Is the Firewall still relevant today?

[TairikuOkami]

So the question is do you still require a firewall? Or is it a good-to-have thing?

No, I am not using it for years, since Vista and I was testing XP with no firewall, no AV and no updates for a year and not a single malware, but I admit a firewall might be handy sometimes. Most firewall devs have discontinued their firewall products, because they have realized, it is useless. Unless you have a running application with open ports, all connections requests are dropped, just like with a firewall, there is no difference. Closed ports or stealthed ports, it is all the same. It all comes down, whenever you have trusted apps/software installed, but since people allow all of them in a firewall automatically, it makes no difference either. The same applies for the outbound. It might be handy to block a possible malware, but then means, you already have an infected computer, so you should rather focus on a prevention instead. Most ISP providers do not allow customers to have a public IP, so they are already behind routers.

If you DON't require it then what are the security software that can replace it?

Since firewall does basically nothing, a simple router would do, to stop inbound requests and unsolicited traffic, which might be causing slight performance issues.

Comodo Firewall's sandbox and HIPS are pretty much all, that is required to stop malware, firewall mode can be disabled of course.

 

[HarborFront]

No, I am not using it for years, since Vista and I was testing XP with no firewall, no AV and no updates for a year and not a single malware, but I admit a firewall might be handy sometimes. Most firewall devs have discontinued their firewall products, because they have realized, it is useless. Unless you have a running application with open ports, all connections requests are dropped, just like with a firewall, there is no difference. Closed ports or stealthed ports, it is all the same. It all comes down, whenever you have trusted apps/software installed, but since people allow all of them in a firewall automatically, it makes no difference either. The same applies for the outbound. It might be handy to block a possible malware, but then means, you already have an infected computer, so you should rather focus on a prevention instead. Most ISP providers do not allow customers to have a public IP, so they are already behind routers.


Since firewall does basically nothing, a simple router would do, to stop inbound requests and unsolicited traffic, which might be causing slight performance issues.

Comodo Firewall's sandbox and HIPS are pretty much all, that is required to stop malware, firewall mode can be disabled of course.

Thanks

I can see you are light years ahead of me.

So it's confirmed the firewall in CFW can be disabled? In that case I can just use its HIPS, SB and BB for protection.

 

[HarborFront]

Yes I know, which is why I addressed endpoint firewall and said for most people, it's a good idea.

Mobile hotspots and cradles are an entirely different issue. I have a 300Mbps hotspot (unlimited) serving as a WAN2 failover for my primary with the WiFi on the hotspot disabled, and serviced by the same internal structure as the normal ethernet and policy control. (Cradled) But that's me, I don't consider 4G LTE to be magically well secured anymore than I do cable.

If your devices are running behind a VPN with multihops and/or Tor then you should be pretty safe

 

[HarborFront]

@HarborFront you using Terra Privacy now? The app looks promising but not exactly easy to use I admit. I was leaning toward being convinced to try it but then I forgot about it and I believe it's not free. If you are using, do you like it so far? Simple and effective?

I can kind of see where you are going to consider TP possibly enough to replace the Windows firewall for you. To me it looks like a good app to add to Windows Firewall or Comodo for net control...sort of like Privacy Badger extension but with real-time monitoring and dynamic that way. Much more powerful...really almost a firewall. Yeah, I kind of see where you are going with that thinking but maybe your question is really about TP? idk, such as "is it powerful enough?"

Not yet but I have read all the pages here and at Wilders. I think it's still beta. Wait for it to release and I'll trial it. Also, looks like supporting only Chrome and FF browsers. A problem for me if that's true.

I can see it's a good software and can replace the outgoing function of a FW. It'll be a great combo with VS. I can see the outgoing call in company's names which will make my job easier rather than looking at outgoing IP addresses and need to look them up to their destination as in a FW.

 

[HarborFront]

1) FW without bells and whistles like that are simple software firewalls who's only job is to monitor incoming/outgoing network connections. Windows FW is like that. What other category of software can monitor incoming/outgoing connections? Wireshark? others? they might see traffic but do nothing to stop traffic that is not allowed by the user.

