firewall issues - hardware router and need for software firewall

I just purchased a new computer, and a new 2Wire wireless modem. I was told that the "router modem" had a firewall so I did not need another firewall. Therefore I did not install a "software firewall." And, I did not know there was a difference between hardware and software firewalls.

Now, I read somewhere that the "hardware firewall" does not block outbound transmissions and leaves you open to malware, so you must have both.

In searching this BBS I found a closed thread titled "firewall still needed with router" written by Psaulm119. One of the thread answers was from TonyT, with the following statement: "The softwall has the advantage of monitoring OUTbound traffic while the router only stops unwanted inbound traffic. What outbound traffic needs to be monitored? Spyware, worms, viruses, etc. But if one is skilled and confident in those skills and knows one's system, then the outbound does not need to be monitored. Or if the system is used by other people such as kids, then the softwall is advantageous. "

What did TonyT mean by: "But if one is skilled and confident in those skills and knows one's system, then the outbound does not need to be monitored. "

I am at fault, I know, re: not knowing about the 2 firewalls, but now need to solve this problem ASAP.

So, I do appreciate all of your input.

 

Hi, Judy.

I think TonyT meant a user who is intimately familiar with what is installed on the computer and has taken necessary security steps to ensure the computer remains free from malware doesn't really need a firewall that monitors outbound connections. Unfortunately, I think most users are not experienced enough to be sure their system is free from malware (and will remain so). Just have a look in the "Removing Spyware & Viruses" forum here at Windows BBS and you'll see that MANY people become victims of malware.

I think a software firewall that monitors outbound traffic is one layer of protection that helps less experienced users gain more confidence regarding security of their computers. However, one must be willing to take the time to learn about firewall alerts that appear and investigate whether the programs identified by the firewall are malicious or not.

One popular free software firewall you might want to try is ZoneAlarm. ZoneAlarm monitors both incoming and outgoing traffic. ZoneAlarm recommends you deny access to programs you don't know about that want Internet access and then investigate those programs before deciding whether to allow access or not at a later time.

If you choose to download and install a 3rd party software firewall such as ZoneAlarm, I suggest you disable any other SOFTWARE firewalls you may have on your system (such as the firewall that is built into Windows XP). As I understand, running two or more software firewalls concurrently has the potential of creating problems because the firewalls will "fight" each other for control of Internet traffic.

Steve Gibson at Gibson Research Corporation has said good things about ZoneAlarm on his website for years. Click this link if you want to read some of what he has to say about a few software firewalls.

You can use Steve Gibson's "Shields Up!" Internet security vulnerability profiling service to perform various tests on your computer. For example, you can test the first 1056 service ports on your computer to see how well they are "stealthed" from incoming connection attempts.

I hope this information helps you. If you have any further questions, please feel free to ask.

 

Thanks for your input. I have had Zone Alarm products installed many years ago and had many "conflict" problems, so have stayed away ......

However, with yours and Steve Gibson ( whose services I highly respect ) I will install the free firewall.

NOW installation is done, but I still get " solicited TCP packet failed" and "ping reply failed" when running Shields Up.

I tried to use the newsreader to find out why, and could not get that to work, then googled and only got 3 hits - 2 in foreign languages when googling the "solicited TCP packet failed "

Is there an easier way to work through this?

Thanks again

 

It is possible that it is your router/modem that is responding to Shields Up's requests. Check through your modem's settings and see if you can turn off response to PING.

Where do you get the "solicited TCP packet failed" message. Is that something Shields up is generating, your firewall, or your browser?

With cheap routers, "firewall" can simply mean the router has NAT.. NAT gives some protection and is better than nothing, but I would not recommend relying on this alone.

As with any protection, defence in depth is always a good idea. Therefore, I would recommend that you enable any firewalling offered by your router (even if only NAT), and install a personal firewall.

A good personal firewall will block trojans on your PC, connecting to the internet, and provide some protection for you from infection from other computers on your network.

 

Also have a look at TonyT's excellent advice in this thread:

http://www.windowsbbs.com/showthread.php?t=59606

 

Thanks, ReggieB so much,

I was able to click on stealth and ping block on my 2wire and after doing that everything showed as stealth on the Steve Gibson page.

The "solicited TCP packet failed" message was on the Shileds up page before I clicked on stealth and blocked pings.

So now that all is stealth, etc. I don't need to do anything else --- right?

Thanks again and have a great holiday.

 

It's a very good sign. Not fool proof, but a good position to be in.

Have a look at PeteC's excellent article "Keep your Computer free from Viruses, Trojans, Spyware and other Malware ". That has lots of good advice about keeping your system free of nasties.

I presume you mean thanks giving. Not a holiday in the UK I hope you have a splendid roast turkey event tomorrow.

 

Do you think I should still set up the dsl modem in "bridge mode" as TonyT suggested?

Will take a look at the page below you suggested written by PeteC.

How did I miss the fact that you are in the UK ??

 

I alway avoid using separate modems and routers - preferring routers with built in modems, so I don't have a view on this. However, I do highly rate TonyT's advice, and therefore would be very surprised if this wasn't good advice.

 

My equipment is a modem/router combination.

Would that change the advice from TonyT ??

Also, in using the MBSA analyizer recommended by PeteC, I found that I could not disable my shares since they had not been set up -- I still see the need to disable shares -- so what would I click on ??

Also, in ZoneAlarm -- the default is anti-virus monitoring and mailsafe settings -- even thought ReggieLink said to disable all anti-virus email scans in your firewall. Should I un-check these in the ZoneAlarm?

 

If you have a combined modem/router, you can ignore Tony's advice regarding setting the modem to bridge mode.

If you have no shares enabled then you can ignore this too.

This is probably a performance issue. Most anti-virus products scan incoming e-mails. So there is little point duplicating the effort by doing it at the firewall and at the e-mail client. However, if ZoneAlarm is also providing Anti-virus, you shouldn't disable this setting. I suggest that if you are not having a problem, leave the setting as it is.

 

Thanks, ReggieB, I think I am finally OK re: all your help.

I did disable the email scans in Zone Alarm. Am using Kaspersky as AV and find it to be an excellent product.