The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
Is not having a firewall THAT big of a deal?
Xeno
Registered User regular
Registered User regular
So I have a cable internet connection and all my computers have never had a firewall. Seems like a lot more hassle then it's worth. Stuff not going through, having to open ports, etc.
But I am wondering, is it really necessary to have one? I have never had any problems with hackers or anything.
Is my computer being raped 24/7 here and I am unable to see it?
If I were to get a firewall, what's a good, free one?
But I am wondering, is it really necessary to have one? I have never had any problems with hackers or anything.
Is my computer being raped 24/7 here and I am unable to see it?
If I were to get a firewall, what's a good, free one?
Xeno on
0
Posts
As long as you don't have any reason to be attacked to begin with, it really shouldn't happen. Practice safe browsing and I wouldn't forsee you having too great of a problem.
Guess what? A router typically has firewall functionality built-in. Even if it doesn't, the nature of NAT (how it lets multiple computers connect at once) essentially cock-blocks most forms of attacks.
Having a computer "naked" on the internet without a firewall, if you're using Windows anyway (any version), is a VERY bad idea. It is probably the #2 method of spammers taking command of unsuspecting home computers to send out millions of e-mail messages a day. #1 being people opening random attachments that have trojans embedded in them.
If you have a router hooked up, you generally don't NEED a software firewall (e.g. Windows Firewall, ZoneAlarm, etc.), but they can give you peace of mind I suppose.
Attacks on unfirewalled computers are rarely some hacker going "i'm gonna git ur bank infos lol" it's usually an automated worm virus (even some that started back before Windows XP came out are still going!) bouncing around replicating around the internets.
Likewise, anti-virus may seem unneeded "I don't open files lol i'm not a newb" doesn't make you safe. You can still get them and not know it.
TL;DR - firewall and anti-virus are pretty much required for windows users. period.
SC2 NA: exoplasm.519 | PA SC2 Mumble Server | My Website | My Stream
Wrong. If you don't know what you're talking about please refrain from giving advice.
As exoplasm said, anti-virus and firewall are pretty much required for all windows users.
There are literally millions of bot computers online that are randomly port scanning and poking around for vulnerabilities. Home computer users are especially vulnerable because they tend to feel "safe," primarily due to common misconceptions such as the one explained by The Prime, so they don't bother with installing anti-virus software and firewalls.
Anyway, while a router firewall will stop most such attacks, it won't stop all of them. That's why having a personal firewall (i.e. software firewall) is a good thing. Having an extra layer of protection never hurts. Even if you don't have any confidential files on your computer, they can still gain control of it (make it a "bot") and use it to do a variety of malicious stuff, like denial of service attacks.
Without a firewall you will not be notified of any of this.
As long as you practice safe-surfing (this includes not using Outlook or Internet Explorer) and are connecting to the internet through a router, you really don't need any software protection at all.
When I was taking a Network Security class at school, I ran a test. Built a machine from scratch, installed Windows with Service pack 2, then connected it to the school's network with only an intrusion detection software installed (so I could see what was going on).
The machine was attacked on the 23rd second of plugging it into the network. By the end of the 2nd minute it was fully compromised. And this is a school network we're talking about, with a shit-ton of network security protocols/policies/firewalls etc. in place in the background.
And trust me, this is much worse for home networks, where the only defense between you and the outside world is a router's firewall.
For viruses I would say you're right, safe-surfing eliminates the risk almost entirely. Against malicious Internet activity though, it doesn't.
Cool. I was wondering as well. I use Firefox, normal hotmail acount, do not download teh pr0n from weird places, and do not use shit like limewire or kazaa.
Am I in the safe zone?
You need *something*, whether it's hardware or software. As has been said previously, there are hundreds of thousands of compromised machines online scanning for potential victims constantly.
Yes, it's a hassle. You know what's more of a hassle? Losing all the data on your hard drive when you have to rebuild your system because someone found it on the internet, infected it, and started using it to send spam and collect the credit card numbers you enter when you do online shopping.
I use an anti-virus too (AVG Free), even though the last time I downloaded an infected file unintentionally was in about 1998. Again, the hassle of having to rebuild after an infection is more than that of keeping AVG Free up to date. I turn off all of its in-memory scan type stuff, and scan things I'm paranoid about, to keep its system impact minimal.
http://www.thelostworlds.net/
http://free.grisoft.com
No real reason not to have it. No reason except "I have XP64," anyway.
