Is it worth to install Firewall in home pc?

I aint even going to bother to the read the rest of this ****ing thread why the **** is every one ganging up on catch he gave his opinion on what he would do if the advice wasnt user friendly thats not his fault hes telling people what he knows you can tell from his posts hes an advanced computer user and security consultant and we need more people like him here to keep topics interesting instead of whats the best <add topic from firewall to linux here>

If people would shut down un-needed services there would be no need for a firewall thus it does hog resources especially on a windows platform and i think catch touched on that go scan a random server a hosting company with they -A switch in nmap see if they are running a firewall people think before you speak most of the **** i read in this thread is directed to catch
when people disagreed with him he told you his level of qualifacation and then you think hes pompus trying to rub it in your faces.

So let me get this straight you're asked to set up a fortune 500 server what do you do slap up a firewall and say there thats you what about the services they need for commercial use firewall or no firewall they services need to be exposed to the internet for there commercial use even if a firewall is place and a daemon is compromised what happens if the shell code is connect back ? totally defeats the purpose of the firewall in the first place i think most of the poeple in this thread have been arrogant to catch not the other way around

Ill read the rest of the posts and probably edit this if i can be botherd

/me gives the dead horse a nudge

Forgive me if this has been mentioned already (i just skimmed the personal attacks and masturbation) but i believe that catchs first point is very valid. The witty worm proved this to thousands, did it not? For a standalone box with no services i don't bother with a firewall, its a waste of time and resources, for my home network with services running and my brothers windows box i do. (egress filtering just saved me alot of malware hassle just recently) It all comes down to situation/person/technical knowhow

Like prodikal, some of the people posting here, including catch, have missed the point I made in my first and second post here.

1. Yes, an advanced user should be securing their services, ports, and internal/external OS security settings. This is part one of the security process, but it does not stop there

2. As a newbie to security, or as step two for an advanced network security admin, it would be to place a firewall. Why? Sure the system is secured. Sure the services are controlled, and sure the ports are locked. But: A. Trojans and rootkits CAN happen, and will get right beyond a system that does not have packet filter (aka firewall). B. User configuration error (aka accidental exploitation) that bypasses security settings and somehow idiotically finds a way around the system. A firewall can prevent this, settings can't. C. ICMP, UDP, and TCP based pings done by an attack will show the network to be online. The only way to not allow those kinds of pings is packet filtering, and that means using a firewall

So while having a firewall is not 100% needed, there are far too many circumstances and percentile chances in which we can not afford to risk. You first secure the system to your highest degree, and then provide a firewall. As MsMittens taught me, it is simply an extra layer of security beyond what you already know how to secure, lest something unexpected and unpredictable come across... that way at least you have something filtering and controlling packets.

Quote:

---

Like prodikal, some of the people posting here, including catch, have missed the point I made in my first and second post here

---

Quote:

---

I recommending ignoring catch's remarks. We must keep in mind that Windows itself runs a good 10 - 20 UDP ports at all times for it's internal use and DLL calls (in some distros, DCOM), making an unpacket filtered computer a prime target for UDP exploitation and DDoSes.

---

I think thats ignorant telling some one to ignore others advice hes simply offering his opinion to the discussion and whats the chances of some one targetting you as a home user to DoS the **** out of you and DDoS is distributed denial of service which is diffrent from a UDP flood
where DDoS sends unroutable packets to a host till there pipe of bandwith gets clogged with all the open SYN packets and no where to send replies to a UDP flood would result in sending UDP packets to a specific port if it was vulnerable until it crashed the OS and if some one is going to DoS you there going to DoS you just because packet filtering is there doesnt mean the packets arent big deal there set to drop but some DoS attacks are so sever that a software firewall would more than likely crash from it rendering it useless and all the packets would clog your pipe anyway because theres that many thats why it called denieing service

Quote:

---

Even if you are a lone computer on a dialup, the risk of having a trojan planted via email (or by other means) can prove to be that one port that would compromise your security. Take the wisdom of others here and know that just because you can't see it, doesn't mean the vunerability is not there. Don't believe me? Turn on your windows machine and turn off your firewall. Now ask a friend to run a complete TCP and UDP port scan on you. Notice the stack of UDP go further and further down the list. How could this happen, even though you are not running the services?

---

Most trojans now days are built in with firewall and AV kilers some even sophisticated to look like there still running and not crash them why get a friend to do a port scan when there is netstat -an thats what white hats do put fear in to the masses there a simple command that tells you what listening why do you need a port scan ? to inject fear and hysteria in to people
because port scans are classed as an early stage of an attack as i said in the earlier post all net services can be stopped and people with out firewalls that get infected 80% of the time dont even know what a worm or trojan is and think the internet is for email and chatting on MSN yahoo aim etc

Quote:

---

How could this happen, even though you are not running the services?

