Firewalls and Wireless Routers

[JW]

While I certainly agree with you, that
"many people running ZA and others that just happily click Accept or
Allow to every request. I'm always amazed at how they install it and
never learn anything past the install.",
the primary point of my message was in the first paragraph,
not the occasional exception ( the 1-10% who are clueless ).

Since i have often been told that i have a problem communicating, allow me
to restate the primary point of my message, without restating the
exceptions. Here is the primary point of my message.

Since a combination of superb anti-virus software and a superb router would
still allow Unauthorized outbound communication to go on Unimpeded, and
since a superb router would also allow Undesirable inbound communication if
it is in direct response to any Unauthorized outbound communication
originating from within the network (which the router would think the user
really Authorized), i would think that a software firewall that stops
Unauthorized outbound communication would be an essential element of a home
network. And I would think this is true, regardless of and despite the fact
that any firewall (whether hardware or software) can be misused in the hands
of a clueless newcomer. Certainly inappropriate permissions can be Allowed,
and appropriate permissions can be Disallowed, with a Hardware firewall,
just as with a Software firewall. Right ? Just like a key is an essential
part of the security of a house, regardless of and despite the fact that
clueless people can misuse it and leave the key lying under the mat.

My point is that the added benefit of a superb Software firewall (despite
the obvious possibility of misuse) is that it does something that the
hardware firewall does Not do. Specifically, the Software firewall has the
capability to stop and ask you, "Is this right ?" but the Hardware firewall
does not have this capability.


news.ops.worldnet.att.net>, (e-mail address removed)
says...

Since a combination of superb anti-virus software and a superb router
would
still allow unauthorized outbound communication to go on unimpeded, and
since a superb router would also allow undesirable inbound communication
if
it is in direct response to any unauthorized outbound communication
originating from within the network (which the router would think the user
really authorized), i would think that a software firewall that stops
unauthorized outbound communication would be an essential element of a
home
network.

Yes, there is the possibility of human error, but while some new users
might
be clueless at first, maybe 90-99% of us deserve the benefit of the doubt,
that when asked by ZoneAlarm

And there lies the crux of the problem - 90% of people using computers
are just doing that - using the computer. They have not clue. I've found
many people running ZA and others that just happily click Accept or
Allow to every request. I'm always amazed at how they install it and
never learn anything past the install.

 

[JW]

p.s.
i forgot to mention, that i appreciate and have learned from the
contributions you have made to this newsgroup, now and in the past.


news.ops.worldnet.att.net>, (e-mail address removed)
says...

Since a combination of superb anti-virus software and a superb router
would
still allow unauthorized outbound communication to go on unimpeded, and
since a superb router would also allow undesirable inbound communication
if
it is in direct response to any unauthorized outbound communication
originating from within the network (which the router would think the user
really authorized), i would think that a software firewall that stops
unauthorized outbound communication would be an essential element of a
home
network.

Yes, there is the possibility of human error, but while some new users
might
be clueless at first, maybe 90-99% of us deserve the benefit of the doubt,
that when asked by ZoneAlarm

And there lies the crux of the problem - 90% of people using computers
are just doing that - using the computer. They have not clue. I've found
many people running ZA and others that just happily click Accept or
Allow to every request. I'm always amazed at how they install it and
never learn anything past the install.

 

[JW]

another scenario that confirms the primary point of my message can be found
in the following excerpt

Routers like the Linksys and Microsoft models fend off externally launched
attacks, while software firewalls protect systems from worms spread
internally through shared drives, by e-mail, or via file-sharing
applications such as Kazaa and Gnutella. Software firewalls are also a must
for laptops that leave the protection of a home or office router and connect
to public Wi-Fi hotspots or hotel networks

taken from the PC World article found at
http://www.pcworld.com/reviews/article/0,aid,115939,pg,1,00.asp

this confirms the fact that a strong Software firewall is an essential part
of home PC security, and performs additional functions that Hardware
firewalls do not.


While I certainly agree with you, that
"many people running ZA and others that just happily click Accept or
Allow to every request. I'm always amazed at how they install it and
never learn anything past the install.",
the primary point of my message was in the first paragraph,
not the occasional exception ( the 1-10% who are clueless ).

Since i have often been told that i have a problem communicating, allow me
to restate the primary point of my message, without restating the
exceptions. Here is the primary point of my message.

Since a combination of superb anti-virus software and a superb router would
still allow Unauthorized outbound communication to go on Unimpeded, and
since a superb router would also allow Undesirable inbound communication if
it is in direct response to any Unauthorized outbound communication
originating from within the network (which the router would think the user
really Authorized), i would think that a software firewall that stops
Unauthorized outbound communication would be an essential element of a home
network. And I would think this is true, regardless of and despite the fact
that any firewall (whether hardware or software) can be misused in the hands
of a clueless newcomer. Certainly inappropriate permissions can be Allowed,
and appropriate permissions can be Disallowed, with a Hardware firewall,
just as with a Software firewall. Right ? Just like a key is an essential
part of the security of a house, regardless of and despite the fact that
clueless people can misuse it and leave the key lying under the mat.

