I would imagine most people sit behind some kind of hardware firewall/router (wireless or not) nowadays. Are personal firewalls (software) required anymore? I’m asking this question from somebody using Comodo’s default deny technology but I guess this could also apply to providers of other security software too. Would not having a personal firewall installed lesson my security (relying on just Windows firewall). The way I see it (and correct me if I’m wrong), a personal firewall could be useful if an internal network had been breached.
A hardware firewall isn’t normally interactive with user. (eg outgoing traffic for each application)
Configuring one might not be a task for everyone either.
There is probably a cost involved even so.
There are also hardware limitations.
(not meant to be a comparison; just points to be considered)
You don’t need to install a firewall unless you want a more configurable one than the system’s built in firewall.
My firewall in Ubuntu is configured to block all incoming and allow all outgoing. I see no need for me to disallow applications internet access. Other users may have other needs, or may want to control internet access more than I do. I don’t use any suspicious applications.
From a security point of view though, would hardware firewalls need to be configured? Out of the box, don’t they just do there job of monitoring/filtering incoming traffic. Any port scans or other tools are ran against the hardware, not a users computer. Would a user need to create outgoing rules given that they are running CIS or CCAV as the entry point onto someones computer would possibly be from the user downloading something suspect (from website or email), which would instantly be sandboxed or quarantined when run.
I’m also running Ubuntu with the same setup (via Gufw). I think the scenario is different on Linux though as I feel I can trust open source software more as software is created from passion, not monetory gain.
In the old days, a personal firewall would be essential (on Windows) as the computers IP was made public but as most sit behind some hardware now (different subnet) and “default deny” technology doing it’s job, I feel it’s not really needed nowadays.
When I see malware that connects to the internet and capture data I look for samples and the result is almost always the same, the malware connects to the internet even if the modem / router has a firewall and none of the ports are open.
There are still malware loggers (key, screen, spy …) that creates copies of system files or uses them to access the internet. A peer-to-peer firewall is required even if there is a windows firewall.
The comodo firewall will ask you about certain circumstances if you want to allow access to secure applications exploited by malware. But as competitors fortunately or unfortunately (I am taking into consideration only the firewall) should correct remote access even if it is a secure application, for example: I am on machine A, application B is reliable and has its network access Allowed and you can access machine A without any alert or warning from firewalls either from CIS or from your competitors
Yes, but aren’t you talking about a computer that is already infected. If you had CIS or CCAV installed, wouldn’t this malware not be able to run in the first place, so can’t communicate.
There are still malware loggers (key, screen, spy ...) that creates copies of system files or uses them to access the internet. A peer-to-peer firewall is required even if there is a windows firewall.
Is this possible with a security suite already installed? I would imagine even non Comodo products should protect against this (if kept up-to-date).
The comodo firewall will ask you about certain circumstances if you want to allow access to secure applications exploited by malware. But as competitors fortunately or unfortunately (I am taking into consideration only the firewall) should correct remote access even if it is a secure application, for example: I am on machine [b]A[/b], application [b]B[/b] is reliable and has its network access Allowed and you can access machine [b]A[/b] without any alert or warning from firewalls either from CIS or from your competitors
Are we talking about remote access from yourself or untrusted persons? Wouldn’t you have it prompt for access (from the application itself). If the remote access software had been compromised, wouldn’t CIS/CCAV alert you to this.
