firewall on budget ?

[Ext User(Beladi Nasralla)]

Hi there,

I have a PC built for me, and I installed Windows XP SP2 on it. I
presume I need to put a firewall and antivirus on it to ward off worms
and viruses. I am more concerned about the firewall. I installed
ZoneAlarm Free Edition, and it worked al'right. However, it always
bothered me by asking me to pay up, so that I uninstalled it. My
computer is currently running on the in-built Windows firewall. Is
this OK ?

As an antivurus, I am using AVG Free Edition, and it seems doing its
job. Also, I can get a corporate edition of Trend Micro's PC-cillin
from my employer for little money; should I get it ? Thanks.

[Ext User(Leythos)]

In article <1185073133.439352.249850@e9g2000prf.googlegroups. com>,
nasra11a@yahoo.com says...
> Hi there,
>
> I have a PC built for me, and I installed Windows XP SP2 on it. I
> presume I need to put a firewall and antivirus on it to ward off worms
> and viruses. I am more concerned about the firewall. I installed
> ZoneAlarm Free Edition, and it worked al'right. However, it always
> bothered me by asking me to pay up, so that I uninstalled it. My
> computer is currently running on the in-built Windows firewall. Is
> this OK ?
>
> As an antivurus, I am using AVG Free Edition, and it seems doing its
> job. Also, I can get a corporate edition of Trend Micro's PC-cillin
> from my employer for little money; should I get it ? Thanks.

A simple NAT router will do more and better than ZAP or Windows XP
Firewall in most all cases. Linksys BEFSR41 or a wireless version is
under $50 and provides protection from inbound attacks.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

[Ext User(Beladi Nasralla)]

On Jul 22, 12:03 pm, Leythos <v...@nowhere.lan> wrote:
> In article <1185073133.439352.249...@e9g2000prf.googlegroups. com>,
> nasra...@yahoo.com says...
>
> > Hi there,
>
> > I have a PC built for me, and I installed Windows XP SP2 on it. I
> > presume I need to put a firewall and antivirus on it to ward off worms
> > and viruses. I am more concerned about the firewall. I installed
> > ZoneAlarm Free Edition, and it worked al'right. However, it always
> > bothered me by asking me to pay up, so that I uninstalled it. My
> > computer is currently running on the in-built Windows firewall. Is
> > this OK ?
>
> > As an antivurus, I am using AVG Free Edition, and it seems doing its
> > job. Also, I can get a corporate edition of Trend Micro's PC-cillin
> > from my employer for little money; should I get it ? Thanks.
>
> A simple NAT router will do more and better than ZAP or Windows XP
> Firewall in most all cases. Linksys BEFSR41 or a wireless version is
> under $50 and provides protection from inbound attacks.

My early experience with connecting a PC with no firwall to the
Internet (via dial up) shows that it gets infected with a worm within
20 minutes. So that now I always put a firewall between my PC and the
Internet. Now my PC is connected to the Internet via a NetComm NB5
ADSL2+ modem router. You think this will repel the worms ?

[Ext User(Leythos)]

In article <1185074631.141883.271760@z24g2000prh.googlegroups .com>,
nasra11a@yahoo.com says...
> On Jul 22, 12:03 pm, Leythos <v...@nowhere.lan> wrote:
> > In article <1185073133.439352.249...@e9g2000prf.googlegroups. com>,
> > nasra...@yahoo.com says...
> >
> > > Hi there,
> >
> > > I have a PC built for me, and I installed Windows XP SP2 on it. I
> > > presume I need to put a firewall and antivirus on it to ward off worms
> > > and viruses. I am more concerned about the firewall. I installed
> > > ZoneAlarm Free Edition, and it worked al'right. However, it always
> > > bothered me by asking me to pay up, so that I uninstalled it. My
> > > computer is currently running on the in-built Windows firewall. Is
> > > this OK ?
> >
> > > As an antivurus, I am using AVG Free Edition, and it seems doing its
> > > job. Also, I can get a corporate edition of Trend Micro's PC-cillin
> > > from my employer for little money; should I get it ? Thanks.
> >
> > A simple NAT router will do more and better than ZAP or Windows XP
> > Firewall in most all cases. Linksys BEFSR41 or a wireless version is
> > under $50 and provides protection from inbound attacks.
>
> My early experience with connecting a PC with no firwall to the
> Internet (via dial up) shows that it gets infected with a worm within
> 20 minutes. So that now I always put a firewall between my PC and the
> Internet. Now my PC is connected to the Internet via a NetComm NB5
> ADSL2+ modem router. You think this will repel the worms ?