My point is that the added benefit of a superb Software firewall (despite
the obvious possibility of misuse) is that it does something that the
hardware firewall does Not do. Specifically, the Software firewall has the
capability to stop and ask you, "Is this right ?" but the Hardware firewall
does not have this capability.


news.ops.worldnet.att.net>, (e-mail address removed)
says...

Since a combination of superb anti-virus software and a superb router
would
still allow unauthorized outbound communication to go on unimpeded, and
since a superb router would also allow undesirable inbound communication
if
it is in direct response to any unauthorized outbound communication
originating from within the network (which the router would think the user
really authorized), i would think that a software firewall that stops
unauthorized outbound communication would be an essential element of a
home
network.

Yes, there is the possibility of human error, but while some new users
might
be clueless at first, maybe 90-99% of us deserve the benefit of the doubt,
that when asked by ZoneAlarm

And there lies the crux of the problem - 90% of people using computers
are just doing that - using the computer. They have not clue. I've found
many people running ZA and others that just happily click Accept or
Allow to every request. I'm always amazed at how they install it and
never learn anything past the install.

 

[Leythos]

My point is that the added benefit of a superb Software firewall (despite
the obvious possibility of misuse) is that it does something that the
hardware firewall does Not do. Specifically, the Software firewall has the
capability to stop and ask you, "Is this right ?" but the Hardware firewall
does not have this capability.

Without additional resources a firewall appliance has no clue what
applications are running on your computer. The way you work around that
issue is by understanding what the internal computers actually need
externally in order to work. As an example, I have an email server in my
home, this means that only the email server needs external SMTP access,
the internal computers don't need it - so I have a firewall rule that
permits only the mail server to use SMTP outbound (and Inbound). This
keeps rogue SMTP apps from sending mail directly from the workstations
to the public.

The same is true for many services when using a REAL firewall appliance,
you understand what systems need what level of access and provide them
only that level. As an example, in my home, we have a BUNCH of computers
and with the exception of two of them, all run through a HTTP rule that
does not permit ActiveX or scripting content to reach the internal
computers. The same with web content filtering - those same machines
have 13 of 14 categories blocked. There are two HTTP rules in my
firewall, one for the group systems (and all unknowns) and one for two
development systems and authenticated users in the approved list.

With some IDS systems, they monitor the PC and can communicate with the
firewall in real time - if the IDS detects a rouge app it will shut-down
the PC and also enter a block in the firewall for it.

So, while firewall appliances in general don't have a clue about the
apps on your PC, they do know what ports your PC wants to use and a
proper security method would be to setup a network where rogue apps
can't get out past the firewall.

Now, your typical home user router (with NAT) can also protect your
network, although no where near as good as a Firewall appliance. A NAT
box can often be setup to block outbound traffic to "destination" ports
so that things like PORTS 135~139,445,1433,1434 never make it past the
router. If you had an internal mails server, just a relay, you might be
able to block outbound SMTP traffic from all but that relay server (but
most users don't buy a router of that quality).

I have never seen a personal firewall save anyone that was already using
a NAT box.

 

[Leythos]

p.s.
i forgot to mention, that i appreciate and have learned from the
contributions you have made to this newsgroup, now and in the past.

That makes it all worth my time - thanks.

I started out in Usenet in the early 80's, it was (and still is) a great
learning tool. I always try and give back to the people that helped me
when I needed it.

 

[Leythos]

news.ops.worldnet.att.net>, (e-mail address removed)
says...

taken from the PC World article found at
http://www.pcworld.com/reviews/article/0,aid,115939,pg,1,00.asp

this confirms the fact that a strong Software firewall is an essential part
of home PC security, and performs additional functions that Hardware
firewalls do not.

Yes, but, it's only as good as the user managing it - and most users, at
least the hundreds in my experience, don't have a clue.

Many users will think that a personal firewall is all that they need,
but, while it's a good starting point, it does require configuration,
updates, management, and does not block anything before it hits the PC.
A router will prevent most of the crap on the net from the attack and
does not impose any performance penalty on the PC.

 

[JW]

yes, we are both in agreement here. both the hardware and the software
firewall are only as good as the user managing it. they both need proper
configuration, management, and occasional updates. both have strong points
and weak points.

the hardware firewall blocks traffic before it reaches the PC, thus avoiding
the added load on PC resources. the hardware firewall can also direct
traffic for certain ports to multiple special-purpose PCs (web servers, mail
servers, RAS servers, and so on, and one more for the remaining traffic).
99% of home users probably have only 1 PC though.

the strong advantage of a software firewall is stated clearly by Gibson
Research Corp in the documentation for LeakTest at www.grc.com . it says to
go ahead and try doing what some Trojans do. temporarily rename one of the
programs that require internet access (e.g. one that has a rule in the
hardware firewall allowing outbound communication). then rename
LeakTest.exe to become the program which we just renamed. now when it is
executed, a superior Software firewall will stop and ask "Do you want to
allow this outbound communication ?" however, a hardware firewall will not
stop and ask, but just allow the rogue pretender to go through without
question.

can it happen ? not only can, but has happened, still happens, and will
continue to for 2 reasons. first because there are ways to introduce
Trojans and worms, that bypass the anti-virus protection. second, some
infections have been known to outsmart anti-virus protection, and either
shut them down, replace their components, or use vulnerabilities to take
control of the operating system. (this is included for the benefit of other
readers, since you know this already.)