Looks like they have spyware software now too, interesting.
First off, I think your over reacting when you say that in 23 seconds or less, a Home PC will be under attack. I also am wondering, was it just plugged into a normal network, or a network from the class with a bunch of malicious bots set up against it to test it out? If so, well then no duh it was comprimised. Why not just download porn until you get a virus and then complain that downloading porn leads to viruses. :?
I side with the folks who advocate safe surfing. Even with a firewall, and anti-virus, you still aren't 100% protected if you go around opening random email attachments, use IE & outlook, and download oodles and oodles of teh pr0n on Kazaa...
Anecdotal evidence FTW.
My anecdote demonstrates the existence of risk. Yours does not demonstrate the lack of risk. That's the difference.
Regardless, I'm not going to sit here and get into a pissing contest since it's really not possible to compare our respective expertise to figure out who knows more about information security.
What matters here is that it's inarguably better to err on the side of caution. That's just common sense at the most basic level.
Telling people they don't need anti-virus or personal firewall is bad advice though. You cannot determine what they need and what they don't need without knowing what they use those computers for, what sorts of assets they store on there, the time and money it will cost them to fix a potential damage, etcetera. For the average user these may not matter much, but are still worth considering as nobody wants to bother with the hassle of replacing hardware parts or losing data because they were too lazy to install a few software as precaution.
Oh, did I tell you you might be legally liable if your unprotected computer gets compromised and is used to cripple critical infrastructure or public/private property? Yeah, case studies can be revealing.
A while back some security people did a test with Windows XP (SP1 I think). They installed it, booted it up, and then plugged it into a cable modem or dsl modem... basically naked on the internet. 11 seconds later it was compromised with worms and spam bots.
SP2 only takes twice as long.
So yes a home computer can certainly be subject to such attacks... this is the internet... i.e. the entire world's network. Don't think you're safe plugging directly into your modem. EVER.
For those of you thinking using "nothing but a router" is the same thing, it's not. You get a vast amount of protection from just that over someone who is using a computer and modem with no router, even with Windows Firewall turned on they are not as safe as someone with a router.
SC2 NA: exoplasm.519 | PA SC2 Mumble Server | My Website | My Stream
In fact, anti-virus software has given me way more problems than viruses ever have.
I would argue that it is if the computer is running Windows, and is connected to the internet without any sort of buffer. I was going to mention the 11 seconds thing as evidence, but exoplasm beat me to it.
NAT provides a bit of protection, but if you have any port forwarding set up, e.g. for BitTorrent, and have made use of it for any length of time, I guarantee that it's been scanned by other machines. A trained monkey could set up nmap to scan a range of IP addresses for services. In fact, even back in the early part of this decade when I *did* have ZoneAlarm installed, the port scans were constant.
http://www.thelostworlds.net/
Regardless, I glanced at my Firewall's logs just now and saw that since this morning, there have been 150 blocked connection attempts, and I haven't been home much at all today, so I've not been actively surfing. My IDS (Intrusion Detection) has logged 20 events today, half of which were worm propagation attempts. This tells me that AV software may not be a bad idea if you're not protected by a firewall, as worms can infect systems easily without the end-user knowing. I'm not trying to scare anyone, but I'm happy to err on the side of caution when it comes to net security.
Still, to echo the other posters, the least you should do is to install a router. They're dirt-cheap, so there's really no good reason not to have one. - EDIT: Which I would guess you already have done, if you say "All of my computers".
I don't believe it - I'm on my THIRD PS3, and my FIRST XBOX360. What the heck?
Unless you're some super paranoid person.
If you aren't behind either a router or a software firewall, then you should be.
You may not think your computer has been compromised, but it's not like hackers/bots openly flaunt the fact that your computer was just taken over.
most of all, most of all
someone said true love was dead
but i'm bound to fall
bound to fall for you
oh what can i do
Anyway is the basic Windows Firewall secure enough?
Satans..... hints.....
In my opinion? No. Defeating Windows Firewall is like punching through paper: it's easy for anyone who knows how to throw a punch.
The only use I have found for it is when I'm trying out new personal firewall software and I'm in the "transition" phase; i.e. uninstalling one and installing another, and I need something to temporarily defend my computer. I wouldn't rely on it on a permanent basis though.
What I MEANT to say was that I never had a firewall on any of my PAST computers. I currently only have one computer and no router. I never had one.