The NAT router blocks "unsolicited" connections to the PC, it's sort of
a 1 way filter - it lets you out, but only lets external sites
talk/reach your PC if you contact them first.

Many people use NAT routers are their primary protection method with no
firewall at all and have no problems.

Security is more than the firewall, it's not using easy to compromise
apps, keeping updates installed, not doing things that put you in harms
way, monitoring your firewall logs (as you can easily monitor the
Linksys devices for in/out traffic), and many other things.

If your address is not a private address then your Modem is not doing
NAT, and if you have a live public IP then you're screwed without a
barrier device.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

[Ext User(Mellowed)]

"Beladi Nasralla" <nasra11a@yahoo.com> wrote in message
news:1185073133.439352.249850@e9g2000prf.googlegro ups.com...
> Hi there,
>
> I have a PC built for me, and I installed Windows XP SP2 on it. I
> presume I need to put a firewall and antivirus on it to ward off worms
> and viruses. I am more concerned about the firewall. I installed
> ZoneAlarm Free Edition, and it worked al'right. However, it always
> bothered me by asking me to pay up, so that I uninstalled it. My
> computer is currently running on the in-built Windows firewall. Is
> this OK ?
>
> As an antivurus, I am using AVG Free Edition, and it seems doing its
> job. Also, I can get a corporate edition of Trend Micro's PC-cillin
> from my employer for little money; should I get it ? Thanks.


I've used Sygate for years. It doesn't bug you. You can still get it here.
http://www.oldversion.com/program.php?n=sygate

[Ext User(Computerflyer)]

On Jul 22, 1:39 pm, Leythos <v...@nowhere.lan> wrote:
> In article <1185074631.141883.271...@z24g2000prh.googlegroups .com>,
> nasra...@yahoo.com says...
>
>
>
>
>
> > On Jul 22, 12:03 pm, Leythos <v...@nowhere.lan> wrote:
> > > In article <1185073133.439352.249...@e9g2000prf.googlegroups. com>,
> > > nasra...@yahoo.com says...
>
> > > > Hi there,
>
> > > > I have a PC built for me, and I installed Windows XP SP2 on it. I
> > > > presume I need to put a firewall and antivirus on it to ward off worms
> > > > and viruses. I am more concerned about the firewall. I installed
> > > > ZoneAlarm Free Edition, and it worked al'right. However, it always
> > > > bothered me by asking me to pay up, so that I uninstalled it. My
> > > > computer is currently running on the in-built Windows firewall. Is
> > > > this OK ?
>
> > > > As an antivurus, I am using AVG Free Edition, and it seems doing its
> > > > job. Also, I can get a corporate edition of Trend Micro's PC-cillin
> > > > from my employer for little money; should I get it ? Thanks.
>
> > > A simple NAT router will do more and better than ZAP or Windows XP
> > > Firewall in most all cases. Linksys BEFSR41 or a wireless version is
> > > under $50 and provides protection from inbound attacks.
>
> > My early experience with connecting a PC with no firwall to the
> > Internet (via dial up) shows that it gets infected with a worm within
> > 20 minutes. So that now I always put a firewall between my PC and the
> > Internet. Now my PC is connected to the Internet via a NetComm NB5
> > ADSL2+ modem router. You think this will repel the worms ?
>
> The NAT router blocks "unsolicited" connections to the PC, it's sort of
> a 1 way filter - it lets you out, but only lets external sites
> talk/reach your PC if you contact them first.
>
> Many people use NAT routers are their primary protection method with no
> firewall at all and have no problems.
>
> Security is more than the firewall, it's not using easy to compromise
> apps, keeping updates installed, not doing things that put you in harms
> way, monitoring your firewall logs (as you can easily monitor the
> Linksys devices for in/out traffic), and many other things.
>
> If your address is not a private address then your Modem is not doing
> NAT, and if you have a live public IP then you're screwed without a
> barrier device.
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999f...@rrohio.com (remove 999 for proper email address)- Hide quoted text -
>
> - Show quoted text -

Check out ghostwall. It resembles a rule based router-firewall more
than a bloatware internet protection package. If you are savy enough
to set it up, it works as advertised.

