Help
Guys.
I recently tried a few firewalls out of interest rather then an actual need. And I found a few interesting things that I thought warranted a mention.
Firstly, is there a real need for one on your basic personal system? For someone who uses windows 2000 for the stability, kernel difference, in built security and basic performance, is a firewall actually worth the effort? For many of you, who spend a lot of time tweaking W2k to get the maximum response out of the OS (like myself) a firewall could hardly be recommended on a purely performance scale. As far as port security goes, W2k is so far ahead then anything from the 9x line of windows. For someone on a dial up I really cannot see the necessity of a firewall. A DSL or cable connection could justify the need. But then again, how many of you have actually been hacked? I know some of you will pipe up and say, "I haven't, precisely because I use a firewall!" Ok, but is the chance really likely? For someone who intends to use a mediocre program to gain access to your system. Most of the time this process requires the user accepting some sort or remote admin file in the first place. And in this day and age no one would accept a 'CLICK-ME.exe' file or anything of dubious origins. So I ask you for your opinion on the necessity of a firewall. And I argue that in most cases it is not necessary. I would also say neither is an anti-virus program but I would be flamed. I will finish by saying, those who also use W2k for gaming and require the maximum amount of performance from their system will most likely agree, a firewall, anti-virus program or anything that remains resident can, and will hamper your gaming experience.
I just raise this matter to create discussion. My opinion is my own.
Regards,
Cardinal.
Firewalls? hmm... who has actually ever been hacked?
#2
Four and Twenty 
- Pooh-Bah
- Group: Members
- Posts: 1623
- Joined: 25-March 00
Posted 23 March 2001 - 08:06 AM
fuk firewalls fuk anti virus i don't like em use em or need em
It takes a mere 3 hours to reinstall 2 versions of windows and all my software on my computer (and i have a helluva lot of software) When my system gets hosed i just reinstall. I have backups of all my stuff disributed via batch file to 3 separate locations on my network.
I'm like you man I don't like the performance hit. I spend so much time tweaking i don't want to reverse the effect will these silly programs.
It takes a mere 3 hours to reinstall 2 versions of windows and all my software on my computer (and i have a helluva lot of software) When my system gets hosed i just reinstall. I have backups of all my stuff disributed via batch file to 3 separate locations on my network.
I'm like you man I don't like the performance hit. I spend so much time tweaking i don't want to reverse the effect will these silly programs.
#3
EM
- enthusiast
- Group: Members
- Posts: 232
- Joined: 02-August 99
Posted 23 March 2001 - 03:16 PM
I have a firewall but it is a seperate machine. Running Red Hat 6.0 on a 486-50. No performance hit on my network that way. Using McAfee on the kids computer (can't trust them to not accept whatever downloads) but otherwise no virus checker. Don't believe in downloading anything other than drivers.
I agree that I can reinstall most everything in a few hours and do so about once a month anyway. Undoubtedly because of some beta driver or just because.
Ed
I agree that I can reinstall most everything in a few hours and do so about once a month anyway. Undoubtedly because of some beta driver or just because.
Ed
#4
Bursar
- addict
- Group: Members
- Posts: 672
- Joined: 04-May 00
Posted 23 March 2001 - 03:47 PM
It's not just about your own security.
I run ZoneAlarm on my home machine. Not because I think that I have anything worth stealing, and as has been mentioned, if the worst happens, I spend a few hours with a pile of CDs.
The reason I run a firewall is to prevent my mahcine from becoming a stepping stone as some tries to hack something else.
Many hackers will infiltrate half a dozen or so machines on the way to the target. This makes tracing the hacker a harder. I could do without the hassle of someone turning up and saying that my machine was used as a launch point for a hack attempt.
You also make a large assumption about users when you say that people won't run a 'clickme.exe' file. How do you think the Anna Kornikove (sp?) virus and the naked wife virus spread around? People clicked them.
Knowledgable people (such as most of the people who frequent these types of boards) would probably know better, but there are those who don't know this, and if there's the chance of seeing a naked girl, they'll probably click without thinking twice.
In terms of performance, I can't say that I notice any problems. With that and my anti-virus software running (and Genome@home running), my pings are still around 30-60 for most online servers.
For single player games, it makes no odds as the firewall won't be doing anything anyway.
I run ZoneAlarm on my home machine. Not because I think that I have anything worth stealing, and as has been mentioned, if the worst happens, I spend a few hours with a pile of CDs.
The reason I run a firewall is to prevent my mahcine from becoming a stepping stone as some tries to hack something else.
