Hardware and Software Firewalls: Why have both?!?

Tycoonbrad

n00b
Joined
Mar 5, 2004
Messages
32
My father got a bad case of the Netsky virus. He something like 30,000 files infected. He had no idea his computer was being used as a peer-to-peer zombie. Thankfully, his ISP shut him down and told him he had a virus. I checked the machine with Stinger and got rid of all the viruses/trojans on his machine. He was under the assumption, as was I, that a hardware router was enough protection to stop torjans/viruses. I guess we were both wrong.

Can someone explain why you have to have a hardware router w/firewall AND a software firewall? His hardware router is an SMC with an SPI filtering firewall. Is it because the outbound protection is better with the software firewall?
 

Yogi

[H]ard|Gawd
Joined
Jun 23, 2001
Messages
1,863
Hardware firewalls are much harder to bypass than sofware firewalls, but they also don't know very much about what's going on on your PC. For this reason, a hardware firewall can't really be very good at blocking outbound traffic from your PC. The best reason to use a software firewall with your hardware one is to control what processes can access the internet. Firewalls like zonealarm have profiles that you create over time about which programs can access the internet and which cannot. A process needs your permission to access the net, and then it's up to you to know which programs should have a connection and what might be a virus.

By the way, along with firewalls, you need virus protection too. An up to date copy of a virus protection program could have caught that Netsky before it caused problems.

Firewalls (especially hardware ones) are not designed to stop viruses and trojans by themselves. Antivirus and Antitrojan programs are.

At a bare minimum you should have:
1. All windows security patches installed
2. Antivirus application with up to date definitions (Free ones like AVG are MUCH better than nothing)
3. A software firewall like zonealarm

And if you either have a hardware firewall in your router, or have an old machine that can be used as a smoothwall box, then running one of those is always a good idea also.
 

inzane123

Limp Gawd
Joined
Jul 19, 2001
Messages
446
I wonder I he picked this up some other way, like via email. The spi blocking on my firewall kept those virii out on my system. BTW, he needs to make sure that autoupdate is turned on so that he stays current.
 

Boscoh

[H]ard|Gawd
Joined
Nov 25, 2003
Messages
1,159
Yogi was pretty correct in his explanation.

Something that I would like to add is that some worms launch using the executable name of a commonly allowed program. For example, a worm's exe might be named WinWord.exe, or Notepad.exe, or svchost.exe. They do this to attempt to get around software firewalls that have policies which allow only certain executables to run. In an attempt to defeat this technique, some software firewalls and policy enforcers are now generating either an MD-5 or SHA-1 hash from the executable. If another program tries to assume the name of an allowed executable, it will have a different hash and will not be allowed to run.

You do need antivirus software as well, as others have said. A layered approach is the best one. A hardware firewall, software firewall, and good updated AV software should keep you pretty safe.
 

Tycoonbrad

n00b
Joined
Mar 5, 2004
Messages
32
Yogi, thanks for the information. You've given me a great framework to go by. Thanks!

One thing though...With all that security in place, what's the best method of getting games to work with all those layers? I was thinking of getting a hardware router like my fathers, and was wondering what's the best method to get the games to work? I host Game Voice and Battlefield all the time with Zonealarm running and have had no problem. My friend says he's never had to forward ports on his Linksys router for gaming. How is that possible? I thought you always had to forward ports on routers. He said he just has add's my IP as trusted in Zonealarm and he doesn't have to do anything with his Linksys router. Any idea's if I would have to open ports on the hardware router since I host?
 

IceWindus

n00b
Joined
Mar 8, 2004
Messages
10
I still won't install a NAV into my gaming computer as I am so horrendously picky about performance.

I'll probably end up paying for it, but careful websurfing, new email accounts, constant Windows updates and a firewall, i've been lucky so far the past 3 years of not getting attacked.
 

Yogi

[H]ard|Gawd
Joined
Jun 23, 2001
Messages
1,863
IceWind said:
I still won't install a NAV into my gaming computer as I am so horrendously picky about performance.

I'll probably end up paying for it, but careful websurfing, new email accounts, constant Windows updates and a firewall, i've been lucky so far the past 3 years of not getting attacked.

I run CA E-Trust antivirus with realtime filesystem scan always running and there is no difference with my 3dmark scores or game framerates with and without antivirus running.
Not all antivirus programs use as much ram as norton does.

Tycoonbrad- When it comes to getting games to work though layers, antivirus shouldn't interfere with games as all, and a software firewall should also let the game through every time one you set it to be allowed as a server. The only thing that might cause problems is the hardware firewall, and even that should hopefully work just fine with no configration issues. If it doesn't work, then searching the net for other people that have had problems with that specific game and firewall will probably give you a solution.
 

RanceJustice

Supreme [H]ardness
Joined
Jun 9, 2003
Messages
6,310
I strongly suggest the AVK Pro antivirus from www.extendia.com. It utilizes both the Kaspersky and RAV engines, which are amongst the highest rated around. It found malware on my machine that norton couldn't even pick up. Best of all, its very cheap and uses few resources (7k compared to NortonAV's 20 or so of RAM).

For a software firewall, I heartedly suggest Sygate Personal Firewall Pro. Its not as pretty as zone alarm or any of the "big names" but does a much better job allowing you to see EXACTLY what's going in an out. It also supports custom rules and blocklists. They also have a free version available.

Personally, I'm still looking for a good hardware firewall/router for personal use. I know that Netgear and Linksys both put out 802.11g 4 port routers with NAT and SPI.
 

IceWindus

n00b
Joined
Mar 8, 2004
Messages
10
Xaeos said:
I strongly suggest the AVK Pro antivirus from www.extendia.com. It utilizes both the Kaspersky and RAV engines, which are amongst the highest rated around. It found malware on my machine that norton couldn't even pick up. Best of all, its very cheap and uses few resources (7k compared to NortonAV's 20 or so of RAM).

For a software firewall, I heartedly suggest Sygate Personal Firewall Pro. Its not as pretty as zone alarm or any of the "big names" but does a much better job allowing you to see EXACTLY what's going in an out. It also supports custom rules and blocklists. They also have a free version available.

Personally, I'm still looking for a good hardware firewall/router for personal use. I know that Netgear and Linksys both put out 802.11g 4 port routers with NAT and SPI.

Aye, I just purchased a Linsys WRT54G and its working swell.
 
Top