[Ext User(Leythos)]

In article <j6a6a3d3svghkfrf3uvsnmctmc3r3dp5mo@4ax.com>,
b__nice@hotmail.com says...
> On Sat, 21 Jul 2007 23:39:18 -0400, Leythos <void@nowhere.lan> wrote:
>
> >If your address is not a private address then your Modem is not doing
> >NAT, and if you have a live public IP then you're screwed without a
> >barrier device.
>
> You're implying that the Windows Firewall is remotely exploitable. Got
> any references to that?

It's locally exploitable - look at anyone running as a local admin, and
any software that wants to create an exception in the WF. Even AOL will
create exceptions without you knowing about it. All you have to do is
google.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

[Ext User(Leythos)]

In article <1185080864.730283.306800@x40g2000prg.googlegroups .com>,
computerflyer@gmail.com says...
> On Jul 22, 1:39 pm, Leythos <v...@nowhere.lan> wrote:
> > In article <1185074631.141883.271...@z24g2000prh.googlegroups .com>,
> > nasra...@yahoo.com says...
> >
> >
> >
> >
> >
> > > On Jul 22, 12:03 pm, Leythos <v...@nowhere.lan> wrote:
> > > > In article <1185073133.439352.249...@e9g2000prf.googlegroups. com>,
> > > > nasra...@yahoo.com says...
> >
> > > > > Hi there,
> >
> > > > > I have a PC built for me, and I installed Windows XP SP2 on it. I
> > > > > presume I need to put a firewall and antivirus on it to ward off worms
> > > > > and viruses. I am more concerned about the firewall. I installed
> > > > > ZoneAlarm Free Edition, and it worked al'right. However, it always
> > > > > bothered me by asking me to pay up, so that I uninstalled it. My
> > > > > computer is currently running on the in-built Windows firewall. Is
> > > > > this OK ?
> >
> > > > > As an antivurus, I am using AVG Free Edition, and it seems doing its
> > > > > job. Also, I can get a corporate edition of Trend Micro's PC-cillin
> > > > > from my employer for little money; should I get it ? Thanks.
> >
> > > > A simple NAT router will do more and better than ZAP or Windows XP
> > > > Firewall in most all cases. Linksys BEFSR41 or a wireless version is
> > > > under $50 and provides protection from inbound attacks.
> >
> > > My early experience with connecting a PC with no firwall to the
> > > Internet (via dial up) shows that it gets infected with a worm within
> > > 20 minutes. So that now I always put a firewall between my PC and the
> > > Internet. Now my PC is connected to the Internet via a NetComm NB5
> > > ADSL2+ modem router. You think this will repel the worms ?
> >
> > The NAT router blocks "unsolicited" connections to the PC, it's sort of
> > a 1 way filter - it lets you out, but only lets external sites
> > talk/reach your PC if you contact them first.
> >
> > Many people use NAT routers are their primary protection method with no
> > firewall at all and have no problems.
> >
> > Security is more than the firewall, it's not using easy to compromise
> > apps, keeping updates installed, not doing things that put you in harms
> > way, monitoring your firewall logs (as you can easily monitor the
> > Linksys devices for in/out traffic), and many other things.
> >
> > If your address is not a private address then your Modem is not doing
> > NAT, and if you have a live public IP then you're screwed without a
> > barrier device.
> >
>
> Check out ghostwall. It resembles a rule based router-firewall more
> than a bloatware internet protection package. If you are savy enough
> to set it up, it works as advertised.

A proper Usenet Client would snip the signature lines when you reply,
consider getting one.

