(Msg. 9) Posted: Thu Jul 31, 2008 3:11 pm
Post subject: Re: Modem with NAT firewall, do I also need a software firewall? Add to elertz [Login to view extended thread Info.] Archived from groups: microsoft>public>windowsxp>hardware (more info?)
in my opinion even known safe programs report usage via the internet, and I
want to know when that happens, and decide myself if it's ok, or block it.
so I would suggest a software firewall, but get a good one.
"Shenan Stanley" wrote:
> Mikey wrote:
> > Recently purchased a Zoom 5660 modem / router. It has a
> > Network Address Translation firewall and Stateful Packet
> > Inspection. The computer it's installed on also has
> > Zonealarm (free version) installed. Is Zonealarm still
> > neccesary with this modem or can it be uninstalled?
>
> Shenan Stanley wrote:
> > Zone Alarm was never necessary in truth.
> >
> > The internal Windows XP Firewall would have given you as much
> > inbound protection as ZoneAlarm.
> >
> > My suggestion - save the resources and save your sanity -
> > disconnect from the Internet, uninstall Zone Alarm, make sure the
> > Windows XP Firewall is enabled, reconnect to the Internet.
>
> Mikey wrote:
> > But from what I understand, the Windows XP firewall only blocks
> > incoming traffic, not outgoing, and ZoneAlarm blocks both.
>
> Bluntly (IMHO):
> If you need outgoing protection - you're already messed up.
>
> In other words - if you need to stop something on your computer from
> communicating with something outside your computer you've either installed
> or allowed to become installed something that needs to do that to fulfill
> its purpose. Either you did not research what you were installing or you
> have been infected/infested by something. In either case - there was
> nothing keeping said application from changing the configuration of your
> outgoing firewall as it installed so that you still do not know it is
> communicating externally.
>
> However - you are welcome to utilize Zone Alarm or any other software
> firewall of your choice. It's not my place to say what *you* need or don't
> need. I would highly suggest you leave some software firewall running on
> your machine - even if you are behind a NAT device or even a hardware
> firewall. It can serve to protect you from anyone also behind the same
> NAT/firewall device and anyone who compromises the security of said device.
> It is an extra layer of security - and one that (in the case of the Windows
> firewall) requires practically no configuration by most users (or manual
> upkeep of any type - as Windows Updates will keep it patched.)
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html >
>
>
(Msg. 10) Posted: Thu Jul 31, 2008 3:29 pm
Post subject: Re: Modem with NAT firewall, do I also need a software firewall? Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Shenan Stanley wrote:
> Mikey wrote:
>
>>Recently purchased a Zoom 5660 modem / router. It has a
>>Network Address Translation firewall and Stateful Packet
>>Inspection. The computer it's installed on also has
>>Zonealarm (free version) installed. Is Zonealarm still
>>neccesary with this modem or can it be uninstalled?
>
>
> Shenan Stanley wrote:
>
>>Zone Alarm was never necessary in truth.
>>
>>The internal Windows XP Firewall would have given you as much
>>inbound protection as ZoneAlarm.
>>
>>My suggestion - save the resources and save your sanity -
>>disconnect from the Internet, uninstall Zone Alarm, make sure the
>>Windows XP Firewall is enabled, reconnect to the Internet.
>
>
> Mikey wrote:
>
>>But from what I understand, the Windows XP firewall only blocks
>>incoming traffic, not outgoing, and ZoneAlarm blocks both.
>
>
> Bluntly (IMHO):
> If you need outgoing protection - you're already messed up.
True enough, but outgoing protection gives you some (relatively) early warning
that your PC has been compromised; without it, you could run for years with
malware phoning home and sending your personal data (e.g., credit card info)
to the Russian Mafia.
And, if you have multiple PCs behind a router, the inbound protection of ZA
(or whatever you like) prevents one compromised PC from spreading its virii
to the other PCs.
I've been using ZAF and ZA$ on my PCs for years. ZA is far better than
M$'s firewall on XP, and far easier that M$'s firewall on Vista, IMHO.
--
Cheers, Bob
(Msg. 11) Posted: Thu Jul 31, 2008 5:14 pm
Post subject: Re: Modem with NAT firewall, do I also need a software firewall? Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
"Mikey" <Mikey RemoveThis @not_here.not_there_either.nope> wrote in message
news:4891E119.5075B730@not_here.not_there_either.nope...
