Don't use a Firewall other than Windows Firewall?

Archived from groups: comp.security.firewalls (More info?)

Ok, so Volker Birk makes what seem to me to be some pretty good
arguments why it's a waste of time running software firewalls offering
outbound protection (on the basis that any software wanting badly enough
to "call home" would in any case be able to bypass that firewall).

But I haven't seen anyone supporting or for that matter refuting
Volker's view. I'm talking here about basic firewalls such as ZA free,
not something like ZASS which may well offer other advantages.

So what's the view - should I reclaim much-needed cpu cycles by ditching
ZA free or any other basic 2-way firewall altogether and just rely on
Windows Firewall, and of course an antivirus scanner? And, of course,
not installing anything I don't trust.

You views very much appreciated.
--
Sam
21 answers Last reply
More about firewall windows firewall
  1. Archived from groups: comp.security.firewalls (More info?)

    Sam wrote:

    >Ok, so Volker Birk makes what seem to me to be some pretty good
    >arguments why it's a waste of time running software firewalls offering
    >outbound protection (on the basis that any software wanting badly enough
    >to "call home" would in any case be able to bypass that firewall).
    >
    >

    The guy is a nut, or perhaps a shill for MS.

    >But I haven't seen anyone supporting or for that matter refuting
    >Volker's view.
    >

    I guess most here ignore him, as I have long done.

    >So what's the view - should I reclaim much-needed cpu cycles by ditching
    >ZA free or any other basic 2-way firewall altogether and just rely on
    >Windows Firewall, and of course an antivirus scanner? And, of course,
    >not installing anything I don't trust.
    >
    >

    If you do you will regret it. MS knows as much about security as horses
    do about crocheting.

    --
    Godwin is a net-nazi
  2. Archived from groups: comp.security.firewalls (More info?)

    "Sam" <sam.sam@sam.samsam.com> wrote in message
    news:dgdsuf$m9p$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
    > Ok, so Volker Birk makes what seem to me to be some pretty good
    > arguments why it's a waste of time running software firewalls offering
    > outbound protection (on the basis that any software wanting badly enough
    > to "call home" would in any case be able to bypass that firewall).
    >
    > But I haven't seen anyone supporting or for that matter refuting
    > Volker's view. I'm talking here about basic firewalls such as ZA free,
    > not something like ZASS which may well offer other advantages.
    >
    > So what's the view - should I reclaim much-needed cpu cycles by ditching
    > ZA free or any other basic 2-way firewall altogether and just rely on
    > Windows Firewall, and of course an antivirus scanner? And, of course,
    > not installing anything I don't trust.

    I'm currently sitting at a P3 550MHz with 256MB RAM and Radeon 7000
    graphics.
    The OS is Windows 2000.
    It cost nothing to build because it's built of a mixture of parts discarded
    by others.
    It has no personal firewall software, no anti-virus software, no unnecessary
    services and no unnecessary running processes.
    Its performance at anything I want to use it for, including DVD playback, is
    mostly indistinguishable from a recent 3GHz P4. No doubt there are tasks
    which would go faster on a 3GHz P4, but it can work on those while I'm
    asleep and have the result ready in the morning.
    I don't believe in increasing complexity without good reason.
    A system is easier for me to understand if it's less complex.
    This makes it easier for me to secure it.
    Increasing the complexity by adding more software would therefore make it
    _less_ secure.

    Jason

    >
    > You views very much appreciated.
    > --
    > Sam
  3. Archived from groups: comp.security.firewalls (More info?)

    Sam <sam.sam@sam.samsam.com> wrote:
    > But I haven't seen anyone supporting or for that matter refuting
    > Volker's view.

    In de.comp.security.*, this is common sense. I'm wondering, why here
    in the international groups it isn't yet.

    The arguments are obvious.

    > So what's the view - should I reclaim much-needed cpu cycles by ditching
    > ZA free or any other basic 2-way firewall altogether and just rely on
    > Windows Firewall, and of course an antivirus scanner? And, of course,
    > not installing anything I don't trust.