Any software that runs on the users computer is a security risk, even
ZAP and others, if it's on a non-dedicated firewall computer then it's a
risk. A NAT Router is transparent, doesn't ask the user anything, and
does its work without exploits when properly setup - this is not the
case for most PC based firewall solutions.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

[Ext User(Straight Talk)]

On Sun, 22 Jul 2007 09:59:38 -0400, Leythos <void@nowhere.lan> wrote:

>In article <j6a6a3d3svghkfrf3uvsnmctmc3r3dp5mo@4ax.com>,
>b__nice@hotmail.com says...
>> On Sat, 21 Jul 2007 23:39:18 -0400, Leythos <void@nowhere.lan> wrote:
>>
>> >If your address is not a private address then your Modem is not doing
>> >NAT, and if you have a live public IP then you're screwed without a
>> >barrier device.
>>
>> You're implying that the Windows Firewall is remotely exploitable. Got
>> any references to that?
>
>It's locally exploitable - look at anyone running as a local admin, and
>any software that wants to create an exception in the WF.

Any local FW is exploitable when running as local admin.

Anyone running arbitrary code as local admin is likely to get screwed.
You seem to advocate keep doing so and then have a barrier to minimize
the damage instead of advocating doing the right thing, which would be
to run a LUA in which case the WF can't be exploited the way you're
thinking of.

[Ext User(Leythos)]

In article <enp6a31arh4m7ni0gebr0it366ott5h06h@4ax.com>,
b__nice@hotmail.com says...
> On Sun, 22 Jul 2007 09:59:38 -0400, Leythos <void@nowhere.lan> wrote:
>
> >In article <j6a6a3d3svghkfrf3uvsnmctmc3r3dp5mo@4ax.com>,
> >b__nice@hotmail.com says...
> >> On Sat, 21 Jul 2007 23:39:18 -0400, Leythos <void@nowhere.lan> wrote:
> >>
> >> >If your address is not a private address then your Modem is not doing
> >> >NAT, and if you have a live public IP then you're screwed without a
> >> >barrier device.
> >>
> >> You're implying that the Windows Firewall is remotely exploitable. Got
> >> any references to that?
> >
> >It's locally exploitable - look at anyone running as a local admin, and
> >any software that wants to create an exception in the WF.
>
> Any local FW is exploitable when running as local admin.
>
> Anyone running arbitrary code as local admin is likely to get screwed.
> You seem to advocate keep doing so and then have a barrier to minimize
> the damage instead of advocating doing the right thing, which would be
> to run a LUA in which case the WF can't be exploited the way you're
> thinking of.

No, I don't advocate what you are talking about, but I'm also not aware
that many programs won't run under Windows unless the user is an admin,
and I also understand that many users don't have a clue about security.

In the case of a NAT Router, while it doesn't stop stupid people from
infecting their computers, it does stop external sources from directly
accessing the users computer without an invite. Windows ships from many
vendors with lots of exceptions and that makes it a threat to the
ignorant, a NAT Router would mean that exceptions are meaningless.

I a user is going to run as an admin, and most are, even with warnings,
then they need some means to protect them - if ALL ISP were to implement
NAT at the internet device provided to the users, allowing exceptions
for those smart enough to ask for an exception, it would eliminate a LOT
of problems for users.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

[Ext User(Straight Talk)]

On Sat, 21 Jul 2007 23:39:18 -0400, Leythos <void@nowhere.lan> wrote:

>If your address is not a private address then your Modem is not doing
>NAT, and if you have a live public IP then you're screwed without a
>barrier device.

You're implying that the Windows Firewall is remotely exploitable. Got
any references to that?

[Ext User(spodosaurus)]

Beladi Nasralla wrote:
> Hi there,
>
> I have a PC built for me, and I installed Windows XP SP2 on it. I
> presume I need to put a firewall and antivirus on it to ward off worms
> and viruses. I am more concerned about the firewall. I installed
> ZoneAlarm Free Edition, and it worked al'right. However, it always
> bothered me by asking me to pay up, so that I uninstalled it.

Then you did something wrong during setup: mine never asks that.

> My
> computer is currently running on the in-built Windows firewall. Is
> this OK ?

It's satisfactory, unless something manages to get inside and call out.
Then you're stuffed.

>
> As an antivurus, I am using AVG Free Edition, and it seems doing its
> job.

I use that, it's good. I'm thinking of upgrading to the full version on
at least one of my home systems to make use of the extended features.
It's pretty cheap to do so as their licenses are two years for the price
of one from competitors (IIRC).

> Also, I can get a corporate edition of Trend Micro's PC-cillin
> from my employer for little money; should I get it ? Thanks.