AV protection is only as good as the sleep-deprived programmer hired to
write it. of course, the same can be said about a software firewall, and
many have a history of problems (Norton's firewall, for example). that's
why i firmly believe the hardware and software firewalls are essential
elements of a Multi-layered protection plan. both have strengths -- some
different, some in common. for example, the home user who takes his laptop
to the airport no longer has his home router to protect him, and, without a
software firewall, would be at the mercy of whatever cheap router the coffee
shop decided to use.


news.ops.worldnet.att.net>, (e-mail address removed)
says...

taken from the PC World article found at
http://www.pcworld.com/reviews/article/0,aid,115939,pg,1,00.asp

this confirms the fact that a strong Software firewall is an essential
part
of home PC security, and performs additional functions that Hardware
firewalls do not.

Yes, but, it's only as good as the user managing it - and most users, at
least the hundreds in my experience, don't have a clue.

Many users will think that a personal firewall is all that they need,
but, while it's a good starting point, it does require configuration,
updates, management, and does not block anything before it hits the PC.
A router will prevent most of the crap on the net from the attack and
does not impose any performance penalty on the PC.

 

[JW]

and therein lies one of the problems with hardware firewalls, as well as
software firewalls. i think we are in agreement on the strengths and
weaknesses of not only the hardware and software issues, but also the user
issues. 90-99% of home users do not want to figure out how to work around
the issues, figure out all the port requirements of every program that needs
access to the internet, or figure out how to write rules for the hardware
firewall to filter content and screen out undesirable scripts.

they just want to plug it in and forget about it. they probably don't know
and don't care that ZoneAlarm is able to not only filter out undesirable
scripts and ActiveX and Mime objects, but do it selectively on a
website-by-website basis. on the other hand, they would actually have to
avoid opening TrendMicro's firewall program to NOT see that it can filter
out over a dozen different categories of undesirable web content, without
learning to write rules. the points you make about the strengths of
hardware firewalls are well taken and soundly supported.

the strong advantage of a software firewall is also stated clearly by Gibson
Research Corp in the documentation for LeakTest at www.grc.com . it says to
go ahead and try doing what some Trojans do. temporarily rename one of the
programs that require internet access (e.g. one that has a rule in the
hardware firewall allowing outbound communication). then rename
LeakTest.exe to become the program which we just renamed. now when it is
executed, a superior Software firewall will stop and ask "Do you want to
allow this outbound communication ?" however, a hardware firewall will not
stop and ask, but just allow the rogue pretender to go through without
question.

can it happen ? not only can, but has happened, still happens, and will
continue to for 2 reasons. first because there are ways to introduce
Trojans and worms, that bypass the anti-virus protection. second, some
infections have been known to outsmart anti-virus protection, and either
shut them down, replace their components, or use vulnerabilities to take
control of the operating system. (this is included for the benefit of other
readers, since you know this already.)

AV protection is only as good as the sleep-deprived programmer hired to
write it. of course, the same can be said about a software firewall, and
many have a history of problems (Norton's firewall, for example). that's
why i firmly believe hardware and software firewalls are both essential
elements of a Multi-layered protection plan. both have strengths -- some
different, some in common. for example, the home user who takes his laptop
to the airport no longer has his home router to protect him, and, without a
software firewall, would be at the mercy of whatever cheap router the coffee
shop decided to use.



Without additional resources a firewall appliance has no clue what
applications are running on your computer. The way you work around that
issue is by understanding what the internal computers actually need
externally in order to work. As an example, I have an email server in my
home, this means that only the email server needs external SMTP access,
the internal computers don't need it - so I have a firewall rule that
permits only the mail server to use SMTP outbound (and Inbound). This
keeps rogue SMTP apps from sending mail directly from the workstations
to the public.

The same is true for many services when using a REAL firewall appliance,
you understand what systems need what level of access and provide them
only that level. As an example, in my home, we have a BUNCH of computers
and with the exception of two of them, all run through a HTTP rule that
does not permit ActiveX or scripting content to reach the internal
computers. The same with web content filtering - those same machines
have 13 of 14 categories blocked. There are two HTTP rules in my
firewall, one for the group systems (and all unknowns) and one for two
development systems and authenticated users in the approved list.

With some IDS systems, they monitor the PC and can communicate with the
firewall in real time - if the IDS detects a rouge app it will shut-down
the PC and also enter a block in the firewall for it.

So, while firewall appliances in general don't have a clue about the
apps on your PC, they do know what ports your PC wants to use and a
proper security method would be to setup a network where rogue apps
can't get out past the firewall.

Now, your typical home user router (with NAT) can also protect your
network, although no where near as good as a Firewall appliance. A NAT
box can often be setup to block outbound traffic to "destination" ports
so that things like PORTS 135~139,445,1433,1434 never make it past the
router. If you had an internal mails server, just a relay, you might be
able to block outbound SMTP traffic from all but that relay server (but
most users don't buy a router of that quality).