    A virus scanner can be a good help, if you know the constraints any
    virus scanner has to face.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  4. Archived from groups: comp.security.firewalls (More info?)

    Sam <sam.sam@sam.samsam.com> wrote in news:dgdsuf$m9p$1
    @nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com:

    > Ok, so Volker Birk makes what seem to me to be some pretty good
    > arguments why it's a waste of time running software firewalls offering
    > outbound protection (on the basis that any software wanting badly
    enough
    > to "call home" would in any case be able to bypass that firewall).
    >
    > But I haven't seen anyone supporting or for that matter refuting
    > Volker's view. I'm talking here about basic firewalls such as ZA
    free,
    > not something like ZASS which may well offer other advantages.
    >
    > So what's the view - should I reclaim much-needed cpu cycles by
    ditching
    > ZA free or any other basic 2-way firewall altogether and just rely on
    > Windows Firewall, and of course an antivirus scanner? And, of course,
    > not installing anything I don't trust.
    >
    > You views very much appreciated.

    I myself see no reason to NOT use MS's XP FW. Sure it has some kind of
    application control but it has no means to stop outbound by settings
    rules.

    However, there is another element that can do it on the XP O/S and that's
    IPsec that can be used to supplement any PFW MS's FW or NOT. I'll be
    using Ipsec behind BlackIce that cannot stop outbound traffic by setting
    filtering rules on my laptop at a client's site in a hotel I'll be in
    that as dial-up for the next six months.

    Ipsec can stop inbound or outbound traffic by port, protocol or IP behind
    the XP FW or a solution like BI.

    http://www.petri.co.il/block_ping_traffic_with_ipsec.htm

    I'll be implanting the AnalogX SecPol rules again on the XP Pro laptop.

    http://www.analogx.com/contents/articles/ipsec.htm

    The only thing about the AnalogX rules is that they prevent file
    downloads on High ports > 1024 so you either disable IPsec or learn the
    rules to open the required port. I use Active Ports to tell me the port
    to open.

    http://support.microsoft.com/?id=813878

    Using Ipsec to supplement a PFW solution that cannot stop outbound is
    solid protection as far as I am concerned.

    Duane :)
  5. Archived from groups: comp.security.firewalls (More info?)

    Sam wrote:
    > Ok, so Volker Birk makes what seem to me to be some pretty good
    > arguments why it's a waste of time running software firewalls offering
    > outbound protection (on the basis that any software wanting badly enough
    > to "call home" would in any case be able to bypass that firewall).
    >
    > But I haven't seen anyone supporting or for that matter refuting
    > Volker's view. I'm talking here about basic firewalls such as ZA free,
    > not something like ZASS which may well offer other advantages.
    >
    > So what's the view - should I reclaim much-needed cpu cycles by ditching
    > ZA free or any other basic 2-way firewall altogether and just rely on
    > Windows Firewall, and of course an antivirus scanner? And, of course,
    > not installing anything I don't trust.
    >
    > You views very much appreciated.

    Volker's preference for the XP firewall merely reflects the POV that
    inbound packet filtering solves a problem that would be difficult to
    manage otherwise. Outbound packet filtering or application control is no
    more effective than the implementation of Safe Computing Practices.
  6. Archived from groups: comp.security.firewalls (More info?)

    Quaestor <no-spam@my.place> wrote:
    > The guy is a nut, or perhaps a shill for MS.

    I'm a shill for MS? How amusing ;-)

    > MS knows as much about security as horses
    > do about crocheting.

    Ah, is this the reason, why you're using their software?

    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^
    Gecko/20040804 Netscape/7.2 (ax)

    SCNR,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  7. Archived from groups: comp.security.firewalls (More info?)

    optikl wrote:

    > Outbound packet filtering or application control is no more effective
    > than the implementation of Safe Computing Practices.