---

Are you asking a question ? or are you trying to emphasise on the fact that computers have ports ? that you all ready said windows depended on internally and to my knowledge there is no known udp based vulnerabilities for udp ports on windows and if they were i can guarantee they wouldnt be used on your average joe and there wouldnt be a new worm

Quote:

---

Catch, I kindly urge you to stop and continue this fight else where with people on PM's. This is slowly turning into a flame war, and I would ONCE AGAIN rather not see a good parent post obliterated by another forum flaming session.

Please, everyone set their anger aside, step outside for a moment, and let the heat die down. We can all continue this in a civil discussion without insults and blindsideness. For the sake of the parent...

---

Agreed but you started it and others jumped on the bandwagon how would you feel if catch told people to ignore the advice you gave them ? and he has more than likely set up more servers workstations lans wans than you have pooh you seem to have more knowledge for a win enviroment which is a good thing because if your in the industry windows is all people know and you can land a cushy job but catch replies with indepth answers to both windows UNIX and linux questions and to tell people to ignore IMO an advanced answer is arrogant did the original poster say how much knowledge of computer systems he has ?

Quote:

---

. Yes, an advanced user should be securing their services, ports, and internal/external OS security settings. This is part one of the security process, but it does not stop there

---

Agreed

Quote:

---

As a newbie to security, or as step two for an advanced network security admin, it would be to place a firewall. Why? Sure the system is secured. Sure the services are controlled, and sure the ports are locked. But: A. Trojans and rootkits CAN happen, and will get right beyond a system that does not have packet filter (aka firewall)

---

As i said earlier in this post if there is a trojan infection and you were targeted your firewall would probably be killed when executing it and since it would more than likely have an AV killer binded to what you going to do then ? and they would have to have remote access to install a root kit on the box and they only come really on servers and im sure were on the topic of home users

Quote:

---

User configuration error (aka accidental exploitation) that bypasses security settings and somehow idiotically finds a way around the system. A firewall can prevent this, settings can't

---

I dont really understand what you mean by accidental exploitation. Wouldnt the firewall only block this if it was configured too ? and the user configuration error (aka accidental exploitation) as you put it wouldnt they all ready have access ?

Quote:

---

ICMP, UDP, and TCP based pings done by an attack will show the network to be online. The only way to not allow those kinds of pings is packet filtering, and that means using a firewall

---

So does the http requests you send out if you use p2p msn they all show you as on-line and if you were getting targeted wouldnt they allready know you were on-line ? and if the net services are shut down what diffrence does it make if you respond to ping requests ? as i said earlier if your going to get flooded (DoS'ed) your going to get DoS'ed

Quote:

---

So while having a firewall is not 100% needed, there are far too many circumstances and percentile chances in which we can not afford to risk. You first secure the system to your highest degree, and then provide a firewall. As MsMittens taught me, it is simply an extra layer of security beyond what you already know how to secure, lest something unexpected and unpredictable come across... that way at least you have something filtering and controlling packets.

---

a badly configured firewall is as good as none at all so telling your average joe to install a firewall is like asking a janitor to be a rocket scientist

Quote:

---

Originally posted here by !mitationRust
You know it's sad that the only person who actually requested a form on (in theory)secure OS's (TOS) Trusted Operating Systems. Comes in, makes a educated post and is given a rash of sh*t by "security intell people" . It's just ashame, you know catch could of said shut the F**K UP and look at my credentials, I've worked on DARPA http://www.darpa.mil/ ect......(again SHUT THE F**K UP).

---

Which only furthers my point regarding his relative experience "out in the wilds" as it were. We've seen time and again what government standards have garnered in terms of real security: Various web defacements, reported break-ins to various government departments supposedly adhering to DARPA's security guidelines.

Quote:

---

Do you know anyone else who will not post opinions but facts and supply you with reading material PDF's and what not. Which I find very usefull in my studies, hell I have even presented them in class. .......In the end it all boils down to credibility in my mind especially on this site two people come to mind catch & the Horse.

---

Then what's the problem with catch coming up with a half-decent bibliography in his posts as a reference?

Quote:

---

Originally posted here by Negative
Never knew it was that hard to answer a simple question...

---

Point made, but it could have been abbreviated. Your post will do little but further derail this thread from its topic.

Quote:

---

Originally posted here by prodikal
I aint even going to bother to the read the rest of this ****ing thread why the **** is every one ganging up on catch he gave his opinion on what he would do if the advice wasnt user friendly thats not his fault hes telling people what he knows you can tell from his posts hes an advanced computer user and security consultant and we need more people like him here to keep topics interesting instead of whats the best <add topic from firewall to linux here>

---

Yes, and you seem to be arguing that he doesn't give good advice to home users too. How is that giving him a break?

Quote:

---

If people would shut down un-needed services there would be no need for a firewall

---

In your opinion, and apparently catch's. Security organisations like SANS appear to disagree with you.

