Is the Firewall still relevant today?

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
disabling WinFW to replace it by another is one thing , going without any FW at all is another.


You people only think about outbound connections, as if inbound attacks are inexistant...FW were made because inbound attacks were the first thing hackers learnt to do , it was the primary computer attacks .
I am all in favor of running a firewall, and I do so myself. I would never turn off my firewall. All I am saying is that the user should not place too much hopes on firewall protection.
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
You can't compare them, unless you never go online and hence you have no network, you need a FW.


There is no (and will never have ) replacement to a FW, every machine on the planet is behind a FW (software or hardware) , so this logic of FW-less is just fantasy.
How would you monitor (allow/block) inbound/outbound monitor connections without a FW? by calling Harry Potter?

Users like me goes "Sig-less" because we don't want a RT engine eating resources and a 300+mb database dropped on the HDD.
I go sig-less because i have other security mechanism to prevent infection on my system in a far better way.
There is no other networking mechanism to replicate the role of a FW. They may have other nomination but they are still FWs.

FW monitor programs, filter traffic, allow/deny any connections to specified IPs, monitors protocols, etc...
No other softs can do that. If it exist i would use it already.
Unwanted outbound connections attempts can be stopped by non-FW security softs. For example ReHIPS deny isolated program to connect internet but nothing more.
Unwanted inbound traffic only by software or hardware FWs.


As if both of them monitor inbound traffic... seriously...

Don't you think if FWs were useless, why every OS vendors (MS, Linux, Apple) would waste their time to make one for their OSes?
More and more i see people on forums having fantasist ideas without having a clue of what they are implying, just because they find a new piece of software pretending to do the impossible...

You are saying things over again. Here are my final answers

FW without bells and whistles like HIPS/BB/SB/AV and other network protection features which form the IDS/IPS is out of favor nowadays.

As regards inbound attacks like by hackers, DDoS, bots etc how often does these apply to the normal home users?

If you are using legit programs what traffic is there to monitor? Out they go and In they come. Just accept that, no?

How many users with FW on their computer will constantly see and monitor FW traffic?

Home users are primarily more concerned with malware infections, spamming, phishing etc over the mentioned FW attacks.
 
Last edited:
  • Like
Reactions: bribon77 and shmu26

roger_m

Level 41
Verified
Top Poster
Content Creator
Dec 4, 2014
3,014
Do you want to use CFW if it doesn't come with HIPS/SB/BB?
I wouldn't use it either way. I prefer to use Windows Firewall over third party ones. At the moment I'm using a trial of Panda Global Protection, which includes a firewall. But, more than likely when the trial expires, I'll switch to free version and use Windows Firewall.
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
I wouldn't use it either way. I prefer to use Windows Firewall over third party ones. At the moment I'm using a trial of Panda Global Protection, which includes a firewall. But, more than likely when the trial expires, I'll switch to free version and use Windows Firewall.
It's up to the user in wanting to use or not a FW like I said

I just merely present another view of having a security system without using one. That's all.
 

roger_m

Level 41
Verified
Top Poster
Content Creator
Dec 4, 2014
3,014
I just merely present another view of having a security system without using one. That's all.
Yes, but I still don't understand your reasoning. Having Windows Firewall enabled, will usually have zero impact on your day to day usage. There are plenty of times in the past when using Windows 7, when I've used no antivirus, have disabled Windows Defender as well as UAC, and have done absolutely nothing at all to harden my system, block ads or malicious sites etc. But I've always kept Windows Defender enabled.
 

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
If software firewall isn't needed nowadays, Microsoft would remove it from Windows, and Linux distro's wouldn't come with some. Scenario without firewall at all is like you are letting everyone come into your house whenever their intentions are malicious or not.
 
5

509322

A user may do as they wish and use a firewall or not use one. In some attacks, the only indicator that something is amiss is an outbound firewall notification.

There are different philosophies when it comes to firewalls just like anything else IT security related. Some think a firewall is only to protect against inbound attacks (hacker) while others think a firewall is needed to protect against outbound attacks (malware).

If your system always sits behind a decent NAT router that is properly configured, then there isn't much to worry about as the risk is low. However, if the system is connected directly to the internet then it is at high-risk without a firewall.

It's just not a good idea to go naked without a firewall, but everyone has the right to do as they see fit. It is certainly not a recommended best practice.
 
D

Deleted member 178

FW without bells and whistles like HIPS/BB/SB/AV and other network protection features which form the IDS/IPS is out of favor nowadays.
Who cares if a basic FW is out of favor? People need a FW whatever the form it takes.

As regards inbound attacks like by hackers, DDoS, bots etc how often does these apply to the normal home users?
Because normal users aren't the main target, they don't need it.? come on... your logic is absurd.
Because i'm not a F1 pilot and i drive very slowly, so i will surely never crash against a wall , so i dont need an airbag and a seatbelt? really? :rolleyes:

If you are using legit programs what traffic is there to monitor? Out they go and In they come. Just accept that, no?
How do you know what your so called "legit" program do in the background?
There is plenty of story where "legit" program call home for no reasons and disclose your datas...wait ! what is the name?!!! ah yes TELEMETRY....and what if the dev goes rogue and decide to add a hidden backdoor or keylogging feature?
There is several stories where hackers replaced the legit installer from a legit honorable vendor by an infected one. Ask Linux Mint.
So you still don't need a FW?

How many users with FW on their computer will constantly see and monitor FW traffic?
User don't need to "see" or monitor with their very eyes, the basic FW does and report in the log (WinFW), others alert if something is suspicious (Symantec EP, ESET, etc...).

Home users are primarily more concerned with malware infections, spamming, phishing etc over the mentioned FW attacks.
Out of context, the debate is not "does user have to be concerned over using a FW" but "does a FW is relevant today?" and the answer is still YES.
Why Comodo is so popular today? because it started as the best 3rd party FW at his time, WinFW on XP/7 sucked greatly.
You wanted a solid network protection, you had to go with Zone Alarm, Comodo, Outpost or Online Armor.

Seems you are denying the need of a FW because you discovered Hacker Detterent , but dont you know that it need the Windows Filtering Platform which is the basis of any network filtering software on modern Windows?
WFP is the chassis, Firewalls or other apps are the body.
Hacker Detterent is only about outbound stuff; so basically useless against any inbound threats.

Anyway, in the end im sure you will end up with a FW , because everybody need it. Simple as that.
 
  • Like
Reactions: roger_m
D

Deleted member 178

If software firewall isn't needed nowadays, Microsoft would remove it from Windows, and Linux distro's wouldn't come with some. Scenario without firewall at all is like you are letting everyone come into your house whenever their intentions are malicious or not.
You know all the nonsense we have in security forums, one of the most common are those people having risky behaviors because they just want brag about "i dont need to use this , do i look awesome?"...
Like some guys going sig-less without a clue how to protect themselves properly afterward and get infected or broke their system the next day... hilarious...
 
F

ForgottenSeer 58943

My 2c on this..

Endpoint Firewall's aren't all that amazing these days. Generally we find them useful for preventing INTERNAL attacks from other compromised machines or misbehaving devices. For example if you have a TIVO on your network it will spam your local machines with endless mDNS polls that should logically be blocked, hence, good for local use. Even if you have vLANs you can still have devices that execute a local attack or probe on the same subnet a software firewall will usually block... Second, an endpoint firewall is VERY useful if the device is portable and leaves the relative safety of your local network.

I actually don't believe a Simple-NAT router is sufficient in the modern age. NAT isn't what it used to be, you can find many papers that discuss that including how the NSA/CIA bypass NAT to identify people internally at an Internet Cafe, etc. What everyone really needs is some sort of UTM/NGFW on their gateway - a staple of the corporate/enterprise world for decades but becoming a necessity in the home. There is a reason Bit Defender, F-Secure, Norton, Kaspersky and others are ALL releasing home UTM/NGFW routers in the next year (or already released them). Blended environments require something more than Simple-NAT.

Most of the newer appliances also handle outbound protection, further rendering endpoint FW's less important as long as they are situated behind your UTM on the gateway. However a UTM/NGFW on your gateway won't prevent local misbehaving or attacking devices on the LAN unless you isolate ports for segregated subnets with security policy traversal between local subnets w/UTM features on those policies. (but that's a different topic) My Fortigate appliance has extensive outbound protection and logging, I don't really have to use a software firewall so I leave WFW on, that's it.