    To be safe and effective one must totally reject this belief. Outbound
    application control is the essence of stopping spyware. Anyone who
    advocates not using it must be a spammer spreadying spyware, hijacking
    machines thereby. Or just plain stupid.

    --
    Godwin is a net-nazi
  8. Archived from groups: comp.security.firewalls (More info?)

    In article <EaKdnSi5te6AE7beRVn-pg@comcast.com>, optikl@invalid.net
    says...
    > Sam wrote:
    > > Ok, so Volker Birk makes what seem to me to be some pretty good
    > > arguments why it's a waste of time running software firewalls offering
    > > outbound protection (on the basis that any software wanting badly enough
    > > to "call home" would in any case be able to bypass that firewall).
    > >
    > > But I haven't seen anyone supporting or for that matter refuting
    > > Volker's view. I'm talking here about basic firewalls such as ZA free,
    > > not something like ZASS which may well offer other advantages.
    > >
    > > So what's the view - should I reclaim much-needed cpu cycles by ditching
    > > ZA free or any other basic 2-way firewall altogether and just rely on
    > > Windows Firewall, and of course an antivirus scanner? And, of course,
    > > not installing anything I don't trust.
    > >
    > > You views very much appreciated.
    >
    > Volker's preference for the XP firewall merely reflects the POV that
    > inbound packet filtering solves a problem that would be difficult to
    > manage otherwise. Outbound packet filtering or application control is no
    > more effective than the implementation of Safe Computing Practices.

    I agree, only a fool would trust a MS Firewall product after the history
    MS has in providing secure operating systems, secure applications,
    secure - well, nothing they provide is secure.

    I would never trust a MS product to protect me against anything directed
    at MS.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  9. Archived from groups: comp.security.firewalls (More info?)

    In article <11ioilmkp80pt94@news.supernews.com>, no-spam@my.place
    says...
    > optikl wrote:
    >
    > > Outbound packet filtering or application control is no more effective
    > > than the implementation of Safe Computing Practices.
    >
    >
    > To be safe and effective one must totally reject this belief. Outbound
    > application control is the essence of stopping spyware. Anyone who
    > advocates not using it must be a spammer spreadying spyware, hijacking
    > machines thereby. Or just plain stupid.

    If you have your network setup properly, your users not running as
    Admins, and your firewall filtering content, you don't need any
    application to stop spyware - it will be stopped before it reaches a
    computer that can run it.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  10. Archived from groups: comp.security.firewalls (More info?)

    Quaestor <no-spam@my.place> wrote:
    > Outbound
    > application control is the essence of stopping spyware.

    No. It's just misunderstanding the situation. But don't be too unhappy,
    you're not the only person who is falling for advertizing tricks from
    time to time.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  11. Archived from groups: comp.security.firewalls (More info?)

    Leythos wrote:

    >In article <11ioilmkp80pt94@news.supernews.com>, no-spam@my.place
    >says...
    >
    >
    >>optikl wrote:
    >>
    >>
    >>
    >>>Outbound packet filtering or application control is no more effective
    >>>than the implementation of Safe Computing Practices.
    >>>
    >>>
    >>To be safe and effective one must totally reject this belief. Outbound
    >>application control is the essence of stopping spyware. Anyone who
    >>advocates not using it must be a spammer spreadying spyware, hijacking
    >>machines thereby. Or just plain stupid.
    >>
    >>
    >
    >If you have your network setup properly, your users not running as
    >Admins, and your firewall filtering content, you don't need any
    >application to stop spyware - it will be stopped before it reaches a
    >computer that can run it.
    >

    That's a lot of If's. Suppose someone brings in an outside machine,
    such as a laptop used in the field (common practice these days)?
    Suppose someone brings in an infected disk? Suppose that someone is
    deliberately trying to infect your system? I know, no one would ever do
    such a thing, but you see, they DO, all the time (industrial espionage
    and sabotage, they call it).