I have never seen a personal firewall save anyone that was already using
a NAT box.

 

[Leythos]

news.ops.worldnet.att.net>, (e-mail address removed)
says...

can it happen ? not only can, but has happened, still happens, and will
continue to for 2 reasons. first because there are ways to introduce
Trojans and worms, that bypass the anti-virus protection.

The same is true for ones that shut down the firewall applications.

second, some
infections have been known to outsmart anti-virus protection, and either
shut them down, replace their components, or use vulnerabilities to take
control of the operating system. (this is included for the benefit of other
readers, since you know this already.)

The same happens to the firewall software, it's really anything running
on a PC has the ability to stop any protective service on a system - for
the benefit of those that don't already know this.

AV protection is only as good as the sleep-deprived programmer hired to
write it.

I agree, and I've stated that the definitions are "reactionary" and
delayed. There are AV programs that have the ability to detect and
isolate viruses that have no current definitions - they do this based on
virus like signatures.

of course, the same can be said about a software firewall, and
many have a history of problems (Norton's firewall, for example). that's
why i firmly believe hardware and software firewalls are both essential
elements of a Multi-layered protection plan. both have strengths -- some

We agree, a firewall appliance and a personal firewall are necessary for
a complete security solution, combined with quality antivirus software.

different, some in common. for example, the home user who takes his laptop
to the airport no longer has his home router to protect him, and, without a
software firewall, would be at the mercy of whatever cheap router the coffee
shop decided to use.

Ah, this is one after my own heart. I travel to clients across the
country and take my laptop with me everywhere. I run Tiny personal
firewall, an older version, on my laptop and use when I leave the
security of my home or office. I even run it inside the clients offices,
and have found more than one rogue system because of it. But, again,
we're back to people understanding how to use personal firewall
solutions - how many people can determine that it's permitted to allow a
DNS query when at the airport WAP vs a probe from another WAP users
system? How many people can get their firewall working when they check
into the hotel without permitting the entire net block? Many personal
firewalls automatically trust your subnet - meaning that if your home
network was a 192.168.0.0/24 it would trust all 253 nodes, and if you
connected at the hotel to a 10.0.0.0/24 it would trust all those nodes
too. Many of the professional versions don't do this, but many of the
free versions do.

When it comes to laptops I have a small 1 port NAT device I take with me
on trips, I use it when I have a cabled connection to a network. When
I'm at the airport I use Tiny and know what to allow.

If I had to make a suggestion to a user, a home user, a non-technical
type, it would be to get the router first - this would permit them to
get on-line, updated, downloaded, etc... before their machine has a
chance to become compromised. Second would be to make sure that they
have a quality antivirus solution (not a virus/firewall suite) and that
it's fully updated. Third would be to install a personal firewall
application, but, depending on the user, I might not even suggest it.

My mother in law is a good example of a non-technical user: She bought a
new Dell computer while I was on a trip, called me and asked me what to
do, and I said "Leave it in the box till I get home to secure it and
install a router". When I got home she was complaining about how slow
the computer was and all sorts of pop-ups were taking over her machine.
Her oldest son (almost 40) had helped her install it (He's a MAC person)
and connected the Windows XP system directly to the Road Runner Cable
connection. I was away for about a week, and in that time she had been
compromised by more than 400 spyware tools, tool-bar helpers, dialers,
and many viruses. In addition she was running as Administrator, had not
updated the AV software and had not done any MS Updates.

The simple solution was as follows: Disconnect computer from net, delete
partitions, create TWO partitions (OS/Data), install XP, disable
file/printer sharing, install NAT DEVICE, connect to internet through
NAT device, get OS updates, setup AutoUpdate for 3AM every day to
install updates, install AV, get av updates, install MS Office, get
Office Updates, install personal applications, install FireFox, install
Thunderbird, setup User Account, password both Administrator and User
accounts. Set IE for High-Security Mode for all user account and
Administrator Account. When she uses the computer she uses the User
Account, and does not use IE except for banking sites or POGO (game
site). She uses Thunderbird for email. In the almost 1 year that she's
been running like this she has not had a single case of spyware or any
viruses. The only time she runs as admin is for QuickBooks, it won't run
as a user level account.

I was over at her house for Christmas and did a check on her system, not
one problem item was uncovered, and the router logs looked clean.

Based on the above configuration I don't think that a personal firewall
in place of the router would have protected her system as well, and I
don't think that a personal firewall in addition to the router would
have protected her any better. Don't get me wrong, a personal firewall
solution in the hands of a knowledgeable user is a great tool, but in
the hands of the ignorant it's just a threat to them.

For those still on dial-up, there are a few NAT phone dialer devices on
the market, but most home users are not willing to pay for one. In their
cases a personal firewall application is absolutely necessary, but so is
learning how to use it and to understand the threats.

 

[JW]

p.s.
i really appreciate the detail with which you responded, because i learned
some stuff i didn't know before. i don't know if any personal firewall has
"ever saved anyone that was already using a NAT box", but i know it
certainly is conceivable, as stated by AV-Test experts in the following
excerpt :

"Consider the Bagle worm, which hides its identity by injecting itself into
the Windows Explorer application. When AV-Test infected a system with this
worm, the McAfee, Norton, Sygate, and ZoneAlarm firewalls asked "Do you want
to allow Windows Explorer to access the Internet ?" Attentive users might
wonder why the app was spontaneously trying to access the Internet, but
others might simply click the OK button without considering the
implications."