2) You keep saying "how many inbound network attacks apply to normal home users" but you seem to think normal home users are somehow flying under the radar what is your logic for that statement? Many victims of botnets ARE home users too. Especially weakly secured IoT devices despite being behind a router. Or even the router itself is vulnerable to exploit(s). How many home users do you think check for router firmware updates regularly and actually update the firmware? You are right that many home users dont bother looking at FW logs to see port scan attempts etc but thats because they dont need to, they leave it up to the FW to block malicious port scan etc attempts. A lot of cases the router will block port scan attempts by malicious users and they will move on to easier targets, which are likely other home networks that are misconfigured or unpatched against known exploits. It is likely that targeting a home user will be more fruitful to "hackers" because home users are more likely to have low protection or misconfigured protection or (biggest one i think) unpatched software vulnerable to exploits or unpatched router firmware vulnerable to exploits.

You think only corporate/enterprise networks are targetted by malware writers or "hackers" ?? Most enterprise networks have IT security personnel employed to patch software and actively monitor networks for weird looking things. A lot harder to compromise the corp network than a home network who's admin password is the default password "admin" or something like that...which happens quite a bit (just google for network attack campaigns where some security researcher discovered this themselves...)

3) Remember Petya ransomware? It was a compromised update to a legit software MEDoc or something like that. How many other legit programs have been compromised in some way? It is not uncommon for legit software to become compromised by malicious intent... How many PDF or DOC files are weaponized and use MS office/word or Adobe? legit software that is connecting over network protocols to the internet to C&C server to download the malicious payload....

4) Probably not many home users will look at FW logs to see what happened because they depend on FW to keep them safe. They are not interested in looking at logs to see what is going on. They just assume FW will keep them safe regardless of what is going on. You or I or others here might look at ours but that is because we are not average joe who just wants internet to work while they watch youtube videos or netflix etc. If they have no FW at all then those users are wide open to port scans that are made every day.
Look at this:
46.239.104.127
186.210.127.116
89.153.27.124

5) Malware infections USE the network protocols to either spread to other computers on the network (wannacry or other worms etc) or USE network protocols to connect to C&C servers to download payloads or upload your encryption key or whatever. Without FW that will block connections that are known malicious or known exploited the user is fully exposed. If a user doesnt have any form of software FW then what is looking at the network protocols traffic and allowing/disallowing that based on rules?


You brought up Comodo FW, and users use Comodo FW because it performs that simple task of FW AND has HIPS/SB/etc so it performs more than 1 function. You could ONLY use Comodo FW setup properly (ex, CS settings) then be sufficiently protected without using any other security software. Why? It monitors network protocols traffic and allows/disallows at per rules AND performs other security functions.

you know phones or tablets or laptops with SIM card capabilities connected to 4G LTE cell tower networks still have an IP address right?
anything that has IP address can be scanned for vulnerabilities or exploits etc
I would say phones are even easier targets because they connect directly to internet not behind routers
how many google play apps have been found to secretly be spyware or malicious in some way?

1) and 2) - Have you been subject to inbound attacks before like being DDoS, have botnet taking control over your computer, being targeted by hackers etc? If targeted by hackers very likely must be by your nemesis taking revenge. Unlikely to be of ransom or to purposely bring down your system by a competitor or mass destruction like in a corporate environment

3) If you download your software from the developer's site and such software are reputable and legit then such software should be safe to use otherwise you should not be installing their software if you cannot trust the developers. Compromising a developer's site and tainting its software is something nobody can avoid until the problem's being found. Can a firewall prevent you from installing a tainted legit software? Unlikely. Of course it can prevent unwanted outbound notification which in this case I believe Terra Privacy can do also.

4) If you use a VPN with mutlihops and/or Tor would you not be safe from port scans?

5) Updating to latest drivers/firmware/updates is something user have to do. In addition, having the right layered software should avoid your mentioned problems.

As for CFW, like you said to use CS's settings, disabling the FW and using its HIPS/SB/BB should give sufficient (like one member said) protection and with additional right security software should secure your system against malicious infections bearing in mind the concerns for a normal home user are malware infections, spamming, phishing etc. rather than inbound attacks like mentioned in my replies 1) and 2)

I'm not saying a home user would NOT be subject to inbound attacks but comparing to malware infections, spamming, phishing etc what's the probability of the former? If it's negligible then is a firewall required or good-to-have as mentioned in my opening post? Of course if you are always being subject to inbound attacks then you MUST install hardware and software firewalls.

