Ask LJ: Firewalls

[coraa]

Firewalls!

The subscription to Trend Micro PC-cilin that came with my laptop just ran out, and I'm looking at other firewall options for my laptop. I tried the ZoneAlarm free firewall, and it seems to work pretty well... except that, when I'm on my desktop, it won't let me access my laptop via 'my network places' anymore. And the free version of ZoneAlarm doesn't give me any way to tell it 'yes, attempts to access this laptop from that computer are legit and should be allowed.' Since copying files over from the desktop via web folders/network places is a major part of my file synchronization/backup process, this isn't a feasible situation.

Then I wonder whether just using the router's firewall (I know it has one, because Pav has done some fiddling with its configuration) would be sufficient.

So, because LJ Is My Decision-Making Process, a poll:

[Poll #1176173]

Also, and this is for comments, do you like what you use? Would you recommend it? Or does it annoy you?

(I'm actually not irritated at all, but the icon was too appropriate not to use...)

Comments

[theinated.livejournal.com]

Well, it's not safe to use Windows without a firewall, imo. Especially if you're like most windows users and run everything in administrator mode, that's just asking for devestation.

[coraa.livejournal.com]

Right, I wouldn't be comfortable running without a firewall. It's just a question of whether the router's firewall is good enough, and if not, which one to use.

[theinated.livejournal.com]

Most routers will generally only protect from incoming connection attempts. Which is fine for protecting you from external attacks, but it doesn't protect you from rogue software/plugins/websites/etc which are running on your computer, which wil generally make outgoing connection attempts to download moar zombie parts and turn your machine into an infested frankenzoo of viral spam regurgitation and denial of service attacks, which can cause your ISP to cut your ass off, and do fsmknowswhat to your machine and data.

Which is why the software firewalls on the Windows PC are still essential even when used in conjunction with a network firewall. They let you know when suspicious applications start getting up in your grill so you can exterminate annihilate destroy.

[ceph.livejournal.com]

Aw, you're so CUTE in paranoid-network-admin mode! ::pats you on the head::

[sithjawa.livejournal.com]

How does a firewall protect you from rogue software? Do software firewalls block outgoing requests?

Your second paragraph suggests that they *log* outgoing requests or otherwise provide notification. What firewall does this? (Have I had this capability all along and not known it??)

[jmpava.livejournal.com]

I'm about 80% sure that the router is set up with a firewall. This means I'm 80% sure that YOUR router is set up with a firewall ;->

That said, I've had no problems in the last 2 years or so with a combination of that router, AVG (for virus) and no script (for when I'm stupid). I do make a point of turning the windows firewall on when I'm traveling, but that's about it.

[coraa.livejournal.com]

Yeah, that's a good point.

[jmpava.livejournal.com]

Actually, I appear to have the windows firewall on as well for some reason. With a lot of app/port exceptions. Probably to shut up the OS from yelling at me.

Oh well, I'll jut have to remember that if I get an error 6000, I need to enable port 5050 (since this is XP win32 ;-> ) and 5051, eh? ;->

[jmpava.livejournal.com]

I figured I'd check and I'm now 100% sure we're behind the router firewall. I'm sure its sucktastic, but that still puts us at more annoying to bother with then 98% of the rest of the internet world.

[marvinalone.livejournal.com]

I don't believe the 3rd party firewalls do anything that you can't do with the Windows firewall. Hence, I categorize 3rd party firewalls somewhere between "ripoff" and "crapware".

[canis-ridens.livejournal.com]

I use and like ZoneAlarm, but, years ago, I had a similar issue when I wanted to transfer some files to another PC on my parent's network. The problem had been that, at the highest security level, it's in "stealth mode," and none of the other computers on the network could see it. I had to drop the security to the then-available minimum level to transfer the files. It's not something I run into often; the firewall doesn't even seem to have a minimum security level anymore, so that tells you how long it's been since I've done network transfers. I don't like the idea of having to drop security or turn the firewall off just to transfer some files, though.

As a side note, I'd avoid anything Norton. College taught me that their virus protection was worthless (but that AVG's is pretty good!). I have their firewall at work, and it's just like the Mac "Cancel or Allow?" ads about Vista. It's constantly asking about applications after they're updated, and the rules it suggests it accept are always far to permissive. Updating programs also seems to cause it to junk custom rule sets. I upgraded PostgreSQL to the latest 8.2 version, and, instead of keeping the server limited to connections on a specific port from specific IPs, it was allowing all connections to and from it. No one was able to take advantage of this, as there are a few other measures in place to protect it and it's not something commonly exploited, but damn! If I'd been using it at home, and installed an update containing a Trojan for something like IM software, it would be able to send and receive data on any port it liked. Not good.

[sithjawa.livejournal.com]

I need to make a side note here (probably irrelevant to coraa but potentially important to people thinking about Windows firewall) that I discovered recently, to the tune of several hours of beating my head against a server cabinet: Never run Windows firewall on a W2K3 server if you have the W2K3 server's built-in VPN support enabled. NEVER. They're incompatible. You will have to not just stop but remove the VPN support in order to ever run the firewall, and of course when you remove the VPN support it'll forget all your settings and you'll have to reconfigure.

I don't know if this is true of anything but a 2K3 (and maybe 2K) server. If anyone's successfully running the built-in versions of VPN and firewall on, say, vista, please let me know.

So anyway, that is one situation you should use a third-party firewall.