I do have AVG though as that seems pretty easy to set up. Just set it and forget it.
But I have never had a firewall before. I just keep reading on the internet about people having problems playing games, going to certain sites, downloading, etc. and having to open this port, or enter this ip, or whatever. Dunno, just seemed like a lot of hassle with something I have never had a problem with.
But then I hear about stuff like people getting multiple connections to their computer in a matter of minutes and I'm wondering what exactly would be happening to my computer over these past months. Thousands of connections?
But it seems like people are kinda split so I don't know. If someone could perhaps recommend a free one, that would be great. I could try it out and if I don't like, I could just uninstall it.
Sorry, Than, but you're wrong here. Even a WinXP box with SP2b is susceptible to attacks unless you're behind a properly configured router.
Now you very well may be behind a properly configured router, but your average Dlink/Netgear/Linksys router right out of the box is a poor excuse for a hardware firewall.
You put any WinXP box directly onto the internet with zero protection and you WILL get compromised. Depending on your IP scheme, it may be seconds, it may be days, but you WILL have problems. There are countless reports on this very topic. It becomes even more of a problem if you browse with IE.
Antivirus and Firewalls are not a necessity, but they are extremely wise if you're running Windows and are connected to the internet. However, hardware firewalls are significantly more safe than software ones. In other words, get a router. Besides having a firewall, they make handling internet connections significantly easier among multiple computers, as they don't have to deal with sharing or bridging or any of that -- they're made to do what they do.
The problem with all of the speculation going on in the thread is that it only takes ONE successful attack attempt to screw you over (if you're running Windows). You can get by with Windows Firewall set to "high," or other free solutions. Ultimately, it's easiest to simply buy a router for $20 and have it do the work for you. Or spend a little more and go wireless.
Having antivirus set up and scanning is a good start, as it will detect most things before they get out of control. But having a good hardware firewall usually means you don't even need to worry about it. Do you need it? No. But you're on the internet, so not having one could easily lead to problems if you're not extremely, extremely careful. Or own a Mac or run Linux.
If you're not using any anti-malware software, how do you know you don't have any malware?
"I don't need anti-mal/spy/ad-ware because I never get that stuff."
"I don't need a firewall cause I'm not a target."
I used to believe this years ago. Then I got a good real-time virus scanner (protip: norton and mcafee don't count) and learned the follies of my ways.
No matter how careful you are, you can still get viruses and other ungood things on your computer without knowing it. They are very good at hiding, that's why they are so prevalent to this day. People either don't notice or don't care.
Don't be one of those people.
Please stop arguing that anti-virus and anti-malware and firewalls are not needed.
It is true that these measures won't protect you 100%. But you know what?
The ONLY 100% surefire way to protect your computer is to NOT plug it in to anything.
SC2 NA: exoplasm.519 | PA SC2 Mumble Server | My Website | My Stream
Worst I've ever found was a few tracking cookies.
There are a few things going on here that need to be settled. The first being the university test you ran and getting malware on your computer. The truth is, it's a college, it's got tons of information flowing to it and I bet it's pretty high up on any list people run to probe for open/vulnerable computers. The fact of life is any major college campus is constantly poked and prodded by any number of worms, viruses, or other malicious stuff. To use this as an anecdotal proof of the fact that firewalls/virus scans are necessary just seems a little silly.
That leads directly to my next point: How prevalent is your ISP? If you're using someone very, very big like Adelphia, you're begging to have their entire range of IPs bombarded by any number of things again because they're big time and people are more likely to do it this way instead of just randomly popping around looking for every mom and pop computer on the internet.
I think its important to look at this kind of thing anytime you do any sort of test like this. I know of people who are just fine without a firewall or anti-virus because they're not in a "popular" network for this kind of stuff. That said, I think it's a bad idea to not have anti-virus installed and some sort of protection from foreign intruders. That said, they're not always necessary for safe internet computing.
No, that's already taken into account. A reasonable assumption is that if it's just a matter of seconds for a computer connected to a college network to get compromised, it's going to be a matter of hours, or maybe a few days, for a home computer to get compromised. There are tons of calculations and risk assessments done on this subject, details of which I cannot get into here (because it's boring and I don't feel like digging up my books).
There are two important things that matter here:
1- No matter how long it takes for a home computer to get compromised, when it finally is, it's a pain in the ass (and you won't find out about it unless you scan regularly, and not every threat that is found can be removed safely).