>
>
> Mike Hall - MVP wrote:
>
>> "Mikey" <Mikey RemoveThis @not_here.not_there_either.nope> wrote in message
>> news:4891D95B.E6DFA0CF@not_here.not_there_either.nope...
>> > Recently purchased a Zoom 5660 modem / router. It has a
>> > Network Address Translation firewall and Stateful Packet
>> > Inspection. The computer it's installed on also has
>> > Zonealarm (free version) installed. Is Zonealarm still
>> > neccesary with this modem or can it be uninstalled?
>> >
>>
>> You do not need Zonealarm unless you like popups to tell you that the ISP
>> is
>> checking that you are still active..
>>
>> --
>> Mike Hall - MVP
>> How to construct a good post..
>> http://dts-l.com/goodpost.htm >> How to use the Microsoft Product Support Newsgroups..
>> http://support.microsoft.com/default.aspx?pr=newswhelp&style=toc >> Mike's Window - My Blog..
>> http://msmvps.com/blogs/mikehall/default.aspx >
> I've had Zonealarm installed on that computer for a few years (with a
> modem that
> didn't have a firewall) and never got any popups from my ISP.
>
(Msg. 12) Posted: Thu Jul 31, 2008 7:26 pm
Post subject: Re: Modem with NAT firewall, do I also need a software firewall? Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Mike Hall - MVP wrote:
> "Mikey" <Mikey DeleteThis @not_here.not_there_either.nope> wrote in message
> news:4891E119.5075B730@not_here.not_there_either.nope...
> >
> >
> > Mike Hall - MVP wrote:
> >
> >> "Mikey" <Mikey DeleteThis @not_here.not_there_either.nope> wrote in message
> >> news:4891D95B.E6DFA0CF@not_here.not_there_either.nope...
> >> > Recently purchased a Zoom 5660 modem / router. It has a
> >> > Network Address Translation firewall and Stateful Packet
> >> > Inspection. The computer it's installed on also has
> >> > Zonealarm (free version) installed. Is Zonealarm still
> >> > neccesary with this modem or can it be uninstalled?
> >> >
> >>
> >> You do not need Zonealarm unless you like popups to tell you that the ISP
> >> is
> >> checking that you are still active..
> >>
> >> --
> >> Mike Hall - MVP
> >> How to construct a good post..
> >> http://dts-l.com/goodpost.htm > >> How to use the Microsoft Product Support Newsgroups..
> >> http://support.microsoft.com/default.aspx?pr=newswhelp&style=toc > >> Mike's Window - My Blog..
> >> http://msmvps.com/blogs/mikehall/default.aspx > >
> > I've had Zonealarm installed on that computer for a few years (with a
> > modem that
> > didn't have a firewall) and never got any popups from my ISP.
> >
>
> Do you check every entry in the logs?
>
> --
> Mike Hall - MVP
> How to construct a good post..
> http://dts-l.com/goodpost.htm > How to use the Microsoft Product Support Newsgroups..
> http://support.microsoft.com/default.aspx?pr=newswhelp&style=toc > Mike's Window - My Blog..
> http://msmvps.com/blogs/mikehall/default.aspx
No, I hardly ever check the log, but just did and see there are quite a few
entries there and some could be from my ISP. If I kept seeing popups every so
often it'd be annoying. But since I don't see the popups and they only appear
in the log I don't see what the problem is.
(Msg. 13) Posted: Thu Jul 31, 2008 8:13 pm
Post subject: Re: Modem with NAT firewall, do I also need a software firewall? Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
On Thu, 31 Jul 2008 11:25:15 -0400, Mikey
<Mikey.RemoveThis@not_here.not_there_either.nope> wrote:
>Recently purchased a Zoom 5660 modem / router. It has a
>Network Address Translation firewall and Stateful Packet
>Inspection. The computer it's installed on also has
>Zonealarm (free version) installed. Is Zonealarm still
>neccesary with this modem or can it be uninstalled?
