protecting a PC from outside attacks. But, what if you ALLOW malware to get on your hard drive? The bad guys increasingly use the technique of social engineering to gain access to a PC by deceiving the user that all's well when it's not at all well.
Hence, layered defense. A good two-way software firewall (that excludes the WinXP one) will warn the user when a program first attempts to access the Web. The user can then decide whether he or she wants that to happen; in some cases, that warning may alert the user to the presence of malware.
All of this, of course, does not mean that users should depend solely on firewalls; good antivirus and antispyware apps - kept properly and regularly updated - are also a must.
Hope this helps,
Paul
Thanks, guys
by
avsenses
October 25, 2006 2:05 AM PDT
Thanks, guys. You've convinced me to use both a router and a software firewall. Which software firewall would you recommend?
jon
What connection issues have you noted with the 6.5 updates
by
unomix
October 26, 2006 9:30 PM PDT
Just curious, as I have had some as yet unknown problems in the past and wonder if this might be one explanation
thanks
Not Just Connection Issues..
by
Grif Thomas
Forum moderator
October 27, 2006 8:36 AM PDT
The most common was actually a program and computer "shut down" problem... I had it on three different machines... After installing ZA 6.5 versions, including the most current, there were occasions when the computer and various programs would lock up the machine when attempting to shut down.
In regards to connection issues, two of my customers running XP computers would intermittently have connection problems.. Unfortunately, it seemed like it occurred at the same time as program shut down issues from the first paragraph.. While using their DSL or cable connection, if the user would attempt to immediately connect after shutting down a program, the connection would sometimes fail.. The only fix was to reboot the computer.
Hope this helps.
Grif
Hi grif I been using ZA 6.5
fro some time and have little if any problems with it. I use dsl and there are little problems that I have with disconnections and most are from my router. rocky
Collapse -
Rocky, I've Had Success On A Few Machines As Well...
by
Grif Thomas
Forum moderator
October 28, 2006 9:01 AM PDT
..and the newest ZA 6.5.737.000 version is working better than the first 6.5 versions, but unfortunately, I've also had a few problems on other machines.. There have been a few others on these boards which have also had similar issues with the newest ZA.
If it's working for you, great! Stick with it.
Hope this helps.
Grif
What advantage are these updates and do we need them?
by
unomix
October 29, 2006 2:59 AM PST
I have had similar problems as you described and wonder what do these updates contain that are causing these problems and do we need the updates to be protected?
Thanks
Collapse -
Check This Link...
by
Grif Thomas
Forum moderator
October 29, 2006 8:23 AM PST
..for the revision history for ZA:
http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html
As to whether we need them??...not really. You'll notice that the "fixes" between the newest 6.5 versions and the last 6.1.744.001 are only program reliability fixes.. Nothing is related to "vulnerability" problems. And in my opinion, the 6.1 version is more reliable anyway.
Hope this helps.
Grif
According to Steve Gibson
You are safe with a hardware firewall. I heard him describe this on a recent podcast. (Security Now)
Collapse -
Safe
by
The Fly
October 26, 2006 11:16 PM PDT
"Safe" is a matter of personal definition. If you really do not have anything that would create a problem if it is compromised and you do not have concerns about having to reformat and restore everything then a good SPI firewall router should do the trick. You should keep in mind that there are tracks on your computer that are not readily thought about. Your swap file, any last used files, temp files, etc. so if you are doing any financial work even if you do not keep it on yor computer, there may be tracks that can be recovered.
Bascially, I agree with Paul C that a "layered" approach is required for all but those who literally do not do anything at any time that might cause financial or other problems if the data was recovered.
A firewall that I have found to be very good is Comodo. It can be installed with the default settings for good protection (better IMHO than ZoneAlarm or Kerio) and can be tweaked to provide practically impervious protection for anyone who is so inclined. It passed all the leak tests for me when I set to "Ask" for everything. This is not a setting that many would use, but if protection is tantamount then it does the job. The default protection is not perfect, but provides fewer leaks than ZoneAlarm or Kerio.
Steve Gibson Podcast...
by
GG25
October 27, 2006 3:38 AM PDT
Well it was correct he mentioned a Hardware firewall, he actually suggested using two.. if I remember correctly..
Collapse -
Norton Internet Security 2006 for myself and Ghost
I have that and it have an integrated firewall I love it because my daughter and son go and download a lot from the Internet and I don't have to worry if they go a Virus in their computer. My Cable/DSL Router is made by SMC and I use a switch because I have reach more then 4 connection to it on the wired side. I prefer wired to WiFI harder to install because of wire but way much safer without having to go deep in the security unlike WIFI Router, more reliable transfer (No dead spot) no close neighbour looking on my home network too.
So to resume I have DSL a Router and a switch 8 port, I want to add that since I have added a 8 port switch it took the load away from my router and file transfer between PC are even smoother then before.
S.Gibson-special cases--Behavior assessment most important.
by
jazzdbo
October 27, 2006 12:33 PM PDT
The Steve Gibson thread about multiple routers--that was only for special situations such as when part of a wireless network was only capable of WEP encryption, that portion could be nested with the WPA encypted part of the network.
I've run only router with updates and Windows firewall (for the internal network protection if ever needed) for years. I am very very well-behaved however, I read EULAs, and I don't hold hands with anything and skip with it back to my computers (like even think of opening an attachment unless its triple confirmed legitimate and genuine--and even then I might defer).
Assess your network users level of competence, vigilance and ability to recognize potentially dangerous ''clicking'' behavior and proceed from that answer. I run two systems actually with no updating (other than what is needed to make some applications work) or firewall (other than the router) whatsoever without a problem but I know if my nieces had just 10 minutes with either, they would probably be infected.
(NT)
(NT) Not enough.