    --
    Godwin is a net-nazi
  12. Archived from groups: comp.security.firewalls (More info?)

    On Sun, 18 Sep 2005 12:49:01 -0700, Quaestor <no-spam@my.place> wrote:

    >Leythos wrote:
    >
    >>In article <11ioilmkp80pt94@news.supernews.com>, no-spam@my.place
    >>says...
    >>
    >>
    >>>optikl wrote:
    >>>
    >>>
    >>>
    >>>>Outbound packet filtering or application control is no more effective
    >>>>than the implementation of Safe Computing Practices.
    >>>>
    >>>>
    >>>To be safe and effective one must totally reject this belief. Outbound
    >>>application control is the essence of stopping spyware. Anyone who
    >>>advocates not using it must be a spammer spreadying spyware, hijacking
    >>>machines thereby. Or just plain stupid.
    >>>
    >>>
    >>
    >>If you have your network setup properly, your users not running as
    >>Admins, and your firewall filtering content, you don't need any
    >>application to stop spyware - it will be stopped before it reaches a
    >>computer that can run it.
    >>
    >
    >That's a lot of If's. Suppose someone brings in an outside machine,
    >such as a laptop used in the field (common practice these days)?
    >Suppose someone brings in an infected disk? Suppose that someone is
    >deliberately trying to infect your system? I know, no one would ever do
    >such a thing, but you see, they DO, all the time (industrial espionage
    >and sabotage, they call it).

    And your solution is a sw firewall that will likely be disabled by
    malicious code?

    Art

    http://home.epix.net/~artnpeg
  13. Archived from groups: comp.security.firewalls (More info?)

    Sam wrote:
    > Ok, so Volker Birk makes what seem to me to be some pretty good
    > arguments why it's a waste of time running software firewalls offering
    > outbound protection (on the basis that any software wanting badly enough
    > to "call home" would in any case be able to bypass that firewall).
    >
    > But I haven't seen anyone supporting or for that matter refuting
    > Volker's view. I'm talking here about basic firewalls such as ZA free,
    > not something like ZASS which may well offer other advantages.
    >
    > So what's the view - should I reclaim much-needed cpu cycles by ditching
    > ZA free or any other basic 2-way firewall altogether and just rely on
    > Windows Firewall, and of course an antivirus scanner? And, of course,
    > not installing anything I don't trust.
    >
    > You views very much appreciated.
    > --
    > Sam

    if using a windows firwall to block incoming. you can do that witha NAT
    device anyway. so no need even for te windows firewall, but it adds
    another layer of protection.
    suppose the windows firewall has an exploit. then maybe better to use
    sygate. sygate also has a great port logger. My NAT device doesn't
    have a port logger, but even if it did, sygate's is really nice.

    That is all regarding incoming which you wan to block.

    If you want to block outgoing, then the windows firewall won't do it.
    VB has it seems shown that if spyware cannot get past a firewall and
    make an outgoing connection then it's not v. cleverly written. so if it
    can't, then it's nothing to be afraid of security wise. It's jstu
    sending some marketting info. And you should notice anyhow it'd be a
    process using ports and slowing your connection down, sending frames
    over the net. Many ways to see this happening and catch it. If you
    wanted to catch it before it starts, then maybe block outgoing. But
    there's no need to catch it efore it starts. Let it start, and notice
    it. Anyhow, only a careless user would get a comp slowed down from
    spyware, or get lots of spyware installed and not notice.

    If you're the only user of the computer then why create all these self
    imposed restrictions. you're hassling yourslf more than the spyware
    hassles you.

    If you've got a network with stupid users that will fill their comps
    with spyware to the poitn that it really hassles them and slows down
    their Internet connection then you want to stop spyware communicating.
    And put in some safer practices, like get them using a browser other
    than IE.