(Msg. 14) Posted: Fri Aug 01, 2008 3:11 am
Post subject: Re: Modem with NAT firewall, do I also need a software firewall? Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
On Thu, 31 Jul 2008 12:56:10 -0400, Mikey wrote:
> Shenan Stanley wrote:
>
>> Mikey wrote:
>>> Recently purchased a Zoom 5660 modem / router. It has a
>>> Network Address Translation firewall and Stateful Packet
>>> Inspection. The computer it's installed on also has
>>> Zonealarm (free version) installed. Is Zonealarm still
>>> neccesary with this modem or can it be uninstalled?
>>
>> Zone Alarm was never necessary in truth.
>>
>> The internal Windows XP Firewall would have given you as much inbound
>> protection as ZoneAlarm.
>>
>> My suggestion - save the resources and save your sanity - disconnect from
>> the Internet, uninstall Zone Alarm, make sure the Windows XP Firewall is
>> enabled, reconnect to the Internet.
>>
>> --
>> Shenan Stanley
>> MS-MVP
>> --
>> How To Ask Questions The Smart Way
>> http://www.catb.org/~esr/faqs/smart-questions.html >
> But from what I understand, the Windows XP firewall only blocks incoming
> traffic, not outgoing, and ZoneAlarm blocks both.
The only reasonable way to deal with malware is to prevent it from being
run in the first place. That's what AV software or Windows' System
Restriction Policies are doing. And what 3rd party Personal Firewalls fail
to do!
The only way dealing with ZA is to use:
http://zonealarm.donhoover.net/uninstall.html
For the average homeuser, the Windows Firewall in XP does a fantastic job
at its core mission and is really all you need if you have an 'real-time'
anti-virus program, [another firewall on your router or] other edge
protection like SeconfigXP and practise safe-hex.
The windows firewall deals with inbound protection and therefore does not
give you a false sense of security. Best of all, it doesn't implement lots
of nonsense like pretending that outbound traffic needs to be monitored.
Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs
and Services under the Exception tab.
Read through:
In conjunction with WinXP SP2 Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
and 445 (the most exploited Windows networking weak point) closed.
If on high-speed Internet connection use a router.
For the average homeuser it is suggested blocking both TCP and UDP ports
135 ~ 139 and 445 on the router and implement countermeasures against
DNSChanger.
(Msg. 15) Posted: Fri Aug 01, 2008 3:11 am
Post subject: Re: Modem with NAT firewall, do I also need a software firewall? Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
On Thu, 31 Jul 2008 15:29:08 -0400, Bob Willard wrote:
> Shenan Stanley wrote:
>> Mikey wrote:
>>
>>>Recently purchased a Zoom 5660 modem / router. It has a
>>>Network Address Translation firewall and Stateful Packet
>>>Inspection. The computer it's installed on also has
>>>Zonealarm (free version) installed. Is Zonealarm still
>>>neccesary with this modem or can it be uninstalled?
>>
>>
>> Shenan Stanley wrote:
>>
>>>Zone Alarm was never necessary in truth.
>>>
>>>The internal Windows XP Firewall would have given you as much
>>>inbound protection as ZoneAlarm.
>>>
>>>My suggestion - save the resources and save your sanity -
>>>disconnect from the Internet, uninstall Zone Alarm, make sure the
>>>Windows XP Firewall is enabled, reconnect to the Internet.
>>
>>
>> Mikey wrote:
>>
>>>But from what I understand, the Windows XP firewall only blocks
>>>incoming traffic, not outgoing, and ZoneAlarm blocks both.
>>
>>
>> Bluntly (IMHO):
>> If you need outgoing protection - you're already messed up.
>
> True enough, but outgoing protection gives you some (relatively) early warning
> that your PC has been compromised; without it, you could run for years with
> malware phoning home and sending your personal data (e.g., credit card info)
> to the Russian Mafia.
>
> And, if you have multiple PCs behind a router, the inbound protection of ZA
> (or whatever you like) prevents one compromised PC from spreading its virii
> to the other PCs.
>
> I've been using ZAF and ZA$ on my PCs for years. ZA is far better than
> M$'s firewall on XP, and far easier that M$'s firewall on Vista, IMHO.
Your view is misguided. If you're really concerned about Internet Security
and care about your PC you need to do some reading
1. Do not work in elevated level; Day-to-day work should be performed
while the User Account Control (UAC) is enabled.
2. Familiarize yourself with "Services Hardening in Windows Vista".
3. Don't expose services to public networks.
4. Keep your operating (OS) system (and all software on it)
updated/patched.
