Security without Firewalls discussion
You might remember that I published an article in late November called Beginners Guide to securing your pc. You might remember as well that I suggested that there was no need for a desktop firewall at all. And you might even remember that I got some pretty bad comments about my suggestion in the comments section.
I found an article on the Search Security website today entitled security without firewalls: sensible or silly which comes to a similar conclusion six months later. I'm not saying I was the first to advocate systems without firewalls, or at least without desktop firewalls, but it seems I'm definitely not the only one who thinks that this may be a viable solution.
Singer said there's a "horrible truth" about firewalls: they have performance problems, are vulnerable to cascade failures and changing one rule on the network can open up a security hole someplace else. He said a fellow IT professional once conducted a routine firewall test and found several ports wide open. But perhaps the biggest problem of all is that users inside the firewall can't be trusted.
"Firewalls can't protect you from what users are doing inside the company," Singer said. "If I want to steal from a bank, I won't try to punch through their firewall. I'll get a job in the mailroom."
I'd be interested to hear your opinion on the matter. Are you using a firewall? If so what kind of firewall, built-in (like the Windows XP firewall), desktop (like Outpost) or even a hardware firewall?
Update: The original article is only available after you register to the site. This is a change in recent time. All you need to do is enter an email address into the sign up form to read the article on site again.
Update 2: Firewalls have improved a lot in recent time, especially the Windows Firewall has been updated by Microsoft to make it a viable alternative to other firewall products. Experienced users who configure firewalls properly won't run into many of the issues discussed in the article or mine.Advertisement
I use Norton Firewall on my laptop and I got it only because I didn’t know about open-source software and couldn’t find a free good firewall. As soon as my Norton expires, I’m going to download a free firewall that I find somewhere.
On my other PC, I use ZoneAlarm. I’m going to switch soon because I heard bad things about it.
I don’t use a Windows Firewall because it seems like it doesn’t do much for some reason. I just don’t trust it.
I do use my routers firewall, but I haven’t used a software firewall since my dial-up days.
I haven’t used a firewall in a few years on my personal machines, nor have I put one on my parents’ machine (Windows XP). However, I think users who do not bother keeping up with the latest vulnerabilities and are do not know how to shut down all services but the ones they require (very few in my parents’ case, for example) should use a friendly one. Furthermore, none of my machines have any sensitive data on them (I use a bootable USB key for home banking) – IMO machines carrying sensitive data should be kept off the internet if possible.
I think that these days the main attack vectors are human based – droppers on malicious web sites, executables spread via mail/p2p, etc. If you instruct the user about safe web practices and set up the machine well I see no need for a firewall, which will only confuse them with more pop-ups – which only serve to encourage them to OK every notification that comes up.
I just keep my fingers crossed. So far it ain’t working.
i’m not using a PFW but i’m using my routers firewall.
if you know how to config your windows xp system (disabling unused services, netbios blah blah) (and use your pc with limited access and only use administrator privileges when needed) you are on the right way.
I agree with comment 3, I haven’t used a Firewall since I found out how much Norton is total crapware and removed it. If you alittle common sense and there is no need for one on your PC, it’s just a waste of resources and increases boot time.