Results 1 to 9 of 9
  1. #1
    Star Lounger
    Join Date
    Dec 2009
    Location
    Hong Kong
    Posts
    76
    Thanks
    11
    Thanked 1 Time in 1 Post
    I've recently installed a wireless router, and second PC for a friend.

    The old setup was a single PC (running XP) connected to the DSL broadband modem, using software to make the PPPoE connection.

    I now have the router managing the PPPoE connection, and I changed the internal LAN to use something other than the default 192.168.1.xxx. The router is set to discard internet pings, remote management is disabled. There are no fancy NAT settings, port forwarding,DMZ, etc.

    The new Win7 laptop connects wirelessly. They use Dropbox to share files, so there is no file/folder sharing set up - though that may come later.

    I installed AV software (Avast) on the laptop, and was about to put in a firewall (Comodo) when he asked whether the firewall was necessary now that the network is behind a router. After thinking a while I realised I don't know I've always used a firewall on XP machines because the built in one had such a bad rep but I don't know about win7.

    So my questions are:

    - Does the router mean I can do without software firewalls (and just use the ones built in to Windows) ?
    - is there a real difference between the XP and W7 firewalls?
    - Are there any other connection settings in the router I can use to improve security?
    - Would it make a difference if they start using say Skype or Bittorrent?
    - Would MS Security Essentials have a noticeably smaller impact (on the Win7 system) than Avast?

    Any other security considerations /suggestions for small home networks like this?

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,580
    Thanks
    5
    Thanked 1,058 Times in 927 Posts
    I started using the Windows firewall with Vista and continue with Win7. One big advantage to me is that since it is part of the operating system I don't have to install any more software to get it. Here's my answers to your questions:

    - Does the router mean I can do without software firewalls (and just use the ones built in to Windows) ?
    I would recommend using a software firewall on the PC. Multiple layers of defense are good. I use the Windows firewall.

    - is there a real difference between the XP and W7 firewalls?
    It depends on which version of the XP firewall you mean. The one introduced with SP-2 is very simlilar to the Win7 firewall. IMO, the Win7 firewall is somewhat easier to configure, if you are so inclined, but still not as easy as third party firewalls.

    - Are there any other connection settings in the router I can use to improve security?
    You should use WPA2 with a sufficiently strong password to connect wirelessly. You get to define "sufficiently strong".

    - Would it make a difference if they start using say Skype or- Bittorrent?
    If you are using the Windows firewall it should not make a difference. You may need to open a specific port on the firewall but these days the product installation software often configures a firewall as needed.

    -Would MS Security Essentials have a noticeably smaller impact (on the Win7 system) than Avast?
    Avast is relatively easy on your system. MSE is very lightweight. I doubt you'd notice the difference. I use MSE after having used the free versions of AVG, Avira, and Avast through the years. AVG became too big & bloated for my tastes. With Avast I got tied fo having to renew a key with free software. Can't remember why I stopping using Avira.

    Joe
    Joe

  3. #3
    Star Lounger
    Join Date
    Dec 2009
    Location
    Hong Kong
    Posts
    76
    Thanks
    11
    Thanked 1 Time in 1 Post
    Thanks Joe!

    The XP system is SP3, and up to date with all patches. I have WPA2 on the wireless - I was more concerned with intrusions from the outside while connected to the internet than with someone hacking the wifi.

    Interesting that you say the current XP firewall is similar to Vista/Win7. I'd got it tagged as 'insecure' from the get-go and not updated my information since then.

    I should have added a poll to the post - but I'll take yours as a vote for using the built in windows firewall (as opposed to standalone 3rd party software, or none at all).

  4. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    I think software firewalls are a recommended additional protection level, not so much for the network firewall function, but much more because of what is commonly described as an operating system firewall. An OS firewall will control which programs and components are allowed to execute, regardless of whether they want to connect to the internet or your local network, if you have one. The windows firewalls do not provide any protection of this type, even if on Vista and Win7, the UAC does provide some degree of control over programs.

    I have used both ZoneAlarm and Online Armor, the latter being my current preference. I really like the additional protection it provides. There is a free version, but I go with the additional protection of the ++ version, which uses anti-malware signatures to identify any program or component being executed on your computer.

    Thinking a hardware firewall gives you all the protection you need, with the evolving threats on the net today, may be a very dangerous idea.
    Rui
    -------
    R4

  5. #5
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,580
    Thanks
    5
    Thanked 1,058 Times in 927 Posts
    Quote Originally Posted by Rui Ribeiro View Post
    I think software firewalls are a recommended additional protection level, not so much for the network firewall function, but much more because of what is commonly described as an operating system firewall. An OS firewall will control which programs and components are allowed to execute, regardless of whether they want to connect to the internet or your local network, if you have one. The windows firewalls do not provide any protection of this type, even if on Vista and Win7, the UAC does provide some degree of control over programs.