"To avoid such problems, you might opt for a port-filtering firewall of the
type included in the Windows XP operating system or a port- and
packet-filtering firewall like the one in Trend Micro's PC-cillin Internet
Security 2004 suite. Packet-filtering firewalls monitor data passing to and
from the computer and look for known vulnerabilities or suspicious behavior.
For example, they can block attempts to access backdoor ports that e-mail
worms may have opened to receive instructions from remote hackers."


Now, if this happened with a program that already had permission from the
Hardware firewall to access the internet (e.g. an Email program, browser,
music player, IM/chat program, etc.), then the Hardware firewall would not
question this breach of security, and allow outbound communication
privileges for the infected program. this would still be true regardless of
whether or not the buyer of the new router decided he wanted to learn all
the port requirements of all the programs that need internet access, and
learn how to write rules for access permissions, which most often does not
happen.



i think we both agree that software and hardware firewalls have both similar
and different strengths and weaknesses, which makes them both essential
elements of a Multi-layered protection plan for home PCs. together, they
make a stronger defense; separately, they are more vulnerable. for other
readers, this discussion is only about average home PC users, and does not
apply to industrial strength network security for corporations. the excerpt
was taken from a PC World article found at
http://www.pcworld.com/reviews/article/0,aid,115939,pg,2,00.asp

My point is that the added benefit of a superb Software firewall (despite
the obvious possibility of misuse) is that it does something that the
hardware firewall does Not do. Specifically, the Software firewall has
the
capability to stop and ask you, "Is this right ?" but the Hardware
firewall
does not have this capability.

Without additional resources a firewall appliance has no clue what
applications are running on your computer. The way you work around that
issue is by understanding what the internal computers actually need
externally in order to work. As an example, I have an email server in my
home, this means that only the email server needs external SMTP access,
the internal computers don't need it - so I have a firewall rule that
permits only the mail server to use SMTP outbound (and Inbound). This
keeps rogue SMTP apps from sending mail directly from the workstations
to the public.

The same is true for many services when using a REAL firewall appliance,
you understand what systems need what level of access and provide them
only that level. As an example, in my home, we have a BUNCH of computers
and with the exception of two of them, all run through a HTTP rule that
does not permit ActiveX or scripting content to reach the internal
computers. The same with web content filtering - those same machines
have 13 of 14 categories blocked. There are two HTTP rules in my
firewall, one for the group systems (and all unknowns) and one for two
development systems and authenticated users in the approved list.

With some IDS systems, they monitor the PC and can communicate with the
firewall in real time - if the IDS detects a rouge app it will shut-down
the PC and also enter a block in the firewall for it.

So, while firewall appliances in general don't have a clue about the
apps on your PC, they do know what ports your PC wants to use and a
proper security method would be to setup a network where rogue apps
can't get out past the firewall.

Now, your typical home user router (with NAT) can also protect your
network, although no where near as good as a Firewall appliance. A NAT
box can often be setup to block outbound traffic to "destination" ports
so that things like PORTS 135~139,445,1433,1434 never make it past the
router. If you had an internal mails server, just a relay, you might be
able to block outbound SMTP traffic from all but that relay server (but
most users don't buy a router of that quality).

I have never seen a personal firewall save anyone that was already using
a NAT box.

 

[R. McCarty]

Leythos - Good posting.

It exemplifies the dilemma with usability vs. security. I had a
similar situation recently with a new Dell desktop. Only several
weeks old and covered up in Spyware, Trojans and the like.

I've gotten to where I have differing levels of "Hardening"
depending on the user's skill level. You can't protect the ones
who insist on using P2P, Poker on-line and all the "Freebies"
with the hidden extras. Even Adobe has slipped Yahoo into the
latest Reader 7.0 installer package.

Trying to keep customers safe on the net is like pushing back
the tide.

 

[JW]

yes, another excellent posting, Leythos.
very insightful and rich with experience.

again, i really appreciate the detail of your response, and the patience and
respect you always show people like me, who are less knowledgeable and less
experienced.

now, i am going to take a nap before spending all day watching football.
Have a Happy New Year. we probably will talk here again some day.

Jonathan


news.ops.worldnet.att.net>, (e-mail address removed)
says...

can it happen ? not only can, but has happened, still happens, and will
continue to for 2 reasons. first because there are ways to introduce
Trojans and worms, that bypass the anti-virus protection.

The same is true for ones that shut down the firewall applications.

second, some
infections have been known to outsmart anti-virus protection, and either
shut them down, replace their components, or use vulnerabilities to take
control of the operating system. (this is included for the benefit of
other
readers, since you know this already.)

The same happens to the firewall software, it's really anything running
on a PC has the ability to stop any protective service on a system - for
the benefit of those that don't already know this.

AV protection is only as good as the sleep-deprived programmer hired to
write it.

