Re: firewall on budget ?

  • Thread starter Thread starter Martin C
  • Start date Start date
M

Martin C

Unless I have missed it, what no one has yet mentioned is that a software
Firewall (I actually use ZA Free behind a NAT router) is that it is mainly
there to protect against outbound problems from malware and trojans. Looking
at my logs, I see nothing inbound as the router has handled all of that.

I have used outbound protection tests (obtained from trusted sites) to
confirm that ZA is doing its job. It has blocked all the tests I have run so
far.

One problem with using the firewall is that sometimes I will get alerts in
the log which turn out to be just the PC talking to itself, but believing it
is networked. I am not at my home PC at the moment, so I cannot remember
examples.

I am not sure how good the Windows firewall is at outgoing protection, so
cannot comment.

If you want more information, post at comp.security.firewalls, but beware as
there are a lot of stroppy individuals that know their stuff, but are
arrogant and abusive with the help they give.

Martin

"Ari" <arisilverstein@yahoo.com> wrote in message
news:4vyblt37x7yw.1qet7u6fjipfz$.dlg@40tude.net...
> On Sat, 21 Jul 2007 19:58:53 -0700, Beladi Nasralla wrote:
>
>> I have a PC built for me, and I installed Windows XP SP2 on it. I
>> presume I need to put a firewall and antivirus on it to ward off worms
>> and viruses.
>
> Kerio 2.15 free and works great.
 
Firewalls do not stop virus, nor worms, nor malware.
as an example I have both a firewall router and ZA software fire wall, and
still managed to get a download trojan trying to install itself on my pc over
this last weekend, fortunatly Kaspersky caught the trojan (twice) and deleted
it.
so be safe and don't put all your eggs in one basket. Multiple avenues for
protection are better

"Martin C" wrote:

> Unless I have missed it, what no one has yet mentioned is that a software
> Firewall (I actually use ZA Free behind a NAT router) is that it is mainly
> there to protect against outbound problems from malware and trojans. Looking
> at my logs, I see nothing inbound as the router has handled all of that.
>
> I have used outbound protection tests (obtained from trusted sites) to
> confirm that ZA is doing its job. It has blocked all the tests I have run so
> far.
>
> One problem with using the firewall is that sometimes I will get alerts in
> the log which turn out to be just the PC talking to itself, but believing it
> is networked. I am not at my home PC at the moment, so I cannot remember
> examples.
>
> I am not sure how good the Windows firewall is at outgoing protection, so
> cannot comment.
>
> If you want more information, post at comp.security.firewalls, but beware as
> there are a lot of stroppy individuals that know their stuff, but are
> arrogant and abusive with the help they give.
>
> Martin
>
> "Ari" <arisilverstein@yahoo.com> wrote in message
> news:4vyblt37x7yw.1qet7u6fjipfz$.dlg@40tude.net...
> > On Sat, 21 Jul 2007 19:58:53 -0700, Beladi Nasralla wrote:
> >
> >> I have a PC built for me, and I installed Windows XP SP2 on it. I
> >> presume I need to put a firewall and antivirus on it to ward off worms
> >> and viruses.
> >
> > Kerio 2.15 free and works great.
>
>
>
 
I did not mean to imply that firewalls and routers will stop viruses and
malware. That is all down to what the PC user downloads or opens. What it
can do, however, is flag an alert if a trojan is trying to call home. This
does not work for all trojans, but as I stated, some of the tests I have run
test the firewall for this type of outgoing threat. You have to remember
that you could have received a virus before the anti virus was updated to
combat it.

Martin

"sgopus" <sgopus@discussions.microsoft.com> wrote in message
news:6983A5E4-6FFB-4AD3-AC16-87E3DB9D6753@microsoft.com...
> Firewalls do not stop virus, nor worms, nor malware.
> as an example I have both a firewall router and ZA software fire wall, and
> still managed to get a download trojan trying to install itself on my pc
> over
> this last weekend, fortunatly Kaspersky caught the trojan (twice) and
> deleted
> it.
> so be safe and don't put all your eggs in one basket. Multiple avenues for
> protection are better
>
> "Martin C" wrote:
>
>> Unless I have missed it, what no one has yet mentioned is that a software
>> Firewall (I actually use ZA Free behind a NAT router) is that it is
>> mainly
>> there to protect against outbound problems from malware and trojans.
>> Looking
>> at my logs, I see nothing inbound as the router has handled all of that.
>>
>> I have used outbound protection tests (obtained from trusted sites) to
>> confirm that ZA is doing its job. It has blocked all the tests I have run
>> so
>> far.
>>
>> One problem with using the firewall is that sometimes I will get alerts
>> in
>> the log which turn out to be just the PC talking to itself, but believing
>> it
>> is networked. I am not at my home PC at the moment, so I cannot remember
>> examples.
>>
>> I am not sure how good the Windows firewall is at outgoing protection, so
>> cannot comment.
>>
>> If you want more information, post at comp.security.firewalls, but beware
>> as
>> there are a lot of stroppy individuals that know their stuff, but are
>> arrogant and abusive with the help they give.
>>
>> Martin
>>
>> "Ari" <arisilverstein@yahoo.com> wrote in message
>> news:4vyblt37x7yw.1qet7u6fjipfz$.dlg@40tude.net...
>> > On Sat, 21 Jul 2007 19:58:53 -0700, Beladi Nasralla wrote:
>> >
>> >> I have a PC built for me, and I installed Windows XP SP2 on it. I
>> >> presume I need to put a firewall and antivirus on it to ward off worms
>> >> and viruses.
>> >
>> > Kerio 2.15 free and works great.
>>
>>
>>
 
In article <46a6f949$1_1@glkas0286.greenlnk.net>, martinC@invalid.com
says...
> I did not mean to imply that firewalls and routers will stop viruses and
> malware. That is all down to what the PC user downloads or opens. What it
> can do, however, is flag an alert if a trojan is trying to call home. This
> does not work for all trojans, but as I stated, some of the tests I have run
> test the firewall for this type of outgoing threat. You have to remember
> that you could have received a virus before the anti virus was updated to
> combat it.

Actually, a firewall with IDS services can block spreading malware
outside the network to other machines. Many "Firewall" appliances can be
set to remove/disallow downloading of .EXE (and others) files so that
users can't download them to their desktops - allowing only admins to
download them. The same is true with email - many firewall appliances
can remove attachments based on file extension or type - eliminating
that threat.

We used a cheap NAT router to block outbound SMTP from all nodes except
the house SMTP server and that stopped a couple machines that had
malware with its own SMTP engine from spreading it - it was hammering
the network trying to get out and showed in the routers logs, but it
didn't get out. Only the house SMTP server could get out for SMTP.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
 
Back
Top