Many hackers will infiltrate half a dozen or so machines on the way to the target. This makes tracing the hacker a harder. I could do without the hassle of someone turning up and saying that my machine was used as a launch point for a hack attempt.
You also make a large assumption about users when you say that people won't run a 'clickme.exe' file. How do you think the Anna Kornikove (sp?) virus and the naked wife virus spread around? People clicked them.
Knowledgable people (such as most of the people who frequent these types of boards) would probably know better, but there are those who don't know this, and if there's the chance of seeing a naked girl, they'll probably click without thinking twice.
In terms of performance, I can't say that I notice any problems. With that and my anti-virus software running (and Genome@home running), my pings are still around 30-60 for most online servers.
For single player games, it makes no odds as the firewall won't be doing anything anyway.
#5
DosFreak
- Carpal Tunnel
-
- Group: Moderators
- Posts: 3885
- Joined: 04-February 00
Posted 24 March 2001 - 11:30 AM
"Firstly, is there a real need for one on your basic personal system?"
YES
"For someone who uses windows 2000 for the stability, kernel difference, in built security and basic performance, is a firewall actually worth the effort?"
YES
"For many of you, who spend a lot of time tweaking W2k to get the maximum response out of the OS (like myself) a firewall could hardly be recommended on a purely performance scale."
WRONG. If you want themaximum performance that you can get a firewall is the way to go. You can block out all the crap that comes through your connection and all the crap that goes out.
"As far as port security goes, W2k is so far ahead then anything from the 9x line of windows."
ehh? If a port is open then it's open.
"For someone on a dial up I really cannot see the necessity of a firewall."
Can we say banners? Popup windows? For people who run their modems 8+ hours as I used to do from 90-98 (97-98 I was downloading 1.3g a month around 8+ hours a day) a firewall is a MUST.
"But then again, how many of you have actually been hacked?"
How the heck are you supposed to know if you don't have some sort of monitoring in place? What you think the idiotic malicious user will leave a big message on your desktop saying "You have been 4@x0r3d!!!! P43@r M3!!!!!!!" ;(
The only ones who do that are the idiots or your friends who want you to USE A FIREWALL!
"I know some of you will pipe up and say, "I haven't, prsely because I use a firewall!" Ok, but is the chance really likely?"
Well, I manage a base with 1,000+ computers. I manage Norton Antivirus on all of them. I monitor the ASIM box. I manage the firewall. From where I'm sitting I see alot of probes, alot of viruses and ALOT of activity. There is alot of stuff that homes users do not see simply because they have nothing in place to see it.
"For someone who intends to use a mediocre program to gain access to your system. Most of the time this process requires the user accepting some sort or remote admin file in the first place."
??? Wrong. By default File & Print sharing is enabled on 9x systems. Alot of NT boxes have default admin passes or NO PASSWORD ;( . Also it's not very hard to figure out the local admin on an NT box.
"And in this day and age no one would accept a 'CLICK-ME.exe' file or anything of dubious origins."
Riiiggghhhttt, Why just the other day MARCONI sent the Marconi representative 3 executable files (Disk1-3) as an Outlook attachment. My NAV Gateway stripped the executabled and MARCONI resent them zipped up.
So I ask you for your opinion on the necessity of a firewall."
You got it.
"And I argue that in most cases it is not necessary."
What cases? Granny logging on for 5 mins to check (oh wait it's granny...it'll probly be an hour....) her email....?
"I would also say neither is an anti-virus program but I would be flamed."
Yes you would and rightly so. Mabye I should print out the Virus alerts and virus hits I have seen for you. From your posts already I can tell that you would be greatly suprised.
"I will finish by saying, those who also use W2k for gaming and require the maximum amount of performance from their system will most likely agree, a firewall, anti-virus program or anything that remains resident can, and will hamper your gaming experience."
Most will NOT agree with you. Simply because they will find the best firewall & Antivirus that least hamper their ability to use their system effectivly. When you game simply TURN YOUR ANTIVIRUS OFF! 8) 8)
As I stated before a firewall can IMPROVE your performance on the internet. Antivirus will of course decrease your speed for increased protection but if your a tweaker then you'll know when you need AV and when you will not need it. It's not very hard to right-click and turn off realtime, or just end the AV task.
[This message has been edited by DosFreak (edited 24 March 2001).]
YES
"For someone who uses windows 2000 for the stability, kernel difference, in built security and basic performance, is a firewall actually worth the effort?"
