How many antivirii's can you install?

[morganlefay]

My experience with software firewalls is that they chew performance. I recommend software firewalls for dial up users.....but as JP stated if you are on cable or dsl ...spend the 100 bucks.
I have heard too many horror stories of fresh installs getting infected...trying to get the updates from ms and av companies


As for 2 anti virus...that will cause problems....

I use an online scanner as a backup to the AV I have installed on the ws...if a machine is infected with a virus...I clean using it a local av ( as some viruses are easy to clean in safe mode)...then I use an online scanner to be sure I got it all.

just disable the local av til the online scan is done.

mlf

[AngelicKnight]

The ultimate factor is, how important is what's on your computer, and how much damage can it do you if in the wrong hands? If the answer is none, then relying on Win updates and your router is enough. If the answer is "a lot", then you need to consider additional steps. In some cases, a hardware firewall doubled with a software firewall may seem overkill, but it wouldn't hurt, if you know what you're doing.

A lot of it depends on how much memory you have to spread among processes too. If all the security measures bog down your performance to a crawl, then you have a problem. But if your machine can handle it in stride, then do what you feel is necessary.

[JP]

Originally posted here by AngelicKnight
In some cases, a hardware firewall doubled with a software firewall may seem overkill, but it wouldn't hurt, if you know what you're doing.

If you "know what you're doing", you realize installing both is stupid, and you don't do it in the first place. You don't just install security mechanisms because "it wouldn't hurt" if it "doesn't help" either.

I'm not sure where people are getting confused as to what exactly a firewall does, and why so many people are saying install both.

For example, someone said they installed a desktop firewall to take care of things that "slip through" their hardware firewall?

Firewalls are set up with a set of rules. Things don't just "slip through" them. It's not like the rules only work "some of the time". If that were the case, we'd call them Firewall Suggestions, and not Firewall Rules.

Even the largest of corporations and governmental agencies rely on border firewalls, and certainly don't expect each desktop to act as a firewall as well. Why not? Because that's not the role of a desktop computer, and for good reason!

Firewalls are intended to be a border access control device, plain and simple. Desktop software versions of them were invented during the "dial up" era as a gimp version of a firewall, because individuals didn't have control over border access at all. (The earliest versions of these were freeware programs written by users on IRC to block things like winnuke. Software companies figured hey, might as well add a bit more functionality and make a commercial product out of them). They have long since outlived their usefulness, and exist solely to satisfy a consumer demand driven by a clear lack of understanding of what a firewall is and does, and the role one plays in information security.

I stand by my earlier recommendation.

[AngelicKnight]

I think you're 99.9% correct, but I'm always thinking about that unlikely .1% when something wierd goes wrong. To trust even your hardware firewall 100% isn't wise, for if everything worked that well we'd all be out of jobs.

But that's all just theoretical thinking from someone still quite a bit fresh in the infosec world. But like I said in another thread, we can never afford to become too confident in either ourselves or what we use. Always consider the unlikely, even the extremely unlikely.

So that's why I say when you have the resources to spare, why not?

(The great JP argued one of my points! I've been noticed! Yay, I feel special now!)

[moxnix]

JP,
I have a small wireless LAN on my home setup and I don't nessisarily trust the other 2 computers on it. I have WEP installed and am using it on the wireless portion, but as we all know that is not a real good protection.
The D-Link router I use has a firewall in it, but would you consider that enough for this arragement.
Note -- I do also use a software firewall on my system, at present.

[JP]

Originally posted here by moxnix
JP,
I have a small wireless LAN on my home setup and I don't nessisarily trust the other 2 computers on it.

I really don't think that home users should set up wireless lans (especially when you allow 3rd parties connecting to it, but regardless of that), unless they're willing to go the extra step of setting up what amounts to a DMZ (or, Demilitarized Zone).

border firewall + WAP (wireless access point) =>> wireless lan =>> internal firewall =>> protected internal lan

This way, users that you're allowing to connect to you wirelessly (to share bandwidth I assume?) do not have access to your personal lan. If all of the computers are yours, then I would strongly recommend against keeping anything "important" on the "wireless lan" segment.

The worry isn't that something will make its way through your border firewall, but that a rogue node could connect to your access point device and make itself part of your lan. You've taken steps to protect against such an occurrence, but you're right in not relying on it as a certainty.

In the above configuration, you are taking this possibility into account by having your important data located on a secondary segment of your network that is protected from the segment containing the wireless nodes. You can then set up MAC Address control on your border router, that would prevent any potential rogue node from connecting to the internet, even if it did manage to connect to your DMZ.

Also keep in mind, that some mid sized firewall appliances will allow you to do all of this virtually, without the need for 2 seperate firewalls. We call them "vlans" (or, virtual lans). You can then configure what access each vlan has to each other, and what access each has to the internet.

This setup may or may not need adjusted depending on what the precise purpose of your wireless nodes are in the first place.

[AngelicKnight]

*taking notes frantically*

[pZargs]

I'm with angelic, Notes,notes,and more notes. This is what I was looking for great experience being passed on it doesn't get better!!!! thanks all who answered this thread!!!! You people rock..

[nihil]

quote:

Desktop software versions of them were invented during the "dial up" era as a gimp version of a firewall, because individuals didn't have control over border access at all.

It may have escaped your attention JP, but a great number of people throughout the world are STILL in the dial-up era. I am talking about private individuals here. People who wouldn't know how to configure a firewalled router if their very lives depended on it, and who probably couldn't afford one anyway?

Why has Microsoft persisted with "home" and "professional" versions of their OSes if this "divide" does not in fact exist?

I feel that we sometimes tend to be a little too elitist and geek, thus losing touch with the realities of the world beyond the ivory tower.

[AngelicKnight]

I feel that we sometimes tend to be a little too elitist and geek, thus losing touch with the realities of the world beyond the ivory tower.

No kidding! Just try being one of us new guys to the IT world. There's plenty of "What? You didn't know that?" and "What a stupid idea that is!" going around, as if we all come out of the womb quoting Linux code or something. "Noob" is pretty much a 4-letter word nowadays it seems.

Aaaahhh, just had to get that out of my system.