    But as another poster has said. there's an argument that if you've got
    it properly set up. And your users (whome we must treat the same and
    thus have to assume idiocy for them all) aren't administrators,
    apparently they can't do much, they don't have enough rope to hang
    themselves.

    so, as an individual that cares enough to post to this newsgroup, I
    doubt you ever really got into a situation where your comp was so full
    of spyware and you didnt' know what to do. If it realyl botherd you
    then you'd just run some spyware removal programs. big deal. And if
    you did have spyware, you'd want to get rid of it properly anyway. Not
    just block it. Sicne what it sends isn't really important.
  14. Archived from groups: comp.security.firewalls (More info?)

    Sam said ...
    > Ok, so Volker Birk makes what seem to me to be some pretty good
    > arguments why it's a waste of time running software firewalls offering
    > outbound protection (on the basis that any software wanting badly enough
    > to "call home" would in any case be able to bypass that firewall).
    >
    > But I haven't seen anyone supporting or for that matter refuting
    > Volker's view. I'm talking here about basic firewalls such as ZA free,
    > not something like ZASS which may well offer other advantages.
    >
    > So what's the view - should I reclaim much-needed cpu cycles by ditching
    > ZA free or any other basic 2-way firewall altogether and just rely on
    > Windows Firewall, and of course an antivirus scanner? And, of course,
    > not installing anything I don't trust.
    >
    > You views very much appreciated.
    >
    Many thanks to all who have responded to this - makes very interesting
    reading, and helpful too. Keep your views coming please.
    --
    Sam
  15. Archived from groups: comp.security.firewalls (More info?)

    jameshanley39@yahoo.co.uk wrote:
    > suppose the windows firewall has an exploit. then maybe better to use
    > sygate.

    In fact, it's more likely that Sygate has an exploit again then the
    Windows-Firewall (though both is possible), because Sygate is much more
    complex:

    http://www.google.de/search?q=sygate+site%3Asecurityfocus.com%2Fbid

    > sygate also has a great port logger. My NAT device doesn't
    > have a port logger, but even if it did, sygate's is really nice.

    Seems to be true for what all people are telling ;-) I prefer Ethereal
    any way, but if one likes this, why not?

    > And if
    > you did have spyware, you'd want to get rid of it properly anyway. Not
    > just block it. Sicne what it sends isn't really important.

    Good point. But please don't forget this:

    http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  16. Archived from groups: comp.security.firewalls (More info?)

    Volker Birk wrote:
    > jameshanley39@yahoo.co.uk wrote:
    > > suppose the windows firewall has an exploit. then maybe better to use
    > > sygate.
    >
    > In fact, it's more likely that Sygate has an exploit again then the
    > Windows-Firewall (though both is possible), because Sygate is much more
    > complex:
    >
    > http://www.google.de/search?q=sygate+site%3Asecurityfocus.com%2Fbid
    >
    > > sygate also has a great port logger. My NAT device doesn't
    > > have a port logger, but even if it did, sygate's is really nice.
    >
    > Seems to be true for what all people are telling ;-) I prefer Ethereal
    > any way, but if one likes this, why not?

    sygate gives the process name that is sitting at the local port (if
    there is a process sitting therhe). Ethereal does not

    sygate tells you clearly whether it's incoming or outgoing. ethreal you
    gotta check the ip addresses of the frames initiating TCP connections.
    Or the IP addresses of UDP frames.

    ethernet bombards you with all the frames being sent when all that is
    required here are those indicating connections being initiated. So,
    how do you get around this? Well,
    apply filter
    tcp.flags.syn == 1 && tcp.flags.ack==0

    ok, so now i have ethereal behaving a little bit more like a port
    logger ;)

    so that gets around the main issues I had with ethereal as a port
    logger

    Regarding sygate if one wanted to only use the port logger, one can
    click security..allow all
    it wo'nt close any ports, certainly won't stealth any ports, and I
    think it's not blocking ICMP either.

    maybe if sygate is allowing everything then it's not open to be
    exploited remotely either.