I agree, and I've stated that the definitions are "reactionary" and
delayed. There are AV programs that have the ability to detect and
isolate viruses that have no current definitions - they do this based on
virus like signatures.

of course, the same can be said about a software firewall, and
many have a history of problems (Norton's firewall, for example). that's
why i firmly believe hardware and software firewalls are both essential
elements of a Multi-layered protection plan. both have strengths -- some

We agree, a firewall appliance and a personal firewall are necessary for
a complete security solution, combined with quality antivirus software.

different, some in common. for example, the home user who takes his
laptop
to the airport no longer has his home router to protect him, and, without
a
software firewall, would be at the mercy of whatever cheap router the
coffee
shop decided to use.

Ah, this is one after my own heart. I travel to clients across the
country and take my laptop with me everywhere. I run Tiny personal
firewall, an older version, on my laptop and use when I leave the
security of my home or office. I even run it inside the clients offices,
and have found more than one rogue system because of it. But, again,
we're back to people understanding how to use personal firewall
solutions - how many people can determine that it's permitted to allow a
DNS query when at the airport WAP vs a probe from another WAP users
system? How many people can get their firewall working when they check
into the hotel without permitting the entire net block? Many personal
firewalls automatically trust your subnet - meaning that if your home
network was a 192.168.0.0/24 it would trust all 253 nodes, and if you
connected at the hotel to a 10.0.0.0/24 it would trust all those nodes
too. Many of the professional versions don't do this, but many of the
free versions do.

When it comes to laptops I have a small 1 port NAT device I take with me
on trips, I use it when I have a cabled connection to a network. When
I'm at the airport I use Tiny and know what to allow.

If I had to make a suggestion to a user, a home user, a non-technical
type, it would be to get the router first - this would permit them to
get on-line, updated, downloaded, etc... before their machine has a
chance to become compromised. Second would be to make sure that they
have a quality antivirus solution (not a virus/firewall suite) and that
it's fully updated. Third would be to install a personal firewall
application, but, depending on the user, I might not even suggest it.

My mother in law is a good example of a non-technical user: She bought a
new Dell computer while I was on a trip, called me and asked me what to
do, and I said "Leave it in the box till I get home to secure it and
install a router". When I got home she was complaining about how slow
the computer was and all sorts of pop-ups were taking over her machine.
Her oldest son (almost 40) had helped her install it (He's a MAC person)
and connected the Windows XP system directly to the Road Runner Cable
connection. I was away for about a week, and in that time she had been
compromised by more than 400 spyware tools, tool-bar helpers, dialers,
and many viruses. In addition she was running as Administrator, had not
updated the AV software and had not done any MS Updates.

The simple solution was as follows: Disconnect computer from net, delete
partitions, create TWO partitions (OS/Data), install XP, disable
file/printer sharing, install NAT DEVICE, connect to internet through
NAT device, get OS updates, setup AutoUpdate for 3AM every day to
install updates, install AV, get av updates, install MS Office, get
Office Updates, install personal applications, install FireFox, install
Thunderbird, setup User Account, password both Administrator and User
accounts. Set IE for High-Security Mode for all user account and
Administrator Account. When she uses the computer she uses the User
Account, and does not use IE except for banking sites or POGO (game
site). She uses Thunderbird for email. In the almost 1 year that she's
been running like this she has not had a single case of spyware or any
viruses. The only time she runs as admin is for QuickBooks, it won't run
as a user level account.

I was over at her house for Christmas and did a check on her system, not
one problem item was uncovered, and the router logs looked clean.

Based on the above configuration I don't think that a personal firewall
in place of the router would have protected her system as well, and I
don't think that a personal firewall in addition to the router would
have protected her any better. Don't get me wrong, a personal firewall
solution in the hands of a knowledgeable user is a great tool, but in
the hands of the ignorant it's just a threat to them.

For those still on dial-up, there are a few NAT phone dialer devices on
the market, but most home users are not willing to pay for one. In their
cases a personal firewall application is absolutely necessary, but so is
learning how to use it and to understand the threats.

 

[Leythos]

p.s.
i really appreciate the detail with which you responded, because i learned
some stuff i didn't know before. i don't know if any personal firewall has
"ever saved anyone that was already using a NAT box", but i know it
certainly is conceivable, as stated by AV-Test experts in the following
excerpt :

"Consider the Bagle worm, which hides its identity by injecting itself into
the Windows Explorer application. When AV-Test infected a system with this
worm, the McAfee, Norton, Sygate, and ZoneAlarm firewalls asked "Do you want
to allow Windows Explorer to access the Internet ?" Attentive users might
wonder why the app was spontaneously trying to access the Internet, but
others might simply click the OK button without considering the
implications."

"To avoid such problems, you might opt for a port-filtering firewall of the
type included in the Windows XP operating system or a port- and
packet-filtering firewall like the one in Trend Micro's PC-cillin Internet
Security 2004 suite. Packet-filtering firewalls monitor data passing to and
from the computer and look for known vulnerabilities or suspicious behavior.
For example, they can block attempts to access backdoor ports that e-mail
worms may have opened to receive instructions from remote hackers."