 

[Deleted member 178]

Most firewall devs have discontinued their firewall products, because they have realized, it is useless.

Because WinFW is good enough now unlike on WinXP/vista when it was absolute crap.
Those vendors discontinued it because the Average Joe couldn't handle the HIPS part or the advanced FW settings, but the basic parts of the FW was still appreciated.

Unless you have a running application with open ports, all connections requests are dropped, just like with a firewall, there is no difference.

You never download anything? No torrents?

Closed ports or stealthed ports, it is all the same.

Not really, but i guess you know the difference from an attacker view.

It all comes down, whenever you have trusted apps/software installed, but since people allow all of them in a firewall automatically, it makes no difference either. The same applies for the outbound. It might be handy to block a possible malware, but then means, you already have an infected computer, so you should rather focus on a prevention instead.

That has nothing to do with computer security , that is about user behavior. Not all users are happy clickers.

Since firewall does basically nothing, a simple router would do, to stop inbound requests and unsolicited traffic, which might be causing slight performance issues.

How routers do that? because the NAT FW, so you still use a FW , but routers aren't invincible and are 99% of the time used at default, so basically not secured enough and some are even complicated to customize by the users.
not saying now ISPs provide their own box which some have very limited security settings options...so i rather use my OS' FW , to complement it.
I wish i can afford a corporate grade hardware FW. I will wait to have a spare machine available to implement PFsense .
On the other side i still looking for a powerful (free) pure FW (no HIPS, etc...) to add to my security , the only one deserving to be on my system was SEP one but it is paid.
Going FW--less is nonsense unless for skilled network admins /technicians who needs some particular setups.
Using a FW is basic security, cost nothing, is not resources hungry and act in the background.
I dont see any cons to use it; and i don't see any advantages not to use it.

Comodo Firewall's sandbox and HIPS are pretty much all, that is required to stop malware, firewall mode can be disabled of course.

So what the point of using it? better use an anti-exe/standalone HIPS and a sandbox instead.

Conclusion: going FW-less is like playing soccer without the stopper, of course the team can still play , but they are weakened and if the opponent's striker find the hole, you are done.

 

[kamla5abi]

The function of AV/BB/SB/Antiexe/Antiexploit is to try to prevent malware from getting on the system in the first place and then executing on the system and ruining things.
AV/BB/SB/Antiexe/Antiexploit software job is:
1)Downloads via browsers or emails (phishing) or torrents or exploits on websites via Java/etc
The above (examples) are not the job for the FW unless they use some network protocol outside the browser/email client/etc

The job of the FW is to monitor network protocol connections and allow/disallow them based on known rules by default (default setup used by "normal home user") or additional rules setup by the user (but this isn't a "normal home user" anymore if they are doing this approach).
Example jobs of FW:
1) if inbound attacker is scanning random IP address blocks or ports or vulnerable devices around the world (with websites like shodan its much easier like i showed in previous post that linked a few example IP addresses with available ports and public IP addresses).
2) After malware has executed on the system and now needs further instructions from C&C servers (incoming network connection)
3) After malware already executed but now needs to exfiltrate some user data like encryption keys for ransomware, etc (outgoing network connection)

 

[kamla5abi]

i feel like this discussion is going nowhere fast lol
you dont want to use a FW then sure that is your choice
disable windows FW and if you want to risk messing up windows components use the elevated command @Umbra pointed out earlier and disable the FW service too

But since you keep referring to "normal home users" the answer for "normal home users" is "yes, continue to use windows 10 built in FW as a bare minimum"
you are talking about using other specialized software (terra privacy for example) to try to mimic what the FW does instead of using windows FW, seems easier to just use windows FW instead for the "normal home user". For users a step up from "normal home users" can get a better control interface GUI if wanted.
--> because "normal home users" are not concerned with setting up specialized software, playing with the settings to make it "just right" and then continuing to monitor the program to adjust things as necessary going forward.
--> The "normal home user" just wants things to work and not be bothered by the program.

Why else do security software companies not enable certain settings of security software by default which would make the protection stronger?
--> Because enabling those options would give more alerts to the "regular home user" or leave more decisions up to them and "regular home users" are likely to get annoyed by the alerts/choices or make the wrong choice at the wrong time and get in trouble. Thats why "auto mode" is popular among "regular home users"
Why do malwarehub people test these software at default settings?
-->To see what kind of protection the "regular home user" will experience at default settings, which is what majority of "regular home users" do. Just install & forget.

you are clearly not in the group of "normal home user" so if you feel like other software can serve a similar purpose but not technically be a FW then go ahead that is your choice to do so. But don't make the mistake of suggesting to "normal home users" who may find this thread via google search to use Terra Privacy or other such software simply because that type of software will require more interaction/setup/understanding than the "normal home user" will want to do. They want the "install and forget about it" approach - not go through all options/settings and enable things then make rules for them or respond to popups etc

 

[Deleted member 178]

@kamla5abi

You are totally right.

Btw, even Terra Privacy doesn't even give the minimal protection of the most basic FW.
It is more a FW "complement"
Using it as a FW is just idiotic nonsense.

 

[HarborFront]

The function of AV/BB/SB/Antiexe/Antiexploit is to try to prevent malware from getting on the system in the first place and then executing on the system and ruining things.
AV/BB/SB/Antiexe/Antiexploit software job is:
1)Downloads via browsers or emails (phishing) or torrents or exploits on websites via Java/etc
The above (examples) are not the job for the FW unless they use some network protocol outside the browser/email client/etc

The job of the FW is to monitor network protocol connections and allow/disallow them based on known rules by default (default setup used by "normal home user") or additional rules setup by the user (but this isn't a "normal home user" anymore if they are doing this approach).
Example jobs of FW:
1) if inbound attacker is scanning random IP address blocks or ports or vulnerable devices around the world (with websites like shodan its much easier like i showed in previous post that linked a few example IP addresses with available ports and public IP addresses).
2) After malware has executed on the system and now needs further instructions from C&C servers (incoming network connection)
3) After malware already executed but now needs to exfiltrate some user data like encryption keys for ransomware, etc (outgoing network connection)

You talk of port scanning. I said can the hacker scan your ports if you are running VPN with multihops and/or Tor

 

[HarborFront]

i feel like this discussion is going nowhere fast lol
you dont want to use a FW then sure that is your choice
disable windows FW and if you want to risk messing up windows components use the elevated command @Umbra pointed out earlier and disable the FW service too

But since you keep referring to "normal home users" the answer for "normal home users" is "yes, continue to use windows 10 built in FW as a bare minimum"
you are talking about using other specialized software (terra privacy for example) to try to mimic what the FW does instead of using windows FW, seems easier to just use windows FW instead for the "normal home user". For users a step up from "normal home users" can get a better control interface GUI if wanted.
--> because "normal home users" are not concerned with setting up specialized software, playing with the settings to make it "just right" and then continuing to monitor the program to adjust things as necessary going forward.
--> The "normal home user" just wants things to work and not be bothered by the program.

Why else do security software companies not enable certain settings of security software by default which would make the protection stronger?
--> Because enabling those options would give more alerts to the "regular home user" or leave more decisions up to them and "regular home users" are likely to get annoyed by the alerts/choices or make the wrong choice at the wrong time and get in trouble. Thats why "auto mode" is popular among "regular home users"
Why do malwarehub people test these software at default settings?
-->To see what kind of protection the "regular home user" will experience at default settings, which is what majority of "regular home users" do. Just install & forget.

you are clearly not in the group of "normal home user" so if you feel like other software can serve a similar purpose but not technically be a FW then go ahead that is your choice to do so. But don't make the mistake of suggesting to "normal home users" who may find this thread via google search to use Terra Privacy or other such software simply because that type of software will require more interaction/setup/understanding than the "normal home user" will want to do. They want the "install and forget about it" approach - not go through all options/settings and enable things then make rules for them or respond to popups etc

It's up to the person whether he wants to use a real-time on disk AV and/or a firewall. You are right in that.

 

[ncage]

Hi

I'll like to get some feedback as to whether how home users feel about securing their computer WITHOUT a firewall.

In the early years a simple firewall provides the necessary perimeter defense. As the years gone by the simple firewall is no longer adequate to provide the necessary protection and has evolved to become the Next Gen Firewall incorporating many features like IDS/IPS, HIPS, arp protection etc to become more sophisticated in providing better protection.

But many malware still passes through and how often is a home user subject to computer attacks to justify the use of it.

So the question is do you still require a firewall? Or is it a good-to-have thing? If you DON't require it then what are the security software that can replace it?

Thanks

I don't know that i agree that a simple firewall doesn't offer adequate protection. I think the windows firewall is just fine on its own. The next generation features you speak of just confuse most normal users with lots of confusing popups. Security is always going to be a layered approach and a firewall is a useful layer in a multi tiered approach. Would you want to connect to public wifi without a good firewall? I sure wouldn't. Even in my own house, though i'm behind a advanced firewall to the internet software firewalls prevent machines for unnecessarily communicating with each other. If you have IOT devices on internet network would you want them communicating with your PCs? Malware doesn't necessarily pass through. The user is downloading things and click on them. Firewalls job is not to be an AV engine. Instead it just blocks unnecessary communication between devices. Can you imagine how bad things would get if some of the major issues though has been publicized in the last few years didn't at least have a NAT firewall to protect them (printers, web cams, ect). There are still people that unfortunately connect these devices to the internet (without a firewall) and that's where the problems start. You can find many such devices on shodan.

That being said i think the firewall piece in a lot of the security suites is unnecessary and the windows firewall is just fine.If someone wants a 'little' more maybe use tinywall (which is build on top of the windows firewall)

 

[jamescv7]

It is still relevant that's why Firewalls are integrating different security modules to detect any different attacks of threats which uses network, the creation of firewall is brought with numerous reasons.

Remember malware are connecting through their attack servers and firewall can block that execution to avoid downloading some necessary files, then next will come from AV core protection which will close out the deal.

 

[HarborFront]

I don't know that i agree that a simple firewall doesn't offer adequate protection. I think the windows firewall is just fine on its own. The next generation features you speak of just confuse most normal users with lots of confusing popups. Security is always going to be a layered approach and a firewall is a useful layer in a multi tiered approach. Would you want to connect to public wifi without a good firewall? I sure wouldn't. Even in my own house, though i'm behind a advanced firewall to the internet software firewalls prevent machines for unnecessarily communicating with each other. If you have IOT devices on internet network would you want them communicating with your PCs? Malware doesn't necessarily pass through. The user is downloading things and click on them. Firewalls job is not to be an AV engine. Instead it just blocks unnecessary communication between devices. Can you imagine how bad things would get if some of the major issues though has been publicized in the last few years didn't at least have a NAT firewall to protect them (printers, web cams, ect). There are still people that unfortunately connect these devices to the internet (without a firewall) and that's where the problems start. You can find many such devices on shodan.

That being said i think the firewall piece in a lot of the security suites is unnecessary and the windows firewall is just fine.If someone wants a 'little' more maybe use tinywall (which is build on top of the windows firewall)

FYI, I'm posting in this forum now outdoor using 4G LTE and NOT using any firewall. I'm using a VPN and with Terra Privacy installed.....of course with other security software

At home you have many devices and a SPI/NAT firewall is there in your router. My router has a SPI/NAT firewall so there's no need of a software FW in my tablets

 

[HarborFront]

It is still relevant that's why Firewalls are integrating different security modules to detect any different attacks of threats which uses network, the creation of firewall is brought with numerous reasons.

Remember malware are connecting through their attack servers and firewall can block that execution to avoid downloading some necessary files, then next will come from AV core protection which will close out the deal.

You are right. The simple firewall was created long ago. It's good for network attacks and against some malware from the early years

But in today's context it cannot prevent many malware intrusion unless it comes with an IDS/IPS (with HIPS/BB/SB/AV) to be a Next Gen FW.

 

[Deleted member 178]

Anyway you still need a FW whatever its form

I'm using a VPN and with Terra Privacy installed.....of course with other security software
At home you have many devices and a SPI/NAT firewall is there in your router. My router has a SPI/NAT firewall so there's no need of a software FW in my tablets

A malware may bypass your security softs, then will connect to its C&C using a exploited legit process , so your VPN is useless (attackers will get your real IPs and direct access to your machine) , so your router is useless, what you gonna do then ?
a FW allow you to block programs/processes to reach outside and also block protocols/ access to certain IPs , that is its main function. no other softs can do that.

