Is the Firewall still relevant today?

[HarborFront]

Hi

I'll like to get some feedback as to whether how home users feel about securing their computer WITHOUT a firewall.

In the early years a simple firewall provides the necessary perimeter defense. As the years gone by the simple firewall is no longer adequate to provide the necessary protection and has evolved to become the Next Gen Firewall incorporating many features like IDS/IPS, HIPS, arp protection etc to become more sophisticated in providing better protection.

But many malware still passes through and how often is a home user subject to computer attacks to justify the use of it.

So the question is do you still require a firewall? Or is it a good-to-have thing? If you DON't require it then what are the security software that can replace it?

Thanks

 

[AtlBo]

I would hate being without the ability to easily block outbound from an alert. Some malware can be completely stopped with an outbound block. All malware can be blocked from communicating after the fact with an outbound block.

Don't know much about IPS/IDS, but I like the idea of a higher degree of active monitoring from the firewall personally. Heimdal sounds interesting as a companion to browser usage...not sure if it incorporates IPS/IDS. Seems the video on the site mentions the paid version does but who knows how developed it might be at this point. HIPS with Comodo is partly network monitoring so it's relevant with that and other IS programs. Don't think Comodo has any or very little IPS/IDS protections (no sophisticated port scans or cues from the behavior module to auto-block etc). I have seen evidence from others that some of the firewalls can alert to outside attempts to find an open port. I think that's useful personally. Love to have it honestly. May be wrong but ESET is the main one I am thinking of here. Seems Emsisoft and Kaspersky likely do this too but idk.

End of the day, one thing I could see someone coming up with is a firewall that uses a site like IP Void in the way VoodooShield uses VirusTotal. Nice. I'd use that any day.

One thing I really want to see...100% separation between local traffic and extranet traffic in the presentation of firewall dialogs. I don't know how I would do this, but it would be great if they were monitored completely separately from each other and if the alerts for each type could be different from each other (easily distinguished). I can envision a dialog that would make it possible to easily establish what are local permitted devices so they could be easily configured permanantly in the firewall for a local network.

 

[Solarlynx]

Firewall with outbound control, when it asks or just default deny, gives additional layer of protection.

 

[HarborFront]

I would hate being without the ability to easily block outbound from an alert. Some malware can be completely stopped with an outbound block. All malware can be blocked from commicating after the fact with an outbound block.

Don't know much about IPS/IDS, but I like the idea of a higher degree of active monitoring from the firewall personally. Heimdal sounds interesting as a companion to browser usage...not sure if it incorporates IPS/IDS. Seems the video on the site mentions the paid version does but who knows how developed it might be at this point. HIPS with Comodo is partly network monitoring so it's relevant with that and other IS programs. Don't think Comodo has any or very little IPS/IDS protections (no sophisticated port scans or cues from the behavior module to auto-block etc). I have seen evidence from others that some of the firewalls can alert to outside attempts to find an open port. I think that's useful personally. Love to have it honestly. May be wrong but ESET is the main one I am thinking of here. Seems Emsisoft and Kaspersky likely do this too but idk.

End of the day, one thing I could see someone coming up with is a firewall that uses a site like IP Void in the way VoodooShield uses VirusTotal. Nice. I'd use that any day.

One thing I really want to see...100% separation between local traffic and extranet traffic in the presentation of firewall dialogs. I don't know how I would do this, but it would be great if they were monitored completely separately from each other and if the alerts for each type could be different from each other (easily distinguished). I can envision a dialog that would make it possible to easily establish what are local permitted devices so they could be easily configured permanantly in the firewall for a local network.

Most of the time we have strong protection against inbound attacks from malware in the use of other security software. As for inbound attack by hackers, like using DDoS, I think that's negligible to a home user.

How about using Terra Privacy and a whitelisting software like VS for outbound protection to replace the outbound protection of the firewall?

 

[Deleted member 178]

Inbound protection: you are at home , your router does the job + Windows FW does the job
Outbound protection: either you had a 3rd party FW or WinFW GUi apps or like me , you block all outbound connection by default and manually create rules on the fly.

 

[HarborFront]

Inbound protection: you are at home , your router does the job + Windows FW does the job
Outbound protection: either you had a 3rd party FW or WinFW GUi apps or like me , you block all outbound connection by default and manually create rules on the fly.

The thing is I want to get rid of the firewall (even Windows Firewall) and using other security software in place. Is it possible?