Now, if this happened with a program that already had permission from the
Hardware firewall to access the internet (e.g. an Email program, browser,
music player, IM/chat program, etc.), then the Hardware firewall would not
question this breach of security, and allow outbound communication
privileges for the infected program. this would still be true regardless of
whether or not the buyer of the new router decided he wanted to learn all
the port requirements of all the programs that need internet access, and
learn how to write rules for access permissions, which most often does not
happen.



i think we both agree that software and hardware firewalls have both similar
and different strengths and weaknesses, which makes them both essential
elements of a Multi-layered protection plan for home PCs. together, they
make a stronger defense; separately, they are more vulnerable. for other
readers, this discussion is only about average home PC users, and does not
apply to industrial strength network security for corporations. the excerpt
was taken from a PC World article found at
http://www.pcworld.com/reviews/article/0,aid,115939,pg,2,00.asp

Your reply, or the way it's formatted, makes it look like I posted the
above information - as you look at the indents > it appears at the same
level as what you quoted from my message below.

I would suggest that you abandon Outlook Express for usenet and get one
of the proper usenet reader applications. OE is good for email, but is
terrible at Usenet. I think you can find a Quote Fix service pack for
OE, you might need to install it if you have not already.

 

[JW]

you're right. i never saw this before. sorry, i don't know why this
happened.

i would like to abandon Outlook Express for everything, Email included.

of the alternative Email clients (Thunderbird, Netscape, etc.), which in
your opinion has a better newsgroup reader/writer ?

or if you recommend i use a newsgroup reader/writer that's Not part of any
Email program, can you suggest the name of a suitable newsgroup
reader/writer program ?

thanks again.
Jonathan

p.s.
i really appreciate the detail with which you responded, because i learned
some stuff i didn't know before. i don't know if any personal firewall
has
"ever saved anyone that was already using a NAT box", but i know it
certainly is conceivable, as stated by AV-Test experts in the following
excerpt :

"Consider the Bagle worm, which hides its identity by injecting itself
into
the Windows Explorer application. When AV-Test infected a system with this
worm, the McAfee, Norton, Sygate, and ZoneAlarm firewalls asked "Do you
want
to allow Windows Explorer to access the Internet ?" Attentive users might
wonder why the app was spontaneously trying to access the Internet, but
others might simply click the OK button without considering the
implications."

"To avoid such problems, you might opt for a port-filtering firewall of
the
type included in the Windows XP operating system or a port- and
packet-filtering firewall like the one in Trend Micro's PC-cillin Internet
Security 2004 suite. Packet-filtering firewalls monitor data passing to
and
from the computer and look for known vulnerabilities or suspicious
behavior.
For example, they can block attempts to access backdoor ports that e-mail
worms may have opened to receive instructions from remote hackers."


Now, if this happened with a program that already had permission from the
Hardware firewall to access the internet (e.g. an Email program, browser,
music player, IM/chat program, etc.), then the Hardware firewall would not
question this breach of security, and allow outbound communication
privileges for the infected program. this would still be true regardless
of
whether or not the buyer of the new router decided he wanted to learn all
the port requirements of all the programs that need internet access, and
learn how to write rules for access permissions, which most often does not
happen.



i think we both agree that software and hardware firewalls have both
similar
and different strengths and weaknesses, which makes them both essential
elements of a Multi-layered protection plan for home PCs. together, they
make a stronger defense; separately, they are more vulnerable. for other
readers, this discussion is only about average home PC users, and does not
apply to industrial strength network security for corporations. the
excerpt
was taken from a PC World article found at
http://www.pcworld.com/reviews/article/0,aid,115939,pg,2,00.asp

Your reply, or the way it's formatted, makes it look like I posted the
above information - as you look at the indents > it appears at the same
level as what you quoted from my message below.

I would suggest that you abandon Outlook Express for usenet and get one
of the proper usenet reader applications. OE is good for email, but is
terrible at Usenet. I think you can find a Quote Fix service pack for
OE, you might need to install it if you have not already.

 

[JW]

in seems weird that my original posting looks normal,
but in your reply, it looks like you wrote it, instead of me.

anyway, i would appreciate your recommendation of a suitable newsgroup
reader/writer program.
thanks

p.s.
i really appreciate the detail with which you responded, because i learned
some stuff i didn't know before. i don't know if any personal firewall
has
"ever saved anyone that was already using a NAT box", but i know it
certainly is conceivable, as stated by AV-Test experts in the following
excerpt :

"Consider the Bagle worm, which hides its identity by injecting itself
into
the Windows Explorer application. When AV-Test infected a system with this
worm, the McAfee, Norton, Sygate, and ZoneAlarm firewalls asked "Do you
want
to allow Windows Explorer to access the Internet ?" Attentive users might
wonder why the app was spontaneously trying to access the Internet, but
others might simply click the OK button without considering the
implications."

"To avoid such problems, you might opt for a port-filtering firewall of
the
type included in the Windows XP operating system or a port- and
packet-filtering firewall like the one in Trend Micro's PC-cillin Internet
Security 2004 suite. Packet-filtering firewalls monitor data passing to
and
from the computer and look for known vulnerabilities or suspicious
behavior.
For example, they can block attempts to access backdoor ports that e-mail
worms may have opened to receive instructions from remote hackers."