YES
"For many of you, who spend a lot of time tweaking W2k to get the maximum response out of the OS (like myself) a firewall could hardly be recommended on a purely performance scale."
WRONG. If you want themaximum performance that you can get a firewall is the way to go. You can block out all the crap that comes through your connection and all the crap that goes out.
"As far as port security goes, W2k is so far ahead then anything from the 9x line of windows."
ehh? If a port is open then it's open.
"For someone on a dial up I really cannot see the necessity of a firewall."
Can we say banners? Popup windows? For people who run their modems 8+ hours as I used to do from 90-98 (97-98 I was downloading 1.3g a month around 8+ hours a day) a firewall is a MUST.
"But then again, how many of you have actually been hacked?"
How the heck are you supposed to know if you don't have some sort of monitoring in place? What you think the idiotic malicious user will leave a big message on your desktop saying "You have been 4@x0r3d!!!! P43@r M3!!!!!!!" ;(
The only ones who do that are the idiots or your friends who want you to USE A FIREWALL!
"I know some of you will pipe up and say, "I haven't, prsely because I use a firewall!" Ok, but is the chance really likely?"
Well, I manage a base with 1,000+ computers. I manage Norton Antivirus on all of them. I monitor the ASIM box. I manage the firewall. From where I'm sitting I see alot of probes, alot of viruses and ALOT of activity. There is alot of stuff that homes users do not see simply because they have nothing in place to see it.
"For someone who intends to use a mediocre program to gain access to your system. Most of the time this process requires the user accepting some sort or remote admin file in the first place."
??? Wrong. By default File & Print sharing is enabled on 9x systems. Alot of NT boxes have default admin passes or NO PASSWORD ;( . Also it's not very hard to figure out the local admin on an NT box.
"And in this day and age no one would accept a 'CLICK-ME.exe' file or anything of dubious origins."
Riiiggghhhttt, Why just the other day MARCONI sent the Marconi representative 3 executable files (Disk1-3) as an Outlook attachment. My NAV Gateway stripped the executabled and MARCONI resent them zipped up.
So I ask you for your opinion on the necessity of a firewall."
You got it.
"And I argue that in most cases it is not necessary."
What cases? Granny logging on for 5 mins to check (oh wait it's granny...it'll probly be an hour....) her email....?
"I would also say neither is an anti-virus program but I would be flamed."
Yes you would and rightly so. Mabye I should print out the Virus alerts and virus hits I have seen for you. From your posts already I can tell that you would be greatly suprised.
"I will finish by saying, those who also use W2k for gaming and require the maximum amount of performance from their system will most likely agree, a firewall, anti-virus program or anything that remains resident can, and will hamper your gaming experience."
Most will NOT agree with you. Simply because they will find the best firewall & Antivirus that least hamper their ability to use their system effectivly. When you game simply TURN YOUR ANTIVIRUS OFF! 8) 8)
As I stated before a firewall can IMPROVE your performance on the internet. Antivirus will of course decrease your speed for increased protection but if your a tweaker then you'll know when you need AV and when you will not need it. It's not very hard to right-click and turn off realtime, or just end the AV task.
[This message has been edited by DosFreak (edited 24 March 2001).]
#7
DeadCats
- enthusiast
- Group: Members
- Posts: 299
- Joined: 20-May 00
Posted 24 March 2001 - 07:22 PM
Thanks, DosFreak. 
And now the other eternal question. Is a hardware 'firewall' alone, such as NAT, etc. along with anti-virus software sufficient for a 3-pc, homebased peer-to-peer network w/cable modem, or is a software firewall like ZoneAlarm also important? (needed, wanted, etc.)
DC
And now the other eternal question. Is a hardware 'firewall' alone, such as NAT, etc. along with anti-virus software sufficient for a 3-pc, homebased peer-to-peer network w/cable modem, or is a software firewall like ZoneAlarm also important? (needed, wanted, etc.)
DC
#8
DosFreak
- Carpal Tunnel
-
- Group: Moderators
- Posts: 3885
- Joined: 04-February 00
Posted 24 March 2001 - 07:30 PM
Hmmmm, depends on how far you wanna go. I'd say the hardware firewall would be best because you wouldn't have to manage it as much. Also you wouldn't have to worry about your main computer crashing. The hardware firewall would be dedicated to that task. Also you pretty much never have to worry about patches and such. Of course price would probably be a factor + manageability. If you couldn't manage this firewall. (I don't see why not, just telnet in from across the net.) Why heck there's pretty much NO reason NOT to go for a hardware firewall. You'd think ISP's would give ya one for an added bonus when they install your DSL/cable. It sure would solve their headache's I'm sure.