2- Having any personal firewall is better than having none. Having any ant-virus software is better than having none.
For the purposes of what the OP is asking, the rest is just details.
Hacking is so advanced these days that they don't even need a person to carry it out, they just have scripts portscanning ranges of ip addresses ready to unleash the fury (or "furry," if you will) on unsuspecting computers.
It always takes me a few moments to disable all the notifications that keep popping up, but my firewall is protecting my system all the time. Since I'd rather run my computer on the DMZ (direct ip connections with my bro in France, P2P, general "I don't wanna fuck with port forwarding"ness), I never go without software protection.
The added start time/cpu usage is absolutely negligable unless you're running a Pentium II and all files I download are instantly scanned for virii, way before I can even navigate to them to open them. It's happened to me on an occasion or two where a file I'd download (or inadvertently download) would contain an actual olde-schoole virus or simply malicious code, and my virus scanner would catch it before I'd even realize it.
The only drawbacks: Email scanning scans all the emails I send regardless of whether or not I check the "scan outgoing emails" button and my system initiates an automatic virus scan every Friday night. The latter could probably be disabled, but with dual-core and multiple SATA drives in RAID, I don't even notice it save for the blinking taskbar bar and added HD activity sound.
So, OP, you've probably already decided not to run a firewall. So be it. But your system will be compromised sooner or later. It's like having sex without a condom. Except your chances of infection or compromise are much greater.
Sure you may feel good doing it, and you can brag to all you buddies about how you never got your girl pregnant or caught anything.
But the moment things fail you don't have anyone to blame but yourself.
Seriously, take the couple % at best hit in processing power and the couple moments it will take to get things set up. It's worth your time even if you think you are safe.
Zone alarm?
If you're behind a router and you have more users on the LAN than yourself then there's a chance that the other person will do something stupid and get infected and then your as open to attacks from that system as in the above instance (I don't mean that your mom will hack your PC - but a worm on her PC can try to do that).
Otherwise a router with NAT will separate you from the internet so you'll only get traffick that you actually asked for, unless you're running some server and forwarded a port to your PC, but even then, if you use an uncommon port, the chances of someone using it are low.
The other nice thing about software firewalls is that you can monitor and control internet access of the programs on your PC - this makes spotting adware/spyware easier and can help you protect your privacy with normal programs that like to "phone home" for no good reason.
Some firewalls can also filter the internet content that gets downloaded - the can block ads or active content from untrusted sites.
An anti-virus might not be needed, but OTOH it only uses a few MB of memory and an unnoticeable amount of processing power.
Good free firewalls I'm aware of:
Outpost Firewall Free
Sygate Personal Firewall
Good AV software I know of:
Avira AntiVir
AVG Free
avast!
At night, the ice weasels come."
If you have a router already, this part is covered. Then just worry about AV software.
If you do not have a router, it would be pretty good to invest in one... it's dirt cheap and pretty reliable. Otherwise, I use and older sygate firewall that I think is still available for free D/L. It's decent, but I'm sure there are more recent offerings that are as good/better for free and/or cheap.
I use Norton for my av since it's kind of a requirement of my company (corporate version), but there are plenty of good free ones.
I, myself, can't even answer him. You've all just made me paranoid because all I've ever used was a router firewall (I just now turned windows firewall on) and Spybot.
[edit] Looks like someone is now helping him. He replied before I got mine out. :P
untruly yours, Saint Justin the Sluggard
If you're so confident in your browsing and computer-using abilities, why even bother?
Precisely.
Virus comes in, uses your computer for its nasty work and silently uninstalls itself when it's done. 3 weeks later, you do a scan and find no problems and think you're safe because you're an uber-surfer.
You think you're safe and clean and you're really not. Hell, I think I'm safe and clean, but for all I know, I could have a virus right now that's smart enough to hide itself from AVG. Fortunately, I also have a hardware firewall/gateway that monitors all traffic. 2 layers of protection.
You've grossly overestimated the security of computers nowadays, Than.
Next time I wisely downloaded SP2 on my other computer and installed it before hooking up the computer. Going without anti virus or firewall protection is just asking for trouble. It isn't a matter of if your system will be compromised but when.
As for me the windows firewall, my router and AVG have seemed to keep my systems out of trouble.
any ideas?
Or just get the free sygate one.
At night, the ice weasels come."