Is Software Firewall Necessary And/Or Recommended If Modem/Router Consists of Firewall?

Discussion in 'Computer Support' started by Internet Highway Traveler, Nov 9, 2009.

  1. Hello,

    Up until recently, I was using Zone Alarm (free) as my software firewall.

    During a conversation with my ISP's tech support, I was informed that my
    modem/router had a built-in and functioning firewall.

    The modem/router is a 2Wire 2701HG-G.

    As a result of the conversation, I uninstalled Zone Alarm.

    What I would like to know is if having a software firewall is of *any*
    advantage whatsoever when one has a hardware firewall, or would it
    constitute a redundant app serving no purpose at all.

    As always, I appreciate all constructive replies.

    Internet Highway Traveler, Nov 9, 2009
    1. Advertisements

  2. Internet Highway Traveler

    Tony Guest

    A hardware firewall is better than a software firewall but neither are any
    good when you kiss your life away to the FROGThrottle boxes.
    The Grandmaster of the CyberFROG

    Come get your ticket to CyberFROG city

    Nay, Art thou decideth playeth ye simpleton games. *Some* of us know proper

    Very few. I used to take calls from *rank* noobs but got fired the first day
    on the job for potty mouth,

    Hamster isn't a newsreader it's a mistake!

    El-Gonzo Jackson FROGS both me and Chuckcar

    Master Juba was a black man imitating a white man imitating a black man

    Using my technical prowess and computer abilities to answer questions beyond
    the realm of understandability

    Regards Tony... Making usenet better for everyone everyday
    Tony, Nov 9, 2009
    1. Advertisements

  3. Internet Highway Traveler

    why? Guest

    That's fine as long it's enabled, and updated on a regular basis, how
    often yo may need custom rules.

    No harm and I would say and good practice to protect your PC(s) anyway,
    with ZA.
    2Wire info on H/W v Win FW.

    A continually updating ZA will give you extra protection.

    From this screenshot
    all the entries under Attack Detection are well worth turning on an a HW

    The in/out bound list, I prefer to manage on a couple of PC via the S/W
    F/W I have [Outpost FW]. HTTP is fairly open, DNS limited to 3 servers,
    At a lower level are the apps that call home for updates those are
    resticted heavily via HTTP, single destination, DNS. Other services are
    much harder to manage until setup, such as NTP which is very limited by
    source / destination port, protocol and app.

    It depends on how much work you want to put into it.

    You may even want to put on a S/W FW set to allow all and logging on
    just to see what is happening. The 2Wire FW should also have a log.
    why?, Nov 9, 2009
  4. Internet Highway Traveler wrote:

    A router has less vulnerable applications running on top, besides the
    purpose it is dedicated for.
    A real firewall should just be that, leaving as little potentially
    vulnerable code on it as possible.
    A router without additional services (not even a webserver) activated,
    protected with a really strong passkey, comes close to that.
    But then, if you begin to configure portforwarding or (beware) UPnP, you
    peek holes into it, so it may be good to have a 2nd fence.
    Which does not necessarily have to be another "desktop firewall". If you
    really feel in need of it, use the builtin windows firewall. Another tool
    to detect malware, like a good virus/malware scanner (even security
    essentials can do that) and some registry watchdog to stop installing
    malware (s&d - teatimer or others).
    Last, but most important, use a "restricted" account to surf and mail.
    You may use the "run as" feature anyway.
    wisdomkiller & pain, Nov 9, 2009
  5. Internet Highway Traveler

    chuckcar Guest

    There is one very important point connected to the application argument
    that other's have stated: trojans. You block the trojan's operation by
    only allowing *any* application (aside from your web browser) to access
    the net on you allowance. Scanning at least monthly every file on your
    computer with just updated virus information files *can* remove this
    possibility, but only immediately afterwards if you don't *know* how to avoid
    infection. something that's far from trivial.
    chuckcar, Nov 12, 2009
  6. I wish to thank all those who replied with constructive comments. Much

    Due to my concerns about not using ZA, compounded by the wise advice given
    here, I decided to reinstall it.

    As configured in the past, all apps now require permission before being able
    to access the Internet.

    The aspect of a malicious app "phoning home" strikes a particular chord.

    Several years ago, a relative purchased a computer, but was so intimidated
    by it that she kept it in its unopened box for some 19 months.

    When she finally decided to start using it, I installed the free versions of
    AVG and ZA with specific instructions regarding their use and the need to
    keep them up-to-date.

    After about a year, her computer became so dysfunctional that I visited to
    see if I could rectify whatever the problems were.

    One of the first things that I noticed was that AVG was months out-of-date
    and ZA was disabled.

    When I updated ZA and enabled "Alerts Events Shown", a screen immediately
    popped up and continued to do so every second or so.

    I saw something about which I had only read; there were apps, which appeared
    to be just under the desktop, partially breaking through it in a thwarted
    attempt to "phone home". They looked like cones with swirls.

    After AVG was updated, a full scan located 47 or 48 viruses/Trojans.

    If nothing else, the above should serve as a "wake up call" to anyone who
    believes that an up-to-date AV and firewall are unnecessary.

    Once again, thank you very much for your replies!

    Internet Highway Traveler, Nov 14, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.