5. Reconsider the usage of IE.
5a.Secure (Harden) Internet Explorer.
6. Review your installed 3rd party software applications/utilities;
Remove clutter, *including* 3rd party software personal (so-called)
firewall application (PFW) - the one which claims: "It can stop/control
malicious outbound traffic".
7. Activate the build-in firewall and tack together its advanced
configuration settings.
7a.If on high-speed internet connection use a router as well.
For the average homeuser it is suggested blocking both TCP and UDP
ports 135 ~ 139 and 445 on the router and implement countermeasures
against DNSChanger.
And (just in case) Wired Equivalent Privacy (WEP) has been superseded by
Wi-Fi Protected Access (WPA).
8. Routinely practice safe-hex.
Also ensure you do:
a. Regularly back-up data/files.
b. Familiarize yourself with crash recovery tools and with
re-installing your operating system (OS).
c. Utilize a real-time anti-virus application and vital system
monitoring utilities/applications.
d. Keep abreast of the latest developments.
And finally:
Most computer magazines and/or (computer) specialized websites are *biased*
i.e. heavily weighted towards the (advertisement) dollar almighty!
Therefore:
a. Be cautious selecting software applications touted in publications
relying on advertisement revenue.
b. Do take their *test-results* of various software with a
*considerable* amount of salt!
c. Which also applies to their *investigative* in-depth test reports
related to any software applications.
d. Investigate claims made by software manufacturer *prior* downloading
their software; Subscribing to noncommercial-type publications,
specialized newsgroups and/or fora (to some extend) are a great way
to find out the 'nitty-gritties' and to consider various options.
(Msg. 16) Posted: Fri Aug 01, 2008 3:11 am
Post subject: Re: Modem with NAT firewall, do I also need a software firewall? Add to elertz [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
On Thu, 31 Jul 2008 12:39:13 -0700 (PDT), smlunatick wrote:
> On Jul 31, 8:29 pm, Bob Willard <BobwB....RemoveThis@TrashThis.comcast.net>
> wrote:
>> Shenan Stanley wrote:
>>> Mikey wrote:
>>
>>>>Recently purchased a Zoom 5660 modem / router. It has a
>>>>Network Address Translation firewall and Stateful Packet
>>>>Inspection. The computer it's installed on also has
>>>>Zonealarm (free version) installed. Is Zonealarm still
>>>>neccesary with this modem or can it be uninstalled?
>>
>>> Shenan Stanley wrote:
>>
>>>>Zone Alarm was never necessary in truth.
>>
>>>>The internal Windows XP Firewall would have given you as much
>>>>inbound protection as ZoneAlarm.
>>
>>>>My suggestion - save the resources and save your sanity -
>>>>disconnect from the Internet, uninstall Zone Alarm, make sure the
>>>>Windows XP Firewall is enabled, reconnect to the Internet.
>>
>>> Mikey wrote:
>>
>>>>But from what I understand, the Windows XP firewall only blocks
>>>>incoming traffic, not outgoing, and ZoneAlarm blocks both.
>>
>>> Bluntly (IMHO):
>>> If you need outgoing protection - you're already messed up.
>>
>> True enough, but outgoing protection gives you some (relatively) early warning
>> that your PC has been compromised; without it, you could run for years with
>> malware phoning home and sending your personal data (e.g., credit card info)
>> to the Russian Mafia.
>>
>> And, if you have multiple PCs behind a router, the inbound protection of ZA
>> (or whatever you like) prevents one compromised PC from spreading its virii
>> to the other PCs.
>>
>> I've been using ZAF and ZA$ on my PCs for years. ZA is far better than
>> M$'s firewall on XP, and far easier that M$'s firewall on Vista, IMHO.
>> --
>> Cheers, Bob
>
> I second that!! ZA (any version) gives you some more measure of
> protection for monitoring Internet outgoing activity.
Most 3rd party software (so-called) firewall applications are nothing but
snake oil; They give you a false sense of security!
All times are: Eastern Time (US & Canada) (change) Goto page Previous1, 2, 3
Page 2 of 3
You can post new topics in this forum You can reply to topics in this forum You can edit your posts in this forum You can delete your posts in this forum You can vote in polls in this forum
Home
Forums
Home
FAQ
Search
Profile
Private Messages
Log in/Register/Password
Windows XP