Page 1 of 3 123 LastLast
Results 1 to 15 of 37
  1. #1
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,792
    Thanks
    117
    Thanked 798 Times in 719 Posts

    Ask Leo: Is an Outbound Firewall needed

    http://ask-leo.com/is_an_outbound_fi...IvwgjEP72ZdfbL

    Sums up my feelings completely.

    Jerry

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    In brief, Leo's case against outbound detection on software firewalls appears to be (1) it's too late, you're already infected; (2) it degrades system performance; and (3) it generates annoying false positives.

    This feature provides a backup layer of protection against outbound leaks of personal information; participation in bot activity, such as spamming and denial of service attacks; and other unexpected behavior of software you may have installed. Individual users will have to decide whether this layer of protection is worth the cost in performance and occasional permission dialogs (if they are not occasional, there may be better software available).

  3. #3
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,792
    Thanks
    117
    Thanked 798 Times in 719 Posts
    One other problem I have with outbound software firewalls is they can cause other software and the network to fail in non obvious ways. When ever I troubleshoot a network problem on a PC, the first step I take is to disable any running firewalls. Zonealarm has a history of causing problems but there are others. Some posters on the board have run them with no ill effects. I just have never run across a system that detected a problem with an outbound firewall that wasn't detected elsewhere. Maybe I need to get out more. As you say, the choice is personal.

    Jerry

  4. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Actually an outbound firewall may as well be the last barrier stopping any malware from calling home. It does provide an additional layer of security, precisely because of that.

    Many security apps that are seen as firewalls are not exactly or not only network firewalls. Many are also what ZA kind of named OS firewall, controlling which apps should be allowed to run and using several strategies for that.

    As with any other software, there are good, average and bad firewalls, be them network or OS firewalls. ZA was the best for a while, then had huge problems. I don't think they are the best any longer, but there are other that offer a lot of interesting features and that are every good. I use one and wouldn't be without it.

  5. #5
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I agree with Rui. He and I both use the Online Armor++ S/W firewall. I would suspect his is set up similarly to mine in that inbound/outbound are both enabled. I have found the firewall works very unobtrusively, does not seem to consume much in the way of system resources, and gives me control over how and what I let in or out. Many moons ago I tried ZA and very quickly said good-bye to it. Did not like the UI at all. Online Armor seems very user friendly.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  6. #6
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    I believe that an outbound firewall is normally a waste of time & effort. If via the firewall you discover that malware is attempting to use the Internet your security is already compromised. There is absolutely no telling what has been done to your system. You have lost control.

    However, if it makes anyone feel better go ahead and use outbound controls.

    Joe

  7. #7
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Although much of the articles' mention of outbound firewalling is true It would still be worth the effort in maintaining one.
    Like others have mentioned, an additional layer of security, albeit a late one at that.

    People would do well to get to know what processes are normally running on their systems and why.
    Knowing what is normal can go a long way in spotting something that may be an aberrancy.

  8. #8
    3 Star Lounger
    Join Date
    Mar 2010
    Location
    USA
    Posts
    301
    Thanks
    65
    Thanked 39 Times in 30 Posts
    I am late on this topic but I'd like to add my 2 cents:
    I had an experience that my young son's PC got infected, sending tons of spam out.
    A few days later, my cable company (my ISP) called (then backed up with a letter) and threatened to shut me down, because I used the line 'illegally' as a 'server to spam'.
    The tech guy then suggested that our PC(s) maybe infected. I found and cleaned up the PC. I installed firewall with outbound control on my young son's PC. No more problem.
    Yes, there were hassles to 'train' the firewall to allow legit programs for outbound transmit. The hassle got less and less when the firewall was finally 'trained' (aka knowing all the legit programs.)
    I'll take that hassle any day, than to deal with ISP who may shut you down first before asking questions. Or worse, slow down your speed silently to control excessive bandwidth usage.

  9. #9
    Gold Lounger Roderunner's Avatar
    Join Date
    Dec 2009
    Location
    Scotland.
    Posts
    3,462
    Thanks
    16
    Thanked 216 Times in 183 Posts
    I have used Outpost FW Pro for a few years, therefore I know exactly what it does, plus, their are some of my apps that auto check for updates at start up or on a schedule and are given permission when they get updated. If by chance I forget to do it, Filehippo Update Checker does it for me. (portable version).
    O wad some Power the giftie gie us, to see oursels as ithers see us!

  10. #10
    3 Star Lounger
    Join Date
    Jul 2011
    Location
    Florida
    Posts
    399
    Thanks
    168
    Thanked 28 Times in 26 Posts
    The Online Armor++ is apparently also an Antivirus application. Do you use it alongside MSE?

  11. #11
    mart44
    Guest
    It might be too late but an outbound connection alert would let you know that malware has got in undetected. Without that, you might have carried on thinking all is well.
    Last edited by mart44; 2011-10-18 at 02:03.

  12. #12
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by Trev View Post
    The Online Armor++ is apparently also an Antivirus application. Do you use it alongside MSE?
    Yes, OA ++ can be used alongside another AV app. Depending on the computer, I use it with MSE or Vipre. They run fine, side by side.

  13. #13
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I also use Online Armor++ and MSE both running in real time with no difficulties. Quite honestly I had forgotten that Online Armor++ was more than just an excellent firewall. Seems to play nicely with other AV/AM apps.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  14. #14
    3 Star Lounger
    Join Date
    Jul 2011
    Location
    Florida
    Posts
    399
    Thanks
    168
    Thanked 28 Times in 26 Posts
    Quote Originally Posted by ruirib View Post
    Yes, OA ++ can be used alongside another AV app. Depending on the computer, I use it with MSE or Vipre. They run fine, side by side.
    Interesting...goes against the perceived wisdom of running more than one AV program.
    Still, if it works...

  15. #15
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by Trev View Post
    Interesting...goes against the perceived wisdom of running more than one AV program.
    Still, if it works...
    OA does not behave as a regular AV, except on system scans. When not scanning, OA does not monitor the file system as an AV app does. Instead, it monitors running programs and their used components (dll's) and checks then against its AV sigs. So OA is really a good "OS firewall" that uses "whitelisting" (together with OASIS) to determine what programs can run and also uses AV sigs when dealing with new programs or components. So, you really are not getting two AVs running together in the usual sense.
    Last edited by ruirib; 2011-10-18 at 11:57.

  16. The Following User Says Thank You to ruirib For This Useful Post:

    Medico (2011-10-18)

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •