Firewalls - are they really needed?

Conor_3

chuckles1066 wrote: »

God knows what info they're sending back to Microsoft HQ

Nothing. svchost is used by non microsoft stuff as well.

[Deleted User]

Conor wrote: »

Do I really have to go to Securityfocus and post some links?

Falling on deaf ears I'm afraid. Post away

RobertoMoir

aliEnRIK wrote: »

Im actually amazed YOU dont have one Torres. you know, for those 'dodgy' programs

For the debate ~
IF you get a keylogger or some other spyware/malware on your computer (VERY possible)
then without a decent firewall it WILL send information out (Keylogger in particular could send out your passwords as you write them etc).
Simple as that really

Anyone at all going to try to claim that getting these on the computer is IMPOSSIBLE?

This is a bit of a logical fallacy though.

A software firewall is a program (or service or daemon or whatever) running on your PC. Right?

Spyware / Trojans / Viruses are programs (or potentially also services /daemons) running on your PC, right?

Spyware /Trojans.. uhh you know what, I'm gonna just say "malware" from now on. Where was I? Oh yes...

Malware generally attempts to run as admin/root/whatever. Right?
Admin users can change the firewall rules. Right?
Therefore... code running in the admin context can change the firewall rules. Right?

Therefore... Malware can potentially change the firewall rules to allow itself through. Or just piggyback onto traffic that's allowed through anyway (outgoing HTTP / SMTP / IRC).

Remind me again what a software firewall does to prevent outgoing traffic?

ukbill69

NO software firewall, your mad. The good thing about a firewall you can restrict what software you let out. Now what about open ports on your system????, if any are open then you may be in trouble and let people to view your screen, if on windows xp then C drive is a shared drive.

DatabaseError

^ cheers for that, Bill. If you have a bit of foil left over from your hatmaking...

Airwolf1

https://www.grc.com/x/ne.dll?bh0bkyd2 is a good site for testing your pc/firewall.

[Deleted User]

ukbill69 wrote: »

NO software firewall, your mad. The good thing about a firewall you can restrict what software you let out. Now what about open ports on your system????, if any are open then you may be in trouble and let people to view your screen, if on windows xp then C drive is a shared drive.

Did you read my initial post?!

aliEnRIK

RobertoMoir wrote: »

This is a bit of a logical fallacy though.

A software firewall is a program (or service or daemon or whatever) running on your PC. Right?

Spyware / Trojans / Viruses are programs (or potentially also services /daemons) running on your PC, right?

Spyware /Trojans.. uhh you know what, I'm gonna just say "malware" from now on. Where was I? Oh yes...

Malware generally attempts to run as admin/root/whatever. Right?
Admin users can change the firewall rules. Right?
Therefore... code running in the admin context can change the firewall rules. Right?

Therefore... Malware can potentially change the firewall rules to allow itself through. Or just piggyback onto traffic that's allowed through anyway (outgoing HTTP / SMTP / IRC).

Remind me again what a software firewall does to prevent outgoing traffic?

Ok ~ lets think about this logically
A keylogger is on a computer. It wants to call outwards
It has NO clue what firewall is on the computer
So following what you said there it would have to have the correct information to bypass every know firewall that could limit it from talking outwards.
I find that VERY unlikely (Aside from the fact that all the decent firewall software programmers are continuly updating said software firewalls)

Dont get me wrong. NOTHING is completely safe. But im saying that it IS safer to use a software firewall (And further to that, a 3rd party software firewall as if the NEXT generation Microsoft OS system DOES have a firewall that auto blocks outgoing then THATS what the keylogging program would try to disable)

Each to their own, but I feel safer knowing I can see when ANYTHING tries to call outwards. And even if my firewall WAS compromised, it would pop up telling me as such.

[Deleted User]

aliEnRIK wrote: »

I can see when ANYTHING tries to call outwards. And even if my firewall WAS compromised, it would pop up telling me as such.

Assuming the malware doesn't disable the firewall...

Or assuming the malware doesn't hijack an existing session of a program you’ve already authorised meaning you won’t even see a pop-up box asking for permission.

As I've said before I believe in a multi-layered approach of running anti-virus scans, anti-spyware scans and anti-malware scans in addition to a hardware firewall and the Windows XP Firewall SP3. I'm still yet to be swayed in favour of outbound firewalls...

aliEnRIK

Deleted_User wrote: »

Assuming the malware doesn't disable the firewall...

Or assuming the malware doesn't hijack an existing session of a program you’ve already authorised meaning you won’t even see a pop-up box asking for permission.

As I've said before believe running anti-virus scans, anti-spyware scans and anti-malware scans in addition to a hardware firewall and Windows XP Firewall SP3.

Absolutely. But again, the programmers will update the firewalls as and when they find these malicious programs exist (or at least to the best of their abilities) to try to prevent such problems

Nothing ANYONE says is going to sway me on this.

Computers ARE 'safer' (read ~ not COMPLETELY safe) with a decent software firewall. Everything else is subjective.