Now, if this happened with a program that already had permission from the
Hardware firewall to access the internet (e.g. an Email program, browser,
music player, IM/chat program, etc.), then the Hardware firewall would not
question this breach of security, and allow outbound communication
privileges for the infected program. this would still be true regardless
of
whether or not the buyer of the new router decided he wanted to learn all
the port requirements of all the programs that need internet access, and
learn how to write rules for access permissions, which most often does not
happen.



i think we both agree that software and hardware firewalls have both
similar
and different strengths and weaknesses, which makes them both essential
elements of a Multi-layered protection plan for home PCs. together, they
make a stronger defense; separately, they are more vulnerable. for other
readers, this discussion is only about average home PC users, and does not
apply to industrial strength network security for corporations. the
excerpt
was taken from a PC World article found at
http://www.pcworld.com/reviews/article/0,aid,115939,pg,2,00.asp

Your reply, or the way it's formatted, makes it look like I posted the
above information - as you look at the indents > it appears at the same
level as what you quoted from my message below.

I would suggest that you abandon Outlook Express for usenet and get one
of the proper usenet reader applications. OE is good for email, but is
terrible at Usenet. I think you can find a Quote Fix service pack for
OE, you might need to install it if you have not already.

 

[Ken Blake]

In

you're right. i never saw this before. sorry, i don't know
why this
happened.

i would like to abandon Outlook Express for everything, Email
included.

of the alternative Email clients (Thunderbird, Netscape, etc.),
which
in your opinion has a better newsgroup reader/writer ?

or if you recommend i use a newsgroup reader/writer that's Not
part
of any Email program, can you suggest the name of a suitable
newsgroup
reader/writer program ?

I'm not the person you were asking, but I'll throw my two cents
in anyway. You should choose the E-mail client that works best
for you and best meets your needs. And you should choose the
newsreader that works best for you and best meets your needs. You
should make those choices without regard to whether you end up
with one program or two. It doesn't matter.

As far as which to choose in each category, my view is that we
all work differently and have different needs; a feature that's
critical to me may be useless to you. So other people's opinions
hardly matter. Fortunately most E-mail clients and newsreaders
are freeware or shareware, so it's easy to try a bunch and select
the ones that *you* like best, instead of relying on someone
else's opinions.

 

[Jack Gillis]

In


I'm not the person you were asking, but I'll throw my two cents in
anyway. You should choose the E-mail client that works best for you
and best meets your needs. And you should choose the newsreader that
works best for you and best meets your needs. You should make those
choices without regard to whether you end up with one program or two.
It doesn't matter.

As far as which to choose in each category, my view is that we all
work differently and have different needs; a feature that's critical
to me may be useless to you. So other people's opinions hardly matter.
Fortunately most E-mail clients and newsreaders are freeware or
shareware, so it's easy to try a bunch and select the ones that *you*
like best, instead of relying on someone else's opinions.

Ken,

I guess I'm just in a contemplative mood today, the first of the year,
but what you said about E-mail and Newsgroup clients would pretty much
apply to most things. Well said.

Happy New Year.

 

[Leythos]

news.ops.worldnet.att.net>, (e-mail address removed)
says...

of the alternative Email clients (Thunderbird, Netscape, etc.), which in
your opinion has a better newsgroup reader/writer ?

or if you recommend i use a newsgroup reader/writer that's Not part of any
Email program, can you suggest the name of a suitable newsgroup
reader/writer program ?

I never use an email program for Usenet and both Thunderbird and
Netscape are email clients. I use MicroPlanet Gravity, and it's a great
tool, used it for about 10 years. There are others, but a search of
Usenet readers on google might give you a lot to choose from.

 

[Leythos]

As far as which to choose in each category, my view is that we
all work differently and have different needs; a feature that's
critical to me may be useless to you. So other people's opinions
hardly matter. Fortunately most E-mail clients and newsreaders
are freeware or shareware, so it's easy to try a bunch and select
the ones that *you* like best, instead of relying on someone
else's opinions.

Ken, you are quite correct, but there are differences in the default
behavior of a Usenet reader and Outlook Express. As you should know,
being a MVP, Outlook Express does not handle replies like a typical
Usenet reader would without a little work, and most people don't even
know about Usenet let alone how to make OE work like a typical Usenet
reader.

My opinion is based on using Usenet for more than 20 years, Microsoft
products since DOS came out, and also many other products that have many
other features. I would never suggest, to anyone, that they use OE for
Usenet (or Netscape or ThunderBird). I like to see people use the
properly designed tool for the job, not something that had a feature
appended after the fact.

 

[Ken Blake]

In

Ken,

I guess I'm just in a contemplative mood today, the first of
the year,
but what you said about E-mail and Newsgroup clients would
pretty much
apply to most things. Well said.

Thanks, Jack. I think it applies to a lot of things, but not
necessarily all, or even most. There are categories of software
(anti-virus, anti-spyware, and firewall, for example, come to
mind) where it's not simply a matter of personal preference or
which fits your personal needs or usage patterns. Different
products have different amounts of effectiveness, and choices
shouldn't be made simply on personal preference; how well they
work is more important than which you like.