Solved

Personal Firewall verses SPI router

Posted on 2004-08-07
11
1,222 Views
Last Modified: 2013-11-16
I have in the past used a personal firewall (Zonealarm) very happily. However, recent versions seem to cause a lot of instability on XP. I have seen some advice to replace the functionality with a SPI router.

My question: does not the software firewall still provide additional protection against trojans that try to "phone home?"

I am evaluating the latest Zonealarm update to see if they have cured the instability problems. I am also moving to install Linksys WRT54GS wireless routers with built-in SPI.
0
Comment
Question by:jasimon9
  • 3
  • 3
  • 2
  • +3
11 Comments
 
LVL 10

Expert Comment

by:dis1931
ID: 11744552
Routers are good.  They do similar but since it is a seperate hardware device it doesn't task the PC to do work and won't cause incompatability.  Also, once set up it manages itself for the most part.  It is still good to use Anti-Virus software and run Spybot and Ad-Aware to complement the router as you will still get viruses or the such even with the router.  A software firewall can still allow viruses and other such things if you access something that you think is ok but has a virus.  I think hardware firewalls are better than software from a standpoint of speed and since it is not directly affecting my system resources.
0
 
LVL 10

Assisted Solution

by:dis1931
dis1931 earned 100 total points
ID: 11744553
The hardware firewall will only allow traffic to go through it if you either have a port open or have requested something such as a webpage.  The best protection for trojans, viruses, etc... is to install and keep up to date a good antivirus package and scan your drive regularly.
0
 

Author Comment

by:jasimon9
ID: 11744670
OK, I understand virus and spyware scanning.

Trying to be more specific: in addition to the firewall function of Zonealarm, there is also the program control function that prevents a trojan from "phoning home." Will the router firewall also prevent this through an open port?

It seems that Zonealarm does add a safety factor by requiring explicit permission for each new program.
0
 
LVL 10

Expert Comment

by:dis1931
ID: 11744739
if this is your main concern then the software firewall is the only way to go as i know it.  However, I have never ran a software firewall and have never had a trojan, i keep my anti-virus up to date scan often and check for spyware adware often.  It keeps my PC clean.  If you never get one you don't have to worry about it calling home.  Just my preference i guess....i don't like to give access to all my programs from the software firewall and i causes too many problems on top of too much customizing especially since I rebuild my laptop and PCs often depending on what project i am working on at the time.
0
 
LVL 9

Accepted Solution

by:
tosh9iii earned 100 total points
ID: 11744820
Here's a comparison chart of some firewalls and antivirus software:

http://www.pcworld.com/resource/printable/article/0,aid,115939,00.asp
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 4

Assisted Solution

by:net_sec_guru
net_sec_guru earned 100 total points
ID: 11745058
If you are truly worried about a trojan "phoning home" then I would highly suggest that you do a defense in depth. Don't rely on a single entity to handle everything for you.

Set up your router with ACL's / restrictive policies.
Keep current A/V software on your machine - and regularly update the definition pattern files!
And use a personal firewall on your machine.

The personal firewall does not have to be ZoneAlarm. There are a number of free personal firewalls for your PC. In fact, XP has one on it by default (which will become a lot more flexible with SP2).

So I would recommend using both the router and firewall.

0
 
LVL 4

Expert Comment

by:net_sec_guru
ID: 11745066
And software firewalls do not specifically address trojans. This is something that a lot of A/V vendors are trying to accomplish and add to their products. This is signature based so it will only be as good as the definition pattern file that is on the A/V product (again a good reason to stay current!)
0
 
LVL 31

Assisted Solution

by:rid
rid earned 50 total points
ID: 11745590
Very generally, a router (ordinary home/small office thingy, doing NAT) will stop unrequested traffic from outside, thus protecting the LAN from spontaneous attacks. If the communication is initiated from within the LAN, even malicious traffic will be allowed inside. This problam calls for either an individual firewall on each machine or a router that can block even outgoing requests on supicious ports. Depending on how much you want to spend, the more advanced router is probably the best solution, as individual software firewalls on all machines do create a speed and stability problem instead.
/RID
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 50 total points
ID: 11745667
a seperate hardware firewall can't protect your trojan phoning home in general, and your software firewall on the same host can't do either (at least it can't be trusted > 80%, replace 80 by whatever you feel good).
The reason is simple: my trojan calls home on port 80 or 443.
Assuming that such a trojan is not that stupid running its own executable or dll, which will be detected (hopefully) by each persnal firewall. But if it is a plugin to your browser (like those "home page hijackers"), no firewall is able to detect it.
A special application level firewall might do it. Feel free to search the web to find a few claiming to be able to do so. :-]
0
 

Author Comment

by:jasimon9
ID: 11748285
Some really good comment is developing out of this question. It appears to be a relatively subtle or complex issue. Although I would prefer not to have to have the software firewall running on each pc, it appears that the current best practice (short of elaborate defense-in-depth) is probably to continue with some sort of software firewall in addition to the SPI router.

Based upon valuable comment from all, I am splitting points.
0
 

Author Comment

by:jasimon9
ID: 11748656
Also, the article provided by tosh9iii was comprehensive and very informative. Splitting only 125 so many ways is kind of disappointing, so I am going to increase the points to justify a 5-way split.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now