Solved

Personal Firewall verses SPI router

Posted on 2004-08-07
11
1,229 Views
Last Modified: 2013-11-16
I have in the past used a personal firewall (Zonealarm) very happily. However, recent versions seem to cause a lot of instability on XP. I have seen some advice to replace the functionality with a SPI router.

My question: does not the software firewall still provide additional protection against trojans that try to "phone home?"

I am evaluating the latest Zonealarm update to see if they have cured the instability problems. I am also moving to install Linksys WRT54GS wireless routers with built-in SPI.
0
Comment
Question by:jasimon9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +3
11 Comments
 
LVL 10

Expert Comment

by:dis1931
ID: 11744552
Routers are good.  They do similar but since it is a seperate hardware device it doesn't task the PC to do work and won't cause incompatability.  Also, once set up it manages itself for the most part.  It is still good to use Anti-Virus software and run Spybot and Ad-Aware to complement the router as you will still get viruses or the such even with the router.  A software firewall can still allow viruses and other such things if you access something that you think is ok but has a virus.  I think hardware firewalls are better than software from a standpoint of speed and since it is not directly affecting my system resources.
0
 
LVL 10

Assisted Solution

by:dis1931
dis1931 earned 100 total points
ID: 11744553
The hardware firewall will only allow traffic to go through it if you either have a port open or have requested something such as a webpage.  The best protection for trojans, viruses, etc... is to install and keep up to date a good antivirus package and scan your drive regularly.
0
 

Author Comment

by:jasimon9
ID: 11744670
OK, I understand virus and spyware scanning.

Trying to be more specific: in addition to the firewall function of Zonealarm, there is also the program control function that prevents a trojan from "phoning home." Will the router firewall also prevent this through an open port?

It seems that Zonealarm does add a safety factor by requiring explicit permission for each new program.
0
Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

 
LVL 10

Expert Comment

by:dis1931
ID: 11744739
if this is your main concern then the software firewall is the only way to go as i know it.  However, I have never ran a software firewall and have never had a trojan, i keep my anti-virus up to date scan often and check for spyware adware often.  It keeps my PC clean.  If you never get one you don't have to worry about it calling home.  Just my preference i guess....i don't like to give access to all my programs from the software firewall and i causes too many problems on top of too much customizing especially since I rebuild my laptop and PCs often depending on what project i am working on at the time.
0
 
LVL 9

Accepted Solution

by:
tosh9iii earned 100 total points
ID: 11744820
Here's a comparison chart of some firewalls and antivirus software:

http://www.pcworld.com/resource/printable/article/0,aid,115939,00.asp
0
 
LVL 4

Assisted Solution

by:net_sec_guru
net_sec_guru earned 100 total points
ID: 11745058
If you are truly worried about a trojan "phoning home" then I would highly suggest that you do a defense in depth. Don't rely on a single entity to handle everything for you.

Set up your router with ACL's / restrictive policies.
Keep current A/V software on your machine - and regularly update the definition pattern files!
And use a personal firewall on your machine.

The personal firewall does not have to be ZoneAlarm. There are a number of free personal firewalls for your PC. In fact, XP has one on it by default (which will become a lot more flexible with SP2).

So I would recommend using both the router and firewall.

0
 
LVL 4

Expert Comment

by:net_sec_guru
ID: 11745066
And software firewalls do not specifically address trojans. This is something that a lot of A/V vendors are trying to accomplish and add to their products. This is signature based so it will only be as good as the definition pattern file that is on the A/V product (again a good reason to stay current!)
0
 
LVL 31

Assisted Solution

by:rid
rid earned 50 total points
ID: 11745590
Very generally, a router (ordinary home/small office thingy, doing NAT) will stop unrequested traffic from outside, thus protecting the LAN from spontaneous attacks. If the communication is initiated from within the LAN, even malicious traffic will be allowed inside. This problam calls for either an individual firewall on each machine or a router that can block even outgoing requests on supicious ports. Depending on how much you want to spend, the more advanced router is probably the best solution, as individual software firewalls on all machines do create a speed and stability problem instead.
/RID
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 50 total points
ID: 11745667
a seperate hardware firewall can't protect your trojan phoning home in general, and your software firewall on the same host can't do either (at least it can't be trusted > 80%, replace 80 by whatever you feel good).
The reason is simple: my trojan calls home on port 80 or 443.
Assuming that such a trojan is not that stupid running its own executable or dll, which will be detected (hopefully) by each persnal firewall. But if it is a plugin to your browser (like those "home page hijackers"), no firewall is able to detect it.
A special application level firewall might do it. Feel free to search the web to find a few claiming to be able to do so. :-]
0
 

Author Comment

by:jasimon9
ID: 11748285
Some really good comment is developing out of this question. It appears to be a relatively subtle or complex issue. Although I would prefer not to have to have the software firewall running on each pc, it appears that the current best practice (short of elaborate defense-in-depth) is probably to continue with some sort of software firewall in addition to the SPI router.

Based upon valuable comment from all, I am splitting points.
0
 

Author Comment

by:jasimon9
ID: 11748656
Also, the article provided by tosh9iii was comprehensive and very informative. Splitting only 125 so many ways is kind of disappointing, so I am going to increase the points to justify a 5-way split.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question