How does that licensing work? If you're happy with AVG Free edition, why
change?

Cheers,

Ari


--
spammage trappage: remove the underscores to reply
Many people around the world are waiting for a marrow transplant. Please
volunteer to be a marrow donor and literally save someone's life:
http://www.abmdr.org.au/
http://www.marrow.org/

[Ext User(frodo@theshire.net)]

There are many free firewalls out there. google for "free firewall".

ZoneALarm Free should never ask you to "pay up"; you have it setup wrong
somehow. I would recommend version 6.1.744, it was small and stable.
6.5.737 was the last version 6, but it was flakey (on my system at least).
The latest version 7 is bloated (IMO).

http://filehippo.com/download_zonealarm_free/?822

Comodo Firewall Free is also highly regarded:

http://www.comodo.com/products/free_products.html

And the XP built-in isn't totally worthless. It simply doesn't try to stop
"baddies" installed in your system from calling home (but then the others
won't stop a SMART bad guy either; the smart bad guys can get past many
outgoing firewalls, you need to scan regularly to make sure they don't get
on your system in the first place).

If you are connecting directly via a modem (dialup/cable/dsl) you NEED a
firewall, for sure. You are exposed directly to the internet, and the
firewall log will confirm for you that it is blocking packets all the time
(the estimate in prev post of <20 mins before attack is right-on).

If you are behind a NAT router (ie, residential gateway, like a $50
linksys or the like) then you are somewhat protected by the gateway
itself, but I'd still use a software firewall anyway. Most likely its logs
will show almost no blocked incomming packets even after many hours (since
the router dropped them).

[Ext User(Mellowed)]

"Beladi Nasralla" <nasra11a@yahoo.com> wrote in message
news:1185073133.439352.249850@e9g2000prf.googlegro ups.com...
> Hi there,
>
> I have a PC built for me, and I installed Windows XP SP2 on it. I
> presume I need to put a firewall and antivirus on it to ward off worms
> and viruses. I am more concerned about the firewall. I installed
> ZoneAlarm Free Edition, and it worked al'right. However, it always
> bothered me by asking me to pay up, so that I uninstalled it. My
> computer is currently running on the in-built Windows firewall. Is
> this OK ?
>
> As an antivurus, I am using AVG Free Edition, and it seems doing its
> job. Also, I can get a corporate edition of Trend Micro's PC-cillin
> from my employer for little money; should I get it ? Thanks.


I've used Sygate for years. It doesn't bug you. You can still get it here.
http://www.oldversion.com/program.php?n=sygate

[Ext User(Straight Talk)]

On Sun, 22 Jul 2007 15:48:29 -0000, frodo@theshire.net wrote:

>There are many free firewalls out there. google for "free firewall".

No thanks. I see no need to add further vulnerabilities to my system.

>ZoneALarm Free should never ask you to "pay up"; you have it setup wrong
>somehow. I would recommend version 6.1.744, it was small and stable.
>6.5.737 was the last version 6, but it was flakey (on my system at least).
>The latest version 7 is bloated (IMO).
>
> http://filehippo.com/download_zonealarm_free/?822

Don't worry. ZA free is never going to ask me to "pay up", since it's
not going to get to my machine in the first place.

>Comodo Firewall Free is also highly regarded:
>
> http://www.comodo.com/products/free_products.html

I know. Probably because comodo deliberately targeted passing leak
tests.

>And the XP built-in isn't totally worthless.

No. It's not even close to worthless.

>It simply doesn't try to stop "baddies" installed in your system from calling home

It doesn't have to. I don't run arbitrary programs that need to be
"controlled".

> (but then the others won't stop a SMART bad guy either; the smart
>bad guys can get past many outgoing firewalls,

I know. That's what make them worthless.

>you need to scan regularly
>to make sure they don't get on your system in the first place).

Scanning for them means they are on your system already, doesn't it?

>If you are connecting directly via a modem (dialup/cable/dsl) you NEED a
>firewall, for sure.

No.

>You are exposed directly to the internet, and the
>firewall log will confirm for you that it is blocking packets all the time

So?

>(the estimate in prev post of <20 mins before attack is right-on).

Only if you're providing network services to the Internet, which would
be a bad idea.