    I have used both ZoneAlarm and Online Armor, the latter being my current preference. I really like the additional protection it provides. There is a free version, but I go with the additional protection of the ++ version, which uses anti-malware signatures to identify any program or component being executed on your computer.

    Thinking a hardware firewall gives you all the protection you need, with the evolving threats on the net today, may be a very dangerous idea.
    The Vista and Windows 7 firewall both can provide outobund filtering. A user must configure it as by default it is not enabled. Configuring the Vista & Win7 firewall is more complicated that the thrid party firewalls that I know. There is a free third party application available to help - Windows 7 Firewall Control : Sphinx Software. While being able to control outbound access appears to be very useful on the surface you should consider that unless a program runs afoul of other malware detection software it may have done great damage to your system well before attempting to contact the outside world. Spending time & effort on prevention of malware infection is more useful.

    BTW, a firewall does NOT determine whether or not a program is allowed to execute. A firewall only controls whether or not a program is allowed to communicate over a network. The anti-malware components available with most third party firewalls control program execution by detection mechanisms not a general allow/disallow paradigm. In a managed environment, either @ work or @ home, permissions can be granted or revoked to execute programs but this is outside of the scope of a firewall. If a third party firewall claims to be able to control any program execution it is using methods other than the firewall API provided by Windows.

    Joe
    Joe

  6. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by JoeP View Post
    BTW, a firewall does NOT determine whether or not a program is allowed to execute. A firewall only controls whether or not a program is allowed to communicate over a network. The anti-malware components available with most third party firewalls control program execution by detection mechanisms not a general allow/disallow paradigm. In a managed environment, either @ work or @ home, permissions can be granted or revoked to execute programs but this is outside of the scope of a firewall. If a third party firewall claims to be able to control any program execution it is using methods other than the firewall API provided by Windows.

    Joe
    An OS firewall, or what is so frequently called, does just this: allows you to determine whether any given program should be allowed to run or not. This type of monitoring is typical of Host Intrusion Prevention Systems (HIPS), another name for the OS firewall products, probably mor apt. ZoneAlarm, Online Armor, Comodo (I believe as I have never used it) do just this and this is precisely what gives them an advantage over the non HIPS firewalls, such as the windows firewall. It's not just a matter of controlling outside access, but indeed of preventing unknown or known rogue apps and components from being executed.


    My opinion is that running such HIPS systems provides a type of protection you can never get from a router's firewall, and thus such systems are a very interesting additional layer of protection against malware.
    Rui
    -------
    R4

  7. #7
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    To enable easier control of the Windows Firewall, at Gerald's recommendation, I use Windows 7 Firewall Control. This small app is relatively easy to use, and once you have set up which apps may "phone home" it sits in the background quietly. Each new app that tries to set up connections must be given permission. You can give these permissions once or always. What I normally do is when I'm installing new apps, or updating apps the first time, I choose to enable all on the Windows 7 Firewall Control panel, then turn back to normal operation afterward.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  8. #8
    Star Lounger
    Join Date
    Dec 2009
    Location
    Hong Kong
    Posts
    76
    Thanks
    11
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Rui Ribeiro View Post
    An OS firewall, or what is so frequently called, does just this: allows you to determine whether any given program should be allowed to run or not.
    My opinion is that running such HIPS systems provides a type of protection you can never get from a router's firewall, and thus such systems are a very interesting additional layer of protection against malware.
    Comodo does pop up an allow/deny/remember challenge whenever you install or run a new executable, or the first time one tries to acces the network/internet .

    This is mostly good. However I have had problems in the past with sharing printers etc because my wife/daughter have just dismissed a popup. Comodo can be a pain in the neck if you're trying to troubleshoot something and work out what is being blocked, and why. I don't know if this is just Comodo or a feature of firewalls in general ie there's a lot going on so it's just going to be complicated.

    That said - with a router blocking probes from outside, and the Avast/MSE scanning for malware in real time - I've not had a malware infection on any of the PC's I look after in a long time. That's why I was considering doing away with the software firewall on slower PCs.

    But maybe I'll hang on a little longer...

  9. #9
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by Malc View Post
    That said - with a router blocking probes from outside, and the Avast/MSE scanning for malware in real time - I've not had a malware infection on any of the PC's I look after in a long time. That's why I was considering doing away with the software firewall on slower PCs.
    On another forum, a couple weeks ago, we were discussing the merits of using an OS firewall. There was a very experienced member who was in that precise situation - stopped using a software firewall since he bought the router. Coincidentally, he caught a nasty virus just as we were discussing the issue and caught it from his own local network.
    Many people will do fine without a software firewall. It's just another layer of protection that may be useful or not... The one I use has low resource usage on the pc and what it costs would be offset if I was infected, so it's a no brainer for me.
    Rui
    -------
    R4

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •