# Firewall: is router enough?



## Indiana627 (Nov 18, 2005)

My computer sits behind a router (Roadrunner modem > router > computer). The router has wireless security turned on for my wife's laptop, but this desktop in question is hard wired to the router. Is that enough protection? Or should I also use a software firewall? RR provides a free security suite from CA which I installed and it includes a Firewall. Since installing I get tons of problems getting online, and when I do get online, I get tons of 'notifications' whenever a new page loads. The Windows firewall is off.

Would I be OK uninstalling the CA firewall and not running any kind of software firewall? I would still have anti-virus, anti-spyware and anti-spam installed and running. Thanks.


----------



## Cholly (Mar 22, 2004)

Unfortunately, the CA security products are not very good. I'd prefer the Windows firewall over the one from Roadrunner. That being said, the software firewalls from Zonelabs, Symantec and McAfee are all better.


----------



## RAD (Aug 5, 2002)

One of the best firewalls is your brain, be careful of what sites you go to and what e-mail you decide to open and click on the hiperlink. I can't tell you how many times my mother has called after click on a link for an 'offer that's too good to be true' and then saying somethings wrong with her computer.


----------



## Steve Mehs (Mar 21, 2002)

I wouldn't use any consumer level product from Symantec or McAfee, nothing but bloatware. Zone Alarm is just as bad now. I used to be a huge fan of Zone Alarm Pro until CheckPoint took over ZoneLabs. Now I just use the Windows Firewall combined with my Linksys router.


----------



## funhouse69 (Mar 26, 2007)

I agree that some of the products mentioned here used to be so good but all have gone downhill big time. Use the Windows Firewall just make sure you know what you are "Allowing" when a popup occurs. You can also download Windows Defender for free from the Microsoft Website. I can't say one way or another if it is good or not but it is free and can't hurt (I run it on all my systems and haven't had any issues with it). 

As for your router assuming you aren't connected to a port that is set as DMZ or exposed to the Internet it is acting as a basic firewall. This is done by isolating your internal network from the outside world through NAT (Network Address Translation). 

If you added a hardware firewall which could be a little more complex to set up it offers SPI which is Stateful Packet Inspection - this means it would look at all of the information coming in to it and make sure that it is properly formed and reject anything that it doesn't like such as improperly formed, harmful or unrequested packets / connections.


----------



## Cholly (Mar 22, 2004)

Steve Mehs said:


> I wouldn't use any consumer level product from Symantec or McAfee, nothing but bloatware. Zone Alarm is just as bad now. I used to be a huge fan of Zone Alarm Pro until CheckPoint took over ZoneLabs. Now I just use the Windows Firewall combined with my Linksys router.


While I'll agree with you up to a point, the fact remains that PC World and PC Magazine still recommend the Norton security products highly. I've been a Norton user for at least ten years, and have investigated other security software, only to find most of it isn't as effective. ZoneAlarm Pro used to be my firewall of choice, but last year I purchased Norton Internet security 2007 and installed it on my 3 computers. I also have the free McAfee SiteAdvisor installed on my systems. 
It's no longer sufficient to "use good judgment" in surfing the web. To be sure, I curse the boot time on my primary system. I've cut that time down by disabling Automatic Update on Norton, but it still takes an eternity.


----------



## Steve Mehs (Mar 21, 2002)

I don't trust the tech tabloids. I've been a subscriber to PC World and PC Mag on and off for years. Pretty much their targeted towards to lower end users, but they make an interesting bathroom read. I get a kick out of cover stories like '13 things to speed up your computer'. Which pretty much involves turning off things in MSCONFIG or disabling start up services in the MMC. Ny so much PC Mag, but I believe PC World is a bunch of payola. 

Symantec Corporate AntiVirius is great I love it. But Norton, barf. The cartoonish over simplified interface, and jack of all traits master of none mentality and, taking over your system, no thanks. I’ll take my chances and go bareback. Symantec should have only focused antivirus and ZoneLabs only on firewalls, etc.

I’m also in the use good judgment camp. It’s not hard. In what is it now 12 years, not one virus, not one instance of spyware (sans your standard cookies and Alexia crap), no SPAM at all on my main email account in 4 or 5 years. All while using Internet Explorer and MS Outlook. No porn, no PedoSpace, no Zap The Monkey for a Free iPod, no entering my email address in every webform I come across.


----------



## Cholly (Mar 22, 2004)

Funny thing -- I fired up my laptop a few hours ago, which I hadn't used in a few months -- both ZoneAlarm Pro and Norton Antivirus subscriptions had expired. Go figure.


----------



## HIPAR (May 15, 2005)

What is the real purpose of a firewall? Basically it hides your computer from Internet based probes that allow hackers to find you and install drive-by software. They can do this using ActiveX features of Windows and Internet Explorer.

Go to one of the sites that will do a port scan. Search for one called 'Shields up' to start. You an experiment with different security configurations.