    So, I figured out how to use Ethreal like a port logger in the end!

    But Ethereal still doesn't display the process names. sygate does.

    And Ethreal still doesn't display date/time. Sygate does. Really
    it's trying to make Ethereal into something that it's not.
    At least by using sygate as just a humble port logger, you're not
    making it something it isn't. Sygate does the job well. the ability is
    designed in there .


    the other competitor is ms port reporter.

    MS Port Reporter is ok, but it's not a log that you can view in real
    time. and it gives local and remote. not source and dest. so you can't
    even decipher for sure if it's incoming or outgonig.
  17. Archived from groups: comp.security.firewalls (More info?)

    "Sam" <sam.sam@sam.samsam.com> wrote in message
    news:dgdsuf$m9p$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
    > Ok, so Volker Birk makes what seem to me to be some pretty good
    > arguments why it's a waste of time running software firewalls offering
    > outbound protection (on the basis that any software wanting badly enough
    > to "call home" would in any case be able to bypass that firewall).

    Tiny Personal Firewall blocks by application, and
    can stop any application from being able to "call
    home". Forget other firewalls. Forget hardware
    appliances, and use Tiny. It is just simply the
    BEST at what it does, period.
  18. Archived from groups: comp.security.firewalls (More info?)

    Charles Newman <charlesnewman1@comcast.spamkiller.net> wrote:
    > Tiny Personal Firewall blocks by application, and
    > can stop any application from being able to "call
    > home".

    No, it cannot.

    I tested my POC on http://www.dingens.org/breakout.c with Tiny "Personal
    Firewall" 6.0, and it failed.

    And even if a newer Release of Tiny "Personal Firewall" will prevent
    this, then there are so many differnt ways to tunnel, that it's possible
    to find another way to ignore the "call home" filtering of any "Personal
    Firewall", including Tiny.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  19. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:432d2cd8@news.uni-ulm.de...
    > Quaestor <no-spam@my.place> wrote:
    >> Outbound
    >> application control is the essence of stopping spyware.
    >
    > No. It's just misunderstanding the situation. But don't be too unhappy,
    > you're not the only person who is falling for advertizing tricks from
    > time to time.
    >
    > Yours,
    > VB.
    > --
    > "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    > deutschen Schlafzimmern passiert".
    > Harald Schmidt zum "Weltjugendtag"

    LOL. Sounds like a spammer trying to keep a few zombies going.
  20. Archived from groups: comp.security.firewalls (More info?)

    Mark <nothere@notthere.com> wrote:
    > >> Outbound
    > >> application control is the essence of stopping spyware.
    > > No. It's just misunderstanding the situation. But don't be too unhappy,
    > > you're not the only person who is falling for advertizing tricks from
    > > time to time.
    > LOL. Sounds like a spammer trying to keep a few zombies going.

    No. Sounds like a person, who presents the proof for this:

    http://www.dingens.org/breakout-en.c
    http://www.dingens.org/breakout-en.exe

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  21. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:4333d49c@news.uni-ulm.de...
    > Mark <nothere@notthere.com> wrote:
    >> >> Outbound
    >> >> application control is the essence of stopping spyware.
    >> > No. It's just misunderstanding the situation. But don't be too unhappy,
    >> > you're not the only person who is falling for advertizing tricks from
    >> > time to time.
    >> LOL. Sounds like a spammer trying to keep a few zombies going.
    >
    > No. Sounds like a person, who presents the proof for this:
    >
    > http://www.dingens.org/breakout-en.c
    > http://www.dingens.org/breakout-en.exe
    >
    > Yours,
    > VB.
    > --
    > "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    > deutschen Schlafzimmern passiert".
    > Harald Schmidt zum "Weltjugendtag"

    Sorry, we're talking different things. You're talking personal firewalls -
    I'm talking appliances.

    I agree with personal firewalls - I lost a lot of faith in them some time
    ago.
Ask a new question

Read More

Firewalls Software Networking