 

[Deleted member 178]

The thing is I want to get rid of the firewall (even Widows Firewall) and using other security software in place. Is it possible?

You can only "fully disable" it via an elevated command line:

netsh advfirewall set allprofiles state off

 

[HarborFront]

You can only "fully disable" it via an elevated command line:

netsh advfirewall set allprofiles state off

I meant totally disabled the Windows Firewall.

So any advise to replace a firewall with security software bearing in mind of inbound and outbound types of attacks/connections?

 

[Deleted member 178]

I meant totally disabled the Windows Firewall.
So any advise to replace a firewall with security software bearing in mind of inbound and outbound types of attacks/connections?

You can't and there is no valid reason to do so, WinFW can't be uninstalled/totally disabled without crippling the OS, its platform is needed by some 3rd party FW or applications.

When you use a 3rd party FW , it should disabled in WinFW what it is not needed.

 

[HarborFront]

You can't and there is no valid reason to do so, WinFW can't be uninstalled/totally disabled without crippling the OS, its platform is needed by some 3rd party FW or applications.

When you use a 3rd party FW , it should disabled in WinFW what it is not needed.

Correct. As long as I disabled the Windows Firewall it's as good as gone. What 3rd-party apps use the behind-the-scene rules of Windows Firewall is not my concern as long as there's no firewall in my system.

My system has Windows Firewall disabled and it's running fine. It's just that I need to find some right security software to take its place.

So can I do it?

 

[AtlBo]

Most of the time we have strong protection against inbound attacks from malware in the use of other security software. As for inbound attack by hackers, like using DDoS, I think that's negligible to a home user.

I don't think so. At least Windows firewall should be active.

Personally I prefer at least having simple alert based outbound control. I want to know what's leaving the PC. I would also value myself the knowledge that can be gained from knowing that something/someone is sniffing ports or attempting to gain access via an unusual method. Maybe this could help with a lateral attack on a home network in some cases. DDOS is a minimal risk 100% true.

How about using Terra Privacy and a whitelisting software like VS for outbound protection to replace the outbound protection of the firewall?

Guess it depends on the larger context of what else is on the system. If running Terra Privacy Avast and VS (no FW), maybe? I'd still go purchase a key for Binisoft myself. At the very least, I wouldn't turn off Windows firewall with this setup.

Correct. As long as I disabled the Windows Firewall it's as good as gone. My system has Windows Firewall disabled and it's running fine. It's just that I need to find some right security software to take its place.

Comodo Firewall disables the Windows firewall by default. Doesn't need it to be on. Not sure but I think Emsisoft Kaspersky ESET and a good many others turn off the Windows firewall too.

As @Umbra said...it's not fully off, but that could be confusing. As you see it can be disabled/turned off so that it doesn't filter by its rules.

 

[HarborFront]

I don't think so. At least Windows firewall should be active.

Personally I prefer at least having simple alert based outbound control. I want to know what's leaving the PC. I would also value myself the knowledge that can be gained from knowing that something/someone is sniffing ports or attempting to gain access via an unusual method. Maybe this could help with a lateral attack on a home network in some cases. DDOS is a minimal risk 100% true.

Guess it depends on the larger context of what else is on the system. If running Terra Privacy Avast and VS (no FW), maybe? I'd still go purchase a key for Binisoft myself. At the very least, I wouldn't turn off Windows firewall.

Comodo Firewall disables the Windows firewall by default. Doesn't need it to be on...

If I'll to use SRP, sandbox, anti-exe, BB/HIPS etc would that be good enough against incoming malware infections?

As for outbound connections, like I mentioned, would the use of Terra Privacy + VS(or something similar) be good enough?

If you want to see whether someone is sniffing your ports I believe you can use WireShark, SNORT etc to detect that, right?

BTW, Comodo Firewall is still a firewall, no?

 

[Deleted member 178]

My system has Windows Firewall disabled and it's running fine. It's just that I need to find some right security software to take its place.
So can I do it?

You can, just install a 3rd party FW.

 

[HarborFront]

You can, just install a 3rd party FW.

I think you don't get it. I said I don't want a firewall in my system.

Can it be done using the security software in the above post #12?

 

[AtlBo]

If you want to see whether someone is sniffing your ports I believe you can use WireShark, SNORT etc to detect that, right?

If you care to configure it yourself. Best security firewalls throw alerts over unusual port actvity.

As for outbound connections, like I mentioned, would the use of Terra Privacy + VS be good enough?