>If you are behind a NAT router (ie, residential gateway, like a $50
>linksys or the like) then you are somewhat protected by the gateway
>itself, but I'd still use a software firewall anyway. Most likely its logs
>will show almost no blocked incomming packets even after many hours (since
>the router dropped them).

[Ext User(Leythos)]

In article <j6a6a3d3svghkfrf3uvsnmctmc3r3dp5mo@4ax.com>,
b__nice@hotmail.com says...
> On Sat, 21 Jul 2007 23:39:18 -0400, Leythos <void@nowhere.lan> wrote:
>
> >If your address is not a private address then your Modem is not doing
> >NAT, and if you have a live public IP then you're screwed without a
> >barrier device.
>
> You're implying that the Windows Firewall is remotely exploitable. Got
> any references to that?

It's locally exploitable - look at anyone running as a local admin, and
any software that wants to create an exception in the WF. Even AOL will
create exceptions without you knowing about it. All you have to do is
google.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

[Ext User(Ansgar -59cobalt- Wiechers)]

In comp.security.firewalls frodo@theshire.net wrote:
> And the XP built-in isn't totally worthless. It simply doesn't try to
> stop "baddies" installed in your system from calling home (but then
> the others won't stop a SMART bad guy either; the smart bad guys can
> get past many outgoing firewalls, you need to scan regularly to make
> sure they don't get on your system in the first place).

You have no idea of what you're talking about. Regular scanning does not
prevent malware from being installed. It merely may detect maleware once
it already is installed. Which is something any decent virus scanner
will do just fine. It's not a task for a firewall.

What a personal firewall can do reliably is blocking inbound connections
and preventing applications run by users from opening listening sockets.
The Windows Fireall does either of these just fine.

> If you are connecting directly via a modem (dialup/cable/dsl) you NEED
> a firewall, for sure. You are exposed directly to the internet, and
> the firewall log will confirm for you that it is blocking packets all
> the time (the estimate in prev post of <20 mins before attack is
> right-on).

So? Just don't provide any services towards the internet. And now? What
more protection will a firewall offer? It will just add more code with
additional (potentially exploitable) bugs.

Granted, Windows makes it rather difficult to unbind services from
interfaces, so a firewall is the easiest and least error-prone way to
make services unavailable on a given interface, but that's about it.

F'up adjusted.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

[Ext User(Leythos)]

In article <1185080864.730283.306800@x40g2000prg.googlegroups .com>,
computerflyer@gmail.com says...
> On Jul 22, 1:39 pm, Leythos <v...@nowhere.lan> wrote:
> > In article <1185074631.141883.271...@z24g2000prh.googlegroups .com>,
> > nasra...@yahoo.com says...
> >
> >
> >
> >
> >
> > > On Jul 22, 12:03 pm, Leythos <v...@nowhere.lan> wrote:
> > > > In article <1185073133.439352.249...@e9g2000prf.googlegroups. com>,
> > > > nasra...@yahoo.com says...
> >
> > > > > Hi there,
> >
> > > > > I have a PC built for me, and I installed Windows XP SP2 on it. I
> > > > > presume I need to put a firewall and antivirus on it to ward off worms
> > > > > and viruses. I am more concerned about the firewall. I installed
> > > > > ZoneAlarm Free Edition, and it worked al'right. However, it always
> > > > > bothered me by asking me to pay up, so that I uninstalled it. My
> > > > > computer is currently running on the in-built Windows firewall. Is
> > > > > this OK ?
> >
> > > > > As an antivurus, I am using AVG Free Edition, and it seems doing its
> > > > > job. Also, I can get a corporate edition of Trend Micro's PC-cillin
> > > > > from my employer for little money; should I get it ? Thanks.
> >
> > > > A simple NAT router will do more and better than ZAP or Windows XP
> > > > Firewall in most all cases. Linksys BEFSR41 or a wireless version is
> > > > under $50 and provides protection from inbound attacks.
> >
> > > My early experience with connecting a PC with no firwall to the
> > > Internet (via dial up) shows that it gets infected with a worm within
> > > 20 minutes. So that now I always put a firewall between my PC and the
> > > Internet. Now my PC is connected to the Internet via a NetComm NB5
> > > ADSL2+ modem router. You think this will repel the worms ?
> >
> > The NAT router blocks "unsolicited" connections to the PC, it's sort of
> > a 1 way filter - it lets you out, but only lets external sites
> > talk/reach your PC if you contact them first.
> >
> > Many people use NAT routers are their primary protection method with no
> > firewall at all and have no problems.
> >
> > Security is more than the firewall, it's not using easy to compromise
> > apps, keeping updates installed, not doing things that put you in harms
> > way, monitoring your firewall logs (as you can easily monitor the
> > Linksys devices for in/out traffic), and many other things.
> >
> > If your address is not a private address then your Modem is not doing
> > NAT, and if you have a live public IP then you're screwed without a
> > barrier device.
> >
>
> Check out ghostwall. It resembles a rule based router-firewall more
> than a bloatware internet protection package. If you are savy enough
> to set it up, it works as advertised.