#9
DosFreak
- Carpal Tunnel
-
- Group: Moderators
- Posts: 3885
- Joined: 04-February 00
Posted 24 March 2001 - 07:32 PM
Now if I can figure out how to install Sidewinder on a standard PC...Why....I would have one of the best home firewalls ever! MUAHAHAHHAHAHHAHAHAHAHH!
*Sidewinder is our base firewall. Unfortunately I haven't had time to learn it but I'm working on it. Gonna set up a test system on a Crapp Compaq Server soon. Gonna be fun!
*Sidewinder is our base firewall. Unfortunately I haven't had time to learn it but I'm working on it. Gonna set up a test system on a Crapp Compaq Server soon. Gonna be fun!
#12
Brian Frank
- Carpal Tunnel
- Group: Members
- Posts: 3088
- Joined: 21-January 01
Posted 24 March 2001 - 09:48 PM
Is every last ounce of speed really worth the vulerability? How hard is it to just turn it off? Especially if your on a network, it's even more imperative to have a firewall and antivirus. If just an old POTS modem, skip the firewall, but dont forget the antivirus.
I dont know about you, but a little privacy is something I like here. I'm also not to keen on having a virus screw up my sytem. Plus, I really dont like to spend the time reinstalling everything. Call me crazy, but a little security goes a long way.
Its unwise to go without protection in this digital age.
A fast computer is worthless if its infected or hacked by some unscrupulous fellow.
I dont think all s are malicious, but there are those who have a sick pleasure in screwing up someones system.
I know some really great tech guy that has his system rigged to deliver a voltage spike to the s computer if they hack his system, or so he said. Unless you got a defense along those lines, or better, a firewall and antivirus are the best way to go.
I dont know about you, but a little privacy is something I like here. I'm also not to keen on having a virus screw up my sytem. Plus, I really dont like to spend the time reinstalling everything. Call me crazy, but a little security goes a long way.
Its unwise to go without protection in this digital age.
A fast computer is worthless if its infected or hacked by some unscrupulous fellow.
I dont think all s are malicious, but there are those who have a sick pleasure in screwing up someones system.
I know some really great tech guy that has his system rigged to deliver a voltage spike to the s computer if they hack his system, or so he said. Unless you got a defense along those lines, or better, a firewall and antivirus are the best way to go.
#14
clutch
- Carpal Tunnel
-
- Group: Moderators
- Posts: 3859
- Joined: 29-March 00
Posted 24 March 2001 - 11:50 PM
Firewalls are a must at the gateway (being a single PC, then it would be the gateway itself) between local and public networks. That's it as far as that part is concerned. The thing I don't do (or understand a need for) is install firewall software on ALL of the PCs on a LAN when there is a firewall mechanism already in place at the gateway.
------------------
Regards,
clutch
------------------
Regards,
clutch
#15
derekmeister
- newbie
- Group: Members
- Posts: 6
- Joined: 13-July 00
Posted 25 March 2001 - 12:35 AM
It's kind of funny that I came across this topic today, because I'm kind of bummed about not having my firewall up right now.
I live in a university residence hall, which is directly connected to the campus network. Since I'm paying for electricity only through my standard housing bill, I tend to leave my computers on 24/7. Working for the school's network tech support center, I have come across enough horror stories about computers connected to permanent connections such as mine to want to add to my protection.
So, being the computer geek that I am, I took all the extra parts from upgrades that had been building up and put them together in another box, and installed OpenBSD and two ethernet NICs, after reading through the book "Building Linux and OpenBSD Firewalls".
Quite frankly, it's the best thing I've ever done. I've noticed absolutely no performance drop in my network performance, and even a slight rise as my Win2k machine doesn't have to deal with all the misceleaneous network traffic that goes across a dorm's noisy network. And I've caught enough probes and script kiddy attacks in my logs that I don't regret for a second the extra effort I put into this project.
Sadly, the power supply died on my firewall, so I need to get another one. Rest in piece, little guy ...
I live in a university residence hall, which is directly connected to the campus network. Since I'm paying for electricity only through my standard housing bill, I tend to leave my computers on 24/7. Working for the school's network tech support center, I have come across enough horror stories about computers connected to permanent connections such as mine to want to add to my protection.
So, being the computer geek that I am, I took all the extra parts from upgrades that had been building up and put them together in another box, and installed OpenBSD and two ethernet NICs, after reading through the book "Building Linux and OpenBSD Firewalls".