Quote:

---

So let me get this straight you're asked to set up a fortune 500 server

---

This is irrelevant to the topic of this thread.

Quote:

---

Originally posted here by lumpyporridge
Forgive me if this has been mentioned already (i just skimmed the personal attacks and masturbation) but i believe that catchs first point is very valid. The witty worm proved this to thousands, did it not? For a standalone box with no services i don't bother with a firewall, its a waste of time and resources, for my home network with services running and my brothers windows box i do. (egress filtering just saved me alot of malware hassle just recently) It all comes down to situation/person/technical knowhow

---

No desktop operating systems since Win95 have had 0 services by default. Win 3.11 had to be configured to allow it, but many OEMs did this in its default configuration, meaning a lot of those desktops had services enabled by default.

Quote:

---

Originally posted here by prodikal
I think thats ignorant telling some one to ignore others advice hes simply offering his opinion to the discussion

---

So if someone asked in which gear it is best to drive their 4-speed manual on the highway was, and I said second, you wouldn't question my 'advice' or 'opinion'?

Quote:

---

and whats the chances of some one targetting you as a home user to DoS the **** out of you and DDoS is distributed denial of service which is diffrent from a UDP flood

---

Only in that one is a subtype of the other. Here is some reading on the terminology you are throwing about with (evidently) little understanding of what it means:
Wikipedia: DoS
Wikipedia: UDP
Wikipedia: SYN

Quote:

---

Most trojans now days are built in with firewall and AV kilers

---

Cite a reference, I wasn't able to google any results that indicated 'most' trojans did this.

Quote:

---

a badly configured firewall is as good as none at all so telling your average joe to install a firewall is like asking a janitor to be a rocket scientist

---

In this case, a rocket scientist has already configured the rocket's default behaviour, and it's just up to the janitor to hit the launch button when the time comes.

Upon reflection of the points in this entire thread and fully understanding both Catch, Pooh's and the other opinions presented I'd like to present the following for comment.

Catch's POV is that if the services do not exist, (closed), then a firewall is unneeded. I would agree entirely. Pooh and others, including myself, however take the stance that, while Catch may be absolutely or at least in some part correct the use of a firewall is justified under certain circumstances. The crux of the argument against Catch has been that you can't expect Joe Public who just spent his Xmas bonus on his new 'puter to have the faintest idea what a service is let alone what might be able to be done with it. Couple that with the fact that the most used OS in the world comes with services open the argument for the firewall on Joe Public's home computer, (the original question), seems stronger. Catch, and a growing group it seems respond with "close the ports".

While thinking about this thread I remembered this thread. Going back to reread it it has occurred to me that the "close the ports" stance isn't exactly as easy as it sounds even for people who are far from being Joe Public.

I think that a perfectly reasonable conclusion to this "discussion" could be written as follows:-

With regard to the question "Is it worth it to install a firewall on a home PC" there is no correct answer. Rather, it should be left in the hands of the user themself who, based upon their knowledge of their system and their confidence in their ability, should make the decision that best suits their own comfort level. Clearly, adding another, potentially flawed, process to computer does, at minimum, utilize resources that may be better used elsewhere. Potentially it may prove to be the source of the compromise in the future and it most certainly may lead to a false sense of security on the part of the home user. The other side of that coin is that if the home user does not have the tools, (knowledge), to determine what services may be running on their computer or how to properly close them all down to leave the computer in a secure state _or_ if they do not wish to invest the time and effort in doing so then the installation of a simple firewall may mitigate the underlying issues of improperly configured services/open ports at the cost of potentially reduced security and clearly reduced system resources. There will always be those users who are not even aware of the threat and those users should be encouraged to install a simple firewall with the knowledge that you may be placing them in a less secure stance but that in the overall environment they are in the firewall will, for a time at least, mitigate the underlying issue - the user. For the rest, understanding that the more complex you make the system the less reliable, efficient and secure it is going to be balanced against the comfort level of the individual with regard to their knowlwdge, ability and self confidence the decision should be left to them.

Unreasonable? Innaccurate? Irresponsible? Comments...........

Tiger Shark: I like that conclusion. Everyone wins!... kinda.

Now.. I have to find myself a pub with a WAP that will help me learn to write like that.
So professional...

Uh oh... I've been dragged into this thread...
/me dives for cover

I still haven't dont anything about that thread tiger posted, but I haven't recieved those warnings either. Didn't feel like closing something that sounded so "important"...

I would drop the $50.00 and go with a Firewall/Router. In this case you can always make use of it if you come across another computer.

Quote:

---

Originally posted here by CT2600
I would drop the $50.00 and go with a Firewall/Router. In this case you can always make use of it if you come across another computer.

---

Bunch of "experts" argueing back and forth, and the newbies they bash are the ones who give the best answer. ;)