You might be OK but then this is universally considered a bad idea security-wise. I wouldn't consider going without firewall protection myself. Crooks are tricky and I've seen too much sketchiness from software...

 

[kamla5abi]

The thing is I want to get rid of the firewall (even Windows Firewall) and using other security software in place. Is it possible?

i thought i read somewhere that if you *completely* disable windows firewall then windows updates could have problems?

Most of the time we have strong protection against inbound attacks from malware in the use of other security software. As for inbound attack by hackers, like using DDoS, I think that's negligible to a home user.

How about using Terra Privacy and a whitelisting software like VS for outbound protection to replace the outbound protection of the firewall?

i dont understand the question, you want to completely disable/uninstall windows firewall but then use 3rd party software to perform the same function?
and this 3rd party software that has functions similar to firewall, but not actually be a firewall?
when you install security software that includes their own firewall windows firewall pretty much takes a back seat anyways AFAIK, no?
AFAIK only some type of network communication software will see/monitor network connections and allow you to stop that if you have it setup to prompt you, or default-deny... aka...firewall...which is what you dont want to use...??

I am no expert but i don't see how VS type of program can protect outbound network connections??
sure it will probably block the executable in the first place, so if thats blocked then it can't create any outbound connections i guess
but if the malware is allowed to run (either by user or exploit or else) then it won't stop network connections created by the malware (AFAIK)

why dont you want to run windows firewall?
if you don't like the GUI, theres apps to make it better/easier to use (but i'm sure you know that...)
so why try to reinvent the wheel? Just polish the wheel and make it better

Or do like @Umbra says and just default deny everything, and create rules to allow connections 1 by 1 lol

 

[HarborFront]

If you care to configure it yourself. Best security firewalls throw alerts over unusual port actvity.

You might be OK but then this is universally considered a bad idea security-wise. I wouldn't consider going without firewall protection myself. Crooks are tricky and I've seen too much sketchiness from software...

Unusual port activity like you are being DDoS or your nemesis is specifically targeting you? What is that probability to a home user?

Firewall is a great security protection layer for corporate but is it a necessity for home use like I stated in my opening post?

 

[Deleted member 178]

I think you don't get it. I said I don't want a firewall in my system.

This is nonsense... how can you come up with that foolish idea...seriously...
your router may stop some inbound attacks, but what about kernel backdoor...?

Can it be done using the security software in the above post #12?

no.

If I'll to use SRP, sandbox, anti-exe, BB/HIPS etc would that be good enough against incoming malware infections?

yes but not network attacks.

As for outbound connections, like I mentioned, would the use of Terra Privacy + VS be good enough?

for outbound connection monitoring, you need a FW , not an anti-exe or whatever.

If you want to see whether someone is sniffing your ports I believe you can use WireShark, SNORT etc to detect that, right?

worthless for home users. your NAT router will care of this.

BTW, Comodo Firewall is still a firewall, no?

Yes

 

[HarborFront]

i thought i read somewhere that if you *completely* disable windows firewall then windows updates could have problems?

i dont understand the question, you want to completely disable/uninstall windows firewall but then use 3rd party software to perform the same function?
and this 3rd party software that has functions similar to firewall, but not actually be a firewall?
when you install security software that includes their own firewall windows firewall pretty much takes a back seat anyways AFAIK, no?
AFAIK only some type of network communication software will see/monitor network connections and allow you to stop that if you have it setup to prompt you, or default-deny... aka...firewall...which is what you dont want to use...??

I am no expert but i don't see how VS type of program can protect outbound network connections??
sure it will probably block the executable in the first place, so if thats blocked then it can't create any outbound connections i guess
but if the malware is allowed to run (either by user or exploit or else) then it won't stop network connections created by the malware (AFAIK)

why dont you want to run windows firewall?
if you don't like the GUI, theres apps to make it better/easier to use (but i'm sure you know that...)
so why try to reinvent the wheel? Just polish the wheel and make it better

Or do like @Umbra says and just default deny everything, and create rules to allow connections 1 by 1 lol

What I meant is to use security software to protect against incoming malware infections.

I never say VS protects against outbound network connection.

Read my opening post again. It's for home user

 

[Deleted member 178]

What I meant is to use security software to protect against incoming malware infections.

They can't if they aren't firewalls LOL , they don't monitor traffic...
you don't want any FW on your system, buy a 5000$ hardware firewall or setup PFsense. via a proxy machine.