Quite frankly, it's the best thing I've ever done. I've noticed absolutely no performance drop in my network performance, and even a slight rise as my Win2k machine doesn't have to deal with all the misceleaneous network traffic that goes across a dorm's noisy network. And I've caught enough probes and script kiddy attacks in my logs that I don't regret for a second the extra effort I put into this project.
Sadly, the power supply died on my firewall, so I need to get another one. Rest in piece, little guy ...
#16
oldspice
- member
- Group: Members
- Posts: 105
- Joined: 17-April 00
Posted 25 March 2001 - 07:05 AM
I have to agree with Cardinal, not to start a WAR..but I have never experienced destructive hacking or virus's of any kind on any of my computers since my first 486 machine and I have downloaded shareware and surfed a gazillion sites in my time. I have never used my computers for anything important and back up anything immediately that needs to be preserved.I am cautious, of course, but unless a person is concerned about someone spreading a virus through a 1000 computer network like dosfreak has, i don't waste my time.I run bios protection and thats it. In fact "I laugh in the face of death, and wish i would get one destructive virus that wiped out my system..or a hacker that deleted all my files," then maybe i would care...a little...NOT! I reformat and re-install windows about 20 times a year just for fun, when i'm bored.I don't want any extra crap running while i'm on my computer and i welcome all the voyeurs who want to come in and steal my saved games and expert binds.As for spy software, i run optout for that and anything that gets by, great! Maybe these internet companys can profile me correctly and quit advertising garbage and maybe some day post 1 ad that i actually might be interested in reading...and blah blah blah
#17
whoisurdaddy
- enthusiast
- Group: Members
- Posts: 242
- Joined: 11-July 00
Posted 25 March 2001 - 08:14 AM
Hmm...I think from reading everyone else's posts, it seems like having Firewall is like personal preference/risk you want to take. I think Firewall wall like this: would you rather have a door knob with lock or without it installed for your house? With the door knob with lock, only people with the key can enter your house. If you choose not to have a door knob with lock feature installed, you are just taking the risk thinking some stranger wouldn't enter your house and steal stuffs. I see the firewall the same way. Are you willing to take risk and hoping that some skript kiddies wouldn't hack your system? For me, Firewall isn't that big of a deal for me since it seems like I am reformatting my hard drive pretty much once every three months. I use my Zip disk to store important stuffs so even if someone successfully hacked into my system, there is nothing important on my computer except games, homework papers, and e-mails. I am just gonna use Firewall because I am not going to risk getting hacked and have my system down when need it the most for school work.
#18
DosFreak
- Carpal Tunnel
-
- Group: Moderators
- Posts: 3885
- Joined: 04-February 00
Posted 25 March 2001 - 08:22 AM
Hey, anyone know anything about Sidewinder Firewall? I'm having trouble backing up my Sidewinder and can't figure out why I can't back up. 
I'm about to just forget about tape and see if I can just mirror the stupid hard drivers.
I'm about to just forget about tape and see if I can just mirror the stupid hard drivers.
#20
DosFreak
- Carpal Tunnel
-
- Group: Moderators
- Posts: 3885
- Joined: 04-February 00
Posted 25 March 2001 - 06:15 PM
Yep, here's another example of why people need Antivirus. Recently I've been redoing the sad pathetic Antivirus here on base. Computers were spread out over 6 Norton AV Servers 8) 8) . Finally I consolidated them onto one AV server and am push updates to the computers via SMS. The AV server is there is basically for a backup and to manage. Also our NAV gateway wasn't blocking attachments so I upgrade to the latest NAV gateway which is 2.1 I believe. So Finally we are blocking .exe,.vbs,.wsh,.scr,.com,.cmd,.bat and some other extensions that I cannot recall. SO I upgrade those 2 computers and finally we are blocking attachments! YAY! Now I'm looking through the AV logs and I noticed virus traffic going from computer to computer. inter-lan email wich of course NAV gateway ain't gonna catch, NAV on the users desktop will catch it but that's a slow way of getting those viruses off so right now as of today I am sticking NAV for Exchange on all the exchange servers and having it scan through all the information stores. I'm gonna get this virus problem licked dangit!
Now I'm looking through the AV logs and I noticed virus traffic going from computer to computer. inter-lan email wich of course NAV gateway ain't gonna catch, NAV on the users desktop will catch it but that's a slow way of getting those viruses off so right now as of today I am sticking NAV for Exchange on all the exchange servers and having it scan through all the information stores. I'm gonna get this virus problem licked dangit!
