Re: Modem with NAT firewall, do I also need a software firewall?

Tech-Archive recommends: Fix windows errors by optimizing your registry

in my opinion even known safe programs report usage via the internet, and I
want to know when that happens, and decide myself if it's ok, or block it.
so I would suggest a software firewall, but get a good one.

"Shenan Stanley" wrote:

Mikey wrote:
Recently purchased a Zoom 5660 modem / router. It has a
Network Address Translation firewall and Stateful Packet
Inspection. The computer it's installed on also has
Zonealarm (free version) installed. Is Zonealarm still
neccesary with this modem or can it be uninstalled?

Shenan Stanley wrote:
Zone Alarm was never necessary in truth.

The internal Windows XP Firewall would have given you as much
inbound protection as ZoneAlarm.

My suggestion - save the resources and save your sanity -
disconnect from the Internet, uninstall Zone Alarm, make sure the
Windows XP Firewall is enabled, reconnect to the Internet.

Mikey wrote:
But from what I understand, the Windows XP firewall only blocks
incoming traffic, not outgoing, and ZoneAlarm blocks both.

Bluntly (IMHO):
If you need outgoing protection - you're already messed up.

In other words - if you need to stop something on your computer from
communicating with something outside your computer you've either installed
or allowed to become installed something that needs to do that to fulfill
its purpose. Either you did not research what you were installing or you
have been infected/infested by something. In either case - there was
nothing keeping said application from changing the configuration of your
outgoing firewall as it installed so that you still do not know it is
communicating externally.

However - you are welcome to utilize Zone Alarm or any other software
firewall of your choice. It's not my place to say what *you* need or don't
need. I would highly suggest you leave some software firewall running on
your machine - even if you are behind a NAT device or even a hardware
firewall. It can serve to protect you from anyone also behind the same
NAT/firewall device and anyone who compromises the security of said device.
It is an extra layer of security - and one that (in the case of the Windows
firewall) requires practically no configuration by most users (or manual
upkeep of any type - as Windows Updates will keep it patched.)

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html



.

Relevant Pages

  • Re: Guide to secure installtion of IIS 5
    ... don't forget a well-configured firewall. ... Do not put the computer onto the network or the Internet until after the ... Follow the instructions for hardening Windows and IIS at ... Install all service packs and security fixes from Microsoft and otherwise ...
    (microsoft.public.inetserver.iis.security)
  • Re: login attempts
    ... > Every day i have on my win2000 iternet server a lots of wrong login ... Windows by default allows ... You also need a firewall. ... the internet, except for those ports you know you're using. ...
    (microsoft.public.win2000.security)
  • Re: SP2 problem connecting to web after instal
    ... > I've just installed SP2 after downloading all Windows updates first. ... > installed from CD after checking with Microsoft that I didn't have any ... > As soon as it finished installing, I disabled their firewall, as I ... > I've checked my Internet settings which seem OK. ...
    (microsoft.public.windowsxp.general)
  • Re: password protection
    ... and cable] and should really consider Windows 2000 / XP. ... sure you're also running antivirus and firewall, ... Internet] to bypass this security. ...
    (microsoft.public.security)
  • Re: Will computers ever be as simple and reliable as a refrigerator?
    ... > The problem is that a refrigerator does ONE thing.. ... Your computer is not connected to the Internet. ... You don't need a firewall - because you don't have any ... > using Windows XP "prettifications". ...
    (microsoft.public.windowsxp.help_and_support)