Firewalls: Windows, Comodo, ZoneAlarm, None...?

[thrawnis]

Hi Everyone,

I already have a D-Link DIR-655 router with the appropriate firewall enabled and WPA2/AES encryption for wireless at home (also have an isolated guest wireless zone for friends/guests with the same WPA2/AES encryption). All my computers only have the integrated Windows 7 Firewall in use and active.

Is there a legitimate need to have a more robust software firewall such as Comodo or ZoneAlarm? Can I just disable the Windows firewall since my router has a built-in firewall?

My setup: two gaming machines, one personal media server (with a handful of ports forwarding from my router for specific apps), several other media consumption devices such as PS3/Xbox 360/iPad/etc. Server has Avast Free Anti-virus, my gaming computer has MS Security Essentials, wife's gaming computer has AVG Free. I intentionally put a different, free, legitimately researched anti-virus product on each computer so that I can identify any infected software on my network and server.

Thanks!!

[tokenuser]

If you trust the router firewall, then you should not need a firewall on each machine. Software firewalls add overhead that is unnecessary if the machines are on a secured LAN.

If you don't trust the router firewall, or have a laptop that goes on untrusted networks, then a personal firewall might be needed on that machine to block unverified outgoing packets (something like ZoneAlarm).

[justpeon]

Do agree that on MSWindows machines local firewall software is a burden. Not all threats come through the cable. Any machine that does wifi without a good firewall is ludicrous.

[ghelyar]

A decent antivirus is much more important than personal firewall software.


People generally won't try to do things that personal firewalls stop. They either want to install something on your computer (which a decent AV should stop, and UAC should help too) or they want to see your network traffic, which personal firewalls don't stop anyway (you need a VPN or some other form of encrypted tunnelling).



In my experience software such as ZoneAlarm causes far more problems than it solves, which is probably why it's much less popular now than it used to be.


Firewall software and router NAT perform different roles. NAT drops incoming packets that aren't assigned to go anywhere. It's not very secure, but it's generally good enough because home users just don't get targeted. Firewall software will do things like stop you from sending mass emails if you become a zombie, which NAT won't do, but a good AV will do that anyway.


For use on a desktop computer that isn't going to be used on public wifi, router NAT + windows firewall + Microsoft Security Essentials should be more than enough.

The best thing you can do by far is just to be careful what you click on. If I can train my mother, a woman who believes that the button on the monitor turns the whole computer off, not to click on bad links, nobody has any excuse.


P.S. AVG is just about the worst piece of crap I've ever seen.

[tokenuser]

Quote:

Originally Posted by ghelyar

P.S. AVG is just about the worst piece of crap I've ever seen.

Surprisingly, MSE is among the best ... and the price is right, and it is regularly updated (pointless having an AV program that is never updated).

Under W7 (and Vista for that matter) the MSE and MS Firewall products were tightly coupled into the OS, and extremely efficient in terms of resource usage, so they were far less obtrusive than third party (non-MS) programs.

There was a time when I was a huge fan of ZoneAlarm, but then it started to get overly bloated and was more trouble with its continual false positives. I turned it off on my laptop, uninstalled it, then moved onto the Windows default firewall.

I still only turned it on when I am out from behind my network at home. I'm on a Mac now, and haven't found a good firewall for OSX, but make sure I turn off my sharing when I leave home ... but its amazing how many other Mac users don't do that, so their music and document libraries appear in my finder. Want to go steal some identities? Sit at a Panera for awhile (OK, those identities aren't that great), or sit outside the club lounge at an airport.

[vahnx]

software firewalls and a/v are overated. just go behind a router n stay up to date with the latest oatches and ull be fine.

[justpeon]

If you are using wifi,, the router will not protect you. Most wifi adapters do not discriminate on where the signal comes from. Even if you use a directional antenna, that does not insure complete safety. One of the reasons units like the pineapple from hak5 are so dangerous.

There was some faux avg software out there that made avg look really bad. I have not used it or any other av as a user in a while. My brother swore by the MSAV until his daughter infected his spouse's machine, He keeps everything up to date. I had to go over and clean it up.

[thrawnis]

I keep everything as locked down as is reasonable for my simple home use but wanted to make sure that I was doing enough. Sounds like I already am.

Thanks for all your help!