I think the major publications are the 'propaganda arms' of Microsoft and Symantec'. Symantec invades your system, uses lots of RAM resources and is always in your face about outdated software and subscription lapses. It comes as trialware on most new computers and is a real pain to remove.

I have the firewall on my DSL modem set to Low, hide behind a router and have had no problems (to my knowledge) with that configuration. I also use the Firefox browser since it doesn't support ActiveX by default.

No firewall will protect you if you invite the malware inside by clicking Yes or OK on some unsolicited message box.

--- CHAS


----------



## Steve Mehs (Mar 21, 2002)

On that note (a segue on Shields Up) I encourage anyone here interested in IS to check out Leo LaPorte and Steve Gibson's weekly podcast, Security Now. They will explain to you proper ways to secure your system and ways to be smart, some of it gets a little deep, but very interesting stuff and much more useful then relying on resource hogging crapware from Notron and McAfee.

http://www.twit.tv/sn


----------



## steve053 (May 11, 2007)

Better yet - don't surf the web using an "admin" account. ALLWAYS use an account that doesn't give permission to install. In XP use "run as" to install programs. Trojans, spyware, maleware, viruses et all can't self install when the user doesn't have permission to do so.


----------



## Jeff McClellan (Apr 22, 2002)

http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php

Scroll down some for results.


----------



## Greg Alsobrook (Apr 2, 2007)

I like Comodo... I believe it's still free too


----------



## AlbertZeroK (Jan 28, 2006)

For me, a firewall does pretty much what a router does. Port forwarding and NAT.

The big difference I really see for my clients is that the higher end firewalls provide built in tools to combat common attacks, most of which are designed to bring down your internet connection.

For home users, a typical router is nice, but some are CRAP. I have an el-cheap-o router from dlink that I put in for network bridging and stupid little stuff, but had to use it at my house for my network. I kept having massive issues when the router was under load. (For example, goto amazon and start searching and start opening up 5 or 6 tabs and different searches on each- with all the picutes downloaded, it was causing errors.) So make sure to get a good router. I use to love DLink, but no more. I still like their 2100AP for WAN applications, but for routers, I'd go with Linksys or Buffalo has made me happy recently (their little switch to convert a router to an access point is just beautiful!)

Anyways, I would recomend running SpyBot Search and Destroy and installing the imunizations and keeping the imunizations up to date (once a month). That will keep some bad stuff from getting installed on your computer.

We use Norton AV for larger networks, my poorer customers we use AVG Free edition from grisoft.com. I won't touch McAffe anymore or Norton's all-in-one products.

As for software firewalls, your router and it's NAT table is gonig to keep alot of stuff out. For you internal network, firewalls are nice in public places to keep other pc's from infecting yours. 

But no, there is little difference between a cheap firewall you buy at the store and a broad band router. you have to start paying $500 to get a firewall that will actively fight back against attacks, but most people don't get attacked this way. Oddly, my county governments clients have had some issues with this though...


----------



## dervari (Dec 1, 2005)

funhouse69 said:


> If you added a hardware firewall which could be a little more complex to set up it offers SPI which is Stateful Packet Inspection - this means it would look at all of the information coming in to it and make sure that it is properly formed and reject anything that it doesn't like such as improperly formed, harmful or unrequested packets / connections.


SPI alone is a marketing joke. It doesn't look at harmful packets. It just relies on the SYN/SYN-ACK/ACK handshake to verify that a connection is valid. It will only allow incoming packets that are part of an established connection. While it will help with things such as a DOS SYN FLOOD attack, it does little to block badware.

My firewall has what is called DI (Deep Inspection) and integrated AV. The DI can look for things as obscure as Yahoo Chat DOS packets and the AV scans incoming traffic. Not much of a hit on performance either. Much more secure than an SPI only firewall.


----------



## tealcomp (Sep 7, 2007)

Cholly said:


> While I'll agree with you up to a point, the fact remains that PC World and PC Magazine still recommend the Norton security products highly. I've been a Norton user for at least ten years, and have investigated other security software, only to find most of it isn't as effective. ZoneAlarm Pro used to be my firewall of choice, but last year I purchased Norton Internet security 2007 and installed it on my 3 computers. I also have the free McAfee SiteAdvisor installed on my systems.
> It's no longer sufficient to "use good judgment" in surfing the web. To be sure, I curse the boot time on my primary system. I've cut that time down by disabling Automatic Update on Norton, but it still takes an eternity.


Uhmm, anything is better than Windows Firewall, and CA may not be that well known but is actually used by some very large corps..

-Dan


----------



## phat78boy (Sep 12, 2007)

A firewall prevents unauthorized access to your computer. If you initiate or are spoofed by a website download, this is not the firewalls fault. Some software firewalls are able to catch this, but this is done much better by an adware and antivirus combination. 

IMHO a descent router/firewall is just fine for most home networks. If your looking for better spyware/virus protection, then adware and virus software is what you need.


----------