For the majority of consumers - yes - use a software firewall. IMO. It's another threat protection layer, and often the only one that may trigger for some threats...
 
Last edited by a moderator:
  • Like
Reactions: Parsh and tonibalas

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
My 2c on this..

Endpoint Firewall's aren't all that amazing these days. Generally we find them useful for preventing INTERNAL attacks from other compromised machines or misbehaving devices. For example if you have a TIVO on your network it will spam your local machines with endless mDNS polls that should logically be blocked, hence, good for local use. Even if you have vLANs you can still have devices that execute a local attack or probe on the same subnet a software firewall will usually block... Second, an endpoint firewall is VERY useful if the device is portable and leaves the relative safety of your local network.

I actually don't believe a Simple-NAT router is sufficient in the modern age. NAT isn't what it used to be, you can find many papers that discuss that including how the NSA/CIA bypass NAT to identify people internally at an Internet Cafe, etc. What everyone really needs is some sort of UTM/NGFW on their gateway - a staple of the corporate/enterprise world for decades but becoming a necessity in the home. There is a reason Bit Defender, F-Secure, Norton, Kaspersky and others are ALL releasing home UTM/NGFW routers in the next year (or already released them). Blended environments require something more than Simple-NAT.

Most of the newer appliances also handle outbound protection, further rendering endpoint FW's less important as long as they are situated behind your UTM on the gateway. However a UTM/NGFW on your gateway won't prevent local misbehaving or attacking devices on the LAN unless you isolate ports for segregated subnets with security policy traversal between local subnets w/UTM features on those policies. (but that's a different topic) My Fortigate appliance has extensive outbound protection and logging, I don't really have to use a software firewall so I leave WFW on, that's it.

For the majority of consumers - yes - use a software firewall. IMO. It's another threat protection layer, and often the only one that may trigger for some threats...
My intent is not about using hardware firewall. If you run a network at home very likely you'll need it but common home users don't require such hardware. You can don't even need a hardware firewall(or even a router) if your area is well covered by 4G LTE and you have a good 20GB or more monthly mobile data plan. In my country the just newly launched 4G LTE speed is 800Mbps. Is that fast enough or not as compared to other countries that I'm not sure.

My intent is more of whether a software firewall is needed on the PC/laptop.
 
Last edited:

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
@HarborFront you using Terra Privacy now? The app looks promising but not exactly easy to use I admit. I was leaning toward being convinced to try it but then I forgot about it and I believe it's not free. If you are using, do you like it so far? Simple and effective?

I can kind of see where you are going to consider TP possibly enough to replace the Windows firewall for you. To me it looks like a good app to add to Windows Firewall or Comodo for net control...sort of like Privacy Badger extension but with real-time monitoring and dynamic that way. Much more powerful...really almost a firewall. Yeah, I kind of see where you are going with that thinking but maybe your question is really about TP? idk, such as "is it powerful enough?"
 
F

ForgottenSeer 58943

My intent is not about using hardware firewall. If you run a network at home very likely you'll need it but common home users don't require such hardware. You can don't even need a hardware firewall(or even a router) if your area is well covered by 4G LTE and you have a good 20GB or more monthly mobile data plan. In my country the just newly launched 4G LTE speed is 800Mbps. Is that fast enough or not as compared to other countries that I'm not sure.

My intent is more of whether a software firewall is needed on the PC/laptop.

Yes I know, which is why I addressed endpoint firewall and said for most people, it's a good idea.

Mobile hotspots and cradles are an entirely different issue. I have a 300Mbps hotspot (unlimited) serving as a WAN2 failover for my primary with the WiFi on the hotspot disabled, and serviced by the same internal structure as the normal ethernet and policy control. (Cradled) But that's me, I don't consider 4G LTE to be magically well secured anymore than I do cable.
 
