U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Computers
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
Reply Start New Thread
 
Old 09-10-2010, 10:48 PM
 
Location: New York, NY, USA
452 posts, read 778,016 times
Reputation: 258

Advertisements

Should Internet Explorer and Malwarebytes' be checked as an Exception on the Windows Firewall of a pc? Thank you,
Reply With Quote Quick reply to this message

 
Old 09-11-2010, 08:06 PM
 
422 posts, read 651,997 times
Reputation: 143
Windows firewall should be disabled and you should install a router between your PC and the internet, that will be the best firewall.
Reply With Quote Quick reply to this message
 
Old 09-11-2010, 09:01 PM
 
Location: Silicon Valley
3,685 posts, read 8,493,846 times
Reputation: 2978
Quote:
Originally Posted by dougstech View Post
Windows firewall should be disabled and you should install a router between your PC and the internet, that will be the best firewall.
Really bad advice. That leaves your PC open to attack from other computers on your home network, or if your PC is a laptop, open to attack from other computers at work, or on the wireless network at Starbucks or the airport, etc. Also, a software firewall can alert you to unauthorized outgoing traffic, which can occur when your PC is infected by virus, and alert you if any of your other PCs are infected, by making you aware of unauthorized incoming traffic.
Reply With Quote Quick reply to this message
 
Old 09-11-2010, 11:06 PM
 
422 posts, read 651,997 times
Reputation: 143
Quote:
Originally Posted by MediocreButArrogant View Post
Really bad advice. That leaves your PC open to attack from other computers on your home network, or if your PC is a laptop, open to attack from other computers at work, or on the wireless network at Starbucks or the airport, etc. Also, a software firewall can alert you to unauthorized outgoing traffic, which can occur when your PC is infected by virus, and alert you if any of your other PCs are infected, by making you aware of unauthorized incoming traffic.
Really now? Please describe these "attacks" that would originate from the LAN, and how they would compromise a PC, since they must know the administrator password of the PC.

Programs are easily able to add themselves as exceptions in windows firewall, rendering it useless to protect against viruses. A hardware firewall (AKA router) is the only sure way to know what traffic is permitted.

Be sure to turn off UPNP on the router, and you're set.
Reply With Quote Quick reply to this message
 
Old 09-11-2010, 11:35 PM
 
Location: Silicon Valley
3,685 posts, read 8,493,846 times
Reputation: 2978
Quote:
Originally Posted by dougstech View Post
Really now? Please describe these "attacks" that would originate from the LAN, and how they would compromise a PC, since they must know the administrator password of the PC.
Hardly. Seriously, are you really that uninformed? Ever heard of the Windows DCOM RPC vulnerability, and all the viruses that exploited it (all the variants of Blaster)? All it took was one carefully crafted packet sent to port 135, on an unpatched system, and poof, your system was compromised.

Quote:
Programs are easily able to add themselves as exceptions in windows firewall, rendering it useless to protect against viruses.
True, but most security suites include a replacement for the Windows firewall, meaning a program would have to know how to add an exception or disable many different software firewalls. Your post claims no additional protection is needed once you're hiding behind a router, which is bad advice.

Quote:
A hardware firewall (AKA router) is the only sure way to know what traffic is permitted.
A router is hardly the same thing as a firewall, although firewalling is a function that a router can provide, especially the routers for home networking that support NAT (I've never seen one that didn't). The NAT function itself is what provides most or all of the firewall function, though some of the premium home routers have SPI (stateful packet inspection) as well.

A router for home use with NAT, plus a software firewall on each of your PCs is a belt and suspender approach to security. If one fails the other is still working for you.
Reply With Quote Quick reply to this message
 
Old 09-13-2010, 03:11 AM
 
15,924 posts, read 17,646,573 times
Reputation: 7645
Have to agree with dougstech, hardware firewall is the best bet.

Ahhh the keywords "unpatched system" If the home user is running an unpatched system what makes you think their software firewall/AV/whatever software is up-to-date and capable of stopping one of the current threats?

As far as the laptop at work, most corporations don't allow personal systems on the corporate lan/wan for obvious reasons.... and personally I don't allow people I don't know access on my lan.

"and alert you if any of your other PCs are infected, by making you aware of unauthorized incoming traffic."

Oh really???? again, please describe the attacks on the local lan..... You saying hacked into the local lan? Hmmmmm using WEP instead of WPA/WPA2??? Using a crackable admin password on the router? using a router with no manageable functions?

I'd love to see the average home user set up NAT tables......
Reply With Quote Quick reply to this message
 
Old 09-13-2010, 03:43 AM
 
24,503 posts, read 35,958,754 times
Reputation: 12847
Hardware firewall is a must. But it is also in your best interest to use a software firewall. You can use Windows Firewall or another such as Norton or whatever your prefer. A software firewall comes into play when your computer has been compromised by other means. This could be anything from a malicious user to a USB thumb drive. Accidents do happen and this is just extra protection.

Also, it's just a matter of time before WPA2 is practically able to be cracked. It has already been cracked, but it's just not practical yet.
Reply With Quote Quick reply to this message
 
Old 09-13-2010, 06:40 PM
 
Location: Silicon Valley
3,685 posts, read 8,493,846 times
Reputation: 2978
Quote:
Originally Posted by plwhit View Post
Oh really???? again, please describe the attacks on the local lan..... You saying hacked into the local lan? Hmmmmm using WEP instead of WPA/WPA2??? Using a crackable admin password on the router? using a router with no manageable functions?
Let me give you an obvious example, since your small mind seems incapable of thinking of one.

User takes their laptop to Starbucks and connects to the wireless. Now any other user connected to the same access point can port scan their system, and without a software firewall, any vulnerabilities in their system are exposed.

Those of you who think a hardware firewall alone is sufficient must only own a single computer, and never leave home. We don't all live in trailer parks.
Reply With Quote Quick reply to this message
 
Old 09-13-2010, 07:05 PM
 
422 posts, read 651,997 times
Reputation: 143
Quote:
Originally Posted by MediocreButArrogant View Post
Let me give you an obvious example, since your small mind seems incapable of thinking of one.

User takes their laptop to Starbucks and connects to the wireless. Now any other user connected to the same access point can port scan their system, and without a software firewall, any vulnerabilities in their system are exposed.

Those of you who think a hardware firewall alone is sufficient must only own a single computer, and never leave home. We don't all live in trailer parks.
If his windows is patched and up to date, he is fine. When he goes to the wireless hotspot and connects, a box will popup. Choose "public", and all methods of remotely accessing the system are disabled for that connection.
Reply With Quote Quick reply to this message
 
Old 09-13-2010, 08:07 PM
 
28,607 posts, read 40,588,688 times
Reputation: 37271
Quote:
Originally Posted by dougstech View Post
If his windows is patched and up to date, he is fine. When he goes to the wireless hotspot and connects, a box will popup. Choose "public", and all methods of remotely accessing the system are disabled for that connection.
And you are assuming the average user knows and understands this. Bad assumption.

Windows patched and up to date? I shudder to think how many laptops and PCs are out there that fall short of this dream.

Telling users that come here for sound advice to shut off their MS firewall and rely solely on their router, with no other software running, is negligent.

My advice to anyone reading this forum is ignore what this person is telling you.
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Computers
Similar Threads
Follow City-Data.com founder on our Forum or

All times are GMT -6. The time now is 11:12 PM.

© 2005-2019, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top