A proper Usenet Client would snip the signature lines when you reply,
consider getting one.

Any software that runs on the users computer is a security risk, even
ZAP and others, if it's on a non-dedicated firewall computer then it's a
risk. A NAT Router is transparent, doesn't ask the user anything, and
does its work without exploits when properly setup - this is not the
case for most PC based firewall solutions.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

[Ext User(Straight Talk)]

On Sun, 22 Jul 2007 09:59:38 -0400, Leythos <void@nowhere.lan> wrote:

>In article <j6a6a3d3svghkfrf3uvsnmctmc3r3dp5mo@4ax.com>,
>b__nice@hotmail.com says...
>> On Sat, 21 Jul 2007 23:39:18 -0400, Leythos <void@nowhere.lan> wrote:
>>
>> >If your address is not a private address then your Modem is not doing
>> >NAT, and if you have a live public IP then you're screwed without a
>> >barrier device.
>>
>> You're implying that the Windows Firewall is remotely exploitable. Got
>> any references to that?
>
>It's locally exploitable - look at anyone running as a local admin, and
>any software that wants to create an exception in the WF.

Any local FW is exploitable when running as local admin.

Anyone running arbitrary code as local admin is likely to get screwed.
You seem to advocate keep doing so and then have a barrier to minimize
the damage instead of advocating doing the right thing, which would be
to run a LUA in which case the WF can't be exploited the way you're
thinking of.

[Ext User(Leythos)]

In article <enp6a31arh4m7ni0gebr0it366ott5h06h@4ax.com>,
b__nice@hotmail.com says...
> On Sun, 22 Jul 2007 09:59:38 -0400, Leythos <void@nowhere.lan> wrote:
>
> >In article <j6a6a3d3svghkfrf3uvsnmctmc3r3dp5mo@4ax.com>,
> >b__nice@hotmail.com says...
> >> On Sat, 21 Jul 2007 23:39:18 -0400, Leythos <void@nowhere.lan> wrote:
> >>
> >> >If your address is not a private address then your Modem is not doing
> >> >NAT, and if you have a live public IP then you're screwed without a
> >> >barrier device.
> >>
> >> You're implying that the Windows Firewall is remotely exploitable. Got
> >> any references to that?
> >
> >It's locally exploitable - look at anyone running as a local admin, and
> >any software that wants to create an exception in the WF.
>
> Any local FW is exploitable when running as local admin.
>
> Anyone running arbitrary code as local admin is likely to get screwed.
> You seem to advocate keep doing so and then have a barrier to minimize
> the damage instead of advocating doing the right thing, which would be
> to run a LUA in which case the WF can't be exploited the way you're
> thinking of.

No, I don't advocate what you are talking about, but I'm also not aware
that many programs won't run under Windows unless the user is an admin,
and I also understand that many users don't have a clue about security.

In the case of a NAT Router, while it doesn't stop stupid people from
infecting their computers, it does stop external sources from directly
accessing the users computer without an invite. Windows ships from many
vendors with lots of exceptions and that makes it a threat to the
ignorant, a NAT Router would mean that exceptions are meaningless.

I a user is going to run as an admin, and most are, even with warnings,
then they need some means to protect them - if ALL ISP were to implement
NAT at the internet device provided to the users, allowing exceptions
for those smart enough to ask for an exception, it would eliminate a LOT
of problems for users.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)