And btw, routers doesn't prompts about outgoing connections.

You miss the big picture because you are too focused on details, and you are unaware of all the possible attacks existing; classic mistake of average security enthusiasts.

 

[HarborFront]

Anyway you still need a FW whatever its form


A malware may bypass your security softs, then will connect to its C&C using a exploited legit process , so your VPN is useless (attackers will get your real IPs and direct access to your machine) , so your router is useless, what you gonna do then ?
a FW allow you to block programs/processes to reach outside and also block protocols/ access to certain IPs , that is its main function. no other softs can do that.

And btw, routers doesn't prompts about outgoing connections.

You miss the big picture because you are too focused on details, and you are unaware of all the possible attacks existing; classic mistake of average security enthusiasts.

There are some issues here. Network attacks and malware infection both incoming/outgoing

A FW is good for the former and latter if it comes with an IDS/IPS.

A FW is good only if you set the right rules to it otherwise it's useless. Imagine you do NOT set any rules for your FW ie ALL IN/ALL OUT. Then what good is this FW?

A VPN is NOT to prevent intrusion/outgoing of malware. That's not its job. But against attacks by hackers it's very good since your attacker cannot get to you without going through your VPN provider. Can he ping/sniff you for open ports if you use a VPN? A VPN with multihops and/or Tor strengthens that further.

An IDS/IPS can prevent malware infection and to do that will need the right layered security software like using HIPS, BB, sandbox, SRP, anti-exe etc and other specific software for specific protection eg. HMPA against exploits, MemProtect for memory processes protection etc

Like I said I have other security software installed.

 

[Deleted member 178]

A VPN is NOT to prevent intrusion/outgoing of malware. That's not its job.

i know, i don't even see why you mention it, maybe to state that random attacker can't guess your IP?

A VPN is NOT to prevent intrusion/outgoing of malware. That's not its job. But against attacks by hackers it's very good since your attacker cannot get to you without going through your VPN provider. Can he ping/sniff you for open ports if you use a VPN? A VPN with multihops and/or Tor strengthens that further.

and how you connect to your VPN provider's servers? via a connection to it right? do you really think hackers get IPs only from websites? do you know about Pings?

A FW is good only if you set the right rules to it otherwise it's useless. Imagine you do NOT set any rules for your FW ie ALL IN/ALL OUT. Then what good is this FW?

Are you kidding me ? have you seriously use a FW or dig into its settings once ? based on this reply, clearly not ...
There is no FW with "All-in". where did you get that? you just throw nonsense out of the blue.
You clearly lack of knowledge about FWs and you try to deny its benefits for some fancy apps you got your hands on..amusing.

Like I said I have other security software installed.

which doesn't help about inbound/outgoing connections.

So please stop your nonsense , this thread is going nowhere because you don't have any valid reason to go FW-less (unlike sig-less)

 

[HarborFront]

i know, i don't even see why you mention it, maybe to state that random attacker can't guess your IP?


and how you connect to your VPN provider's servers? via a connection to it right? do you really think hackers get IPs only from websites? do you know about Pings?



Are you kidding me ? have you seriously use a FW or dig into its settings once ? based on this reply, clearly not ...
There is no FW with "All-in". where did you get that? you just throw nonsense out of the blue.
You clearly lack of knowledge about FWs and you try to deny its benefits for some fancy apps you got your hands on..amusing.


which doesn't help about inbound/outgoing connections.

So please stop your nonsense , this thread is going nowhere because you don't have any valid reason to go FW-less (unlike sig-less)

When people queried it's a courtesy to reply. Whether answers are acceptable to them is up to them. As for you I have finalised that some posts back, ok?

 

[Deleted member 178]

Remember MT is here to help people to protect themselves against threats, not to make them more vulnerable via flawed logic/experiments or misunderstood knowledge and ignorance.
You asked , we replied to you that you are wrong, you refused the answers so why asking in the first place?

The only member going your way, does it because his system is totally customized (i know what he did) and he has decent knowledge of the implications of his actions and how to compensate.
This is not something you or other classic users can do.