  • Like
Reactions: HarborFront

kamla5abi

Level 4
Verified
May 15, 2017
178
You are saying things over again. Here are my final answers
1) FW without bells and whistles like HIPS/BB/SB/AV and other network protection features which form the IDS/IPS is out of favor nowadays.
2) As regards inbound attacks like by hackers, DDoS, bots etc how often does these apply to the normal home users?
3) If you are using legit programs what traffic is there to monitor? Out they go and In they come. Just accept that, no?
4) How many users with FW on their computer will constantly see and monitor FW traffic?
5) Home users are primarily more concerned with malware infections, spamming, phishing etc over the mentioned FW attacks
.
1) FW without bells and whistles like that are simple software firewalls who's only job is to monitor incoming/outgoing network connections. Windows FW is like that. What other category of software can monitor incoming/outgoing connections? Wireshark? others? they might see traffic but do nothing to stop traffic that is not allowed by the user.

2) You keep saying "how many inbound network attacks apply to normal home users" but you seem to think normal home users are somehow flying under the radar o_O what is your logic for that statement? Many victims of botnets ARE home users too. Especially weakly secured IoT devices despite being behind a router. Or even the router itself is vulnerable to exploit(s). How many home users do you think check for router firmware updates regularly and actually update the firmware? You are right that many home users dont bother looking at FW logs to see port scan attempts etc but thats because they dont need to, they leave it up to the FW to block malicious port scan etc attempts. A lot of cases the router will block port scan attempts by malicious users and they will move on to easier targets, which are likely other home networks that are misconfigured or unpatched against known exploits. It is likely that targeting a home user will be more fruitful to "hackers" because home users are more likely to have low protection or misconfigured protection or (biggest one i think) unpatched software vulnerable to exploits or unpatched router firmware vulnerable to exploits.

You think only corporate/enterprise networks are targetted by malware writers or "hackers" ?? Most enterprise networks have IT security personnel employed to patch software and actively monitor networks for weird looking things. A lot harder to compromise the corp network than a home network who's admin password is the default password "admin" or something like that...which happens quite a bit (just google for network attack campaigns where some security researcher discovered this themselves...)

3) Remember Petya ransomware? It was a compromised update to a legit software MEDoc or something like that. How many other legit programs have been compromised in some way? It is not uncommon for legit software to become compromised by malicious intent... How many PDF or DOC files are weaponized and use MS office/word or Adobe? legit software that is connecting over network protocols to the internet to C&C server to download the malicious payload....

4) Probably not many home users will look at FW logs to see what happened because they depend on FW to keep them safe. They are not interested in looking at logs to see what is going on. They just assume FW will keep them safe regardless of what is going on. You or I or others here might look at ours but that is because we are not average joe who just wants internet to work while they watch youtube videos or netflix etc. If they have no FW at all then those users are wide open to port scans that are made every day.
Look at this:
46.239.104.127
186.210.127.116
89.153.27.124

5) Malware infections USE the network protocols to either spread to other computers on the network (wannacry or other worms etc) or USE network protocols to connect to C&C servers to download payloads or upload your encryption key or whatever. Without FW that will block connections that are known malicious or known exploited the user is fully exposed. If a user doesnt have any form of software FW then what is looking at the network protocols traffic and allowing/disallowing that based on rules?

Do you want to use CFW if it doesn't come with HIPS/SB/BB?
You brought up Comodo FW, and users use Comodo FW because it performs that simple task of FW AND has HIPS/SB/etc so it performs more than 1 function. You could ONLY use Comodo FW setup properly (ex, CS settings) then be sufficiently protected without using any other security software. Why? It monitors network protocols traffic and allows/disallows at per rules AND performs other security functions.
My intent is not about using hardware firewall. If you run a network at home very likely you'll need it but common home users don't require such hardware. You can don't even need a hardware firewall(or even a router) if your area is well covered by 4G LTE and you have a good 20GB or more monthly mobile data plan. In my country the just newly launched 4G LTE speed is 800Mbps. Is that fast enough or not as compared to other countries that I'm not sure. My intent is more of whether a software firewall is needed on the PC/laptop.
you know phones or tablets or laptops with SIM card capabilities connected to 4G LTE cell tower networks still have an IP address right?
anything that has IP address can be scanned for vulnerabilities or exploits etc
I would say phones are even easier targets because they connect directly to internet not behind routers
how many google play apps have been found to secretly be spyware or malicious in some way?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top