John W. Colby
jwcolby at colbyconsulting.com
Tue Dec 7 12:12:23 CST 2004
It is "good enough" in most cases. The more systems that you have the less it is "good enough". I used ZA (with NAV) for many years before I had a router and never got a worm or virus. I used a simple router (no real firewall) and got rid of ZA and never got a worm or virus. However had I gotten one I would not necessarily have known it of course since it could call home without the router complaining. I now have a router with a real firewall. By setting it up once, I handle everything for all my systems (4 desktops and 2 laptops) at one go. I do however leave Sygate personal firewall on the two laptops simply because they do travel and who knows how they will connect to the internet if they are not at my house. You must admit though that the "by name" is a marginal description of how it really works. Many programs call some windows service which actually tries to access the net. Now the message reads "SomeWindowsFile.sys is trying to access the web...", not particularly useful especially for the uneducated neophyte. John W. Colby www.ColbyConsulting.com Contribute your unused CPU cycles to a good cause: http://folding.stanford.edu/ -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Mitsules, Mark Sent: Tuesday, December 07, 2004 12:39 PM To: 'Discussion of Hardware and Software issues' Subject: RE: [dba-Tech] Software Firewalls John, Drew, et. al., Of course you're right regarding a hardware firewall. I guess my point was...with the software variant, I don't have to worry about constantly opening and closing ports, or remembering which software uses which port, or worry whether opening a port for one piece of software will inadvertently open it for another piece of software for which I did not intend...I don't even need to know what a port is. For a significant number of users, having the ability to grant software, by name, access to the LAN or the internet via a simple GUI is about as easy as it gets and is arguably "good enough". Mark -----Original Message----- From: John W. Colby [mailto:jwcolby at colbyconsulting.com] Sent: Tuesday, December 07, 2004 12:13 PM To: 'Discussion of Hardware and Software issues' Subject: RE: [dba-Tech] Software Firewalls In fact a hardware firewall usually does everything that a software firewall does, plus more. It is unusual for example for software firewalls to do stateful packet inspection. Doing so is extremely processor intensive. A good hardware firewall has a co-processor out in the router that does that stuff and offloads the workstation from doing that. IF you have a good hardware firewall, and the cheaper routers are NOT firewalls or are very limited firewalls, then you truly do not need a software firewall. I know of nothing that a software firewall does that a good hardware firewall cannot be made to do. Furthermore, the hardware firewall can be made to do it for ALL workstations at one fell swoop, vs. having to write rules and get them applied to each and every workstation's software firewall. I am NOT recommending that everyone out there get rid of their zonealarm. I am saying however that if you spend the bucks on a good router with a good hardware firewall built into it, and you set it up correctly, then you can safely get rid of Zonealarm (or whatever you use). John W. Colby www.ColbyConsulting.com Contribute your unused CPU cycles to a good cause: http://folding.stanford.edu/ -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Mitsules, Mark Sent: Tuesday, December 07, 2004 12:03 PM To: 'Discussion of Hardware and Software issues' Subject: RE: [dba-Tech] Software Firewalls Arthur, I concur with Bobby. Regardless of Drew's feelings on the subject, or for that matter Bryan's situation, I believe a software firewall like ZoneAlarm DOES serve its purpose very well. Using ZoneAlarm, NOTHING can access the internet or conversely allow connections FROM the internet unless you SPECIFICALLY grant it that right. Different strokes and all that...ymmv. Mark -----Original Message----- From: Bobby Heid [mailto:bheid at appdevgrp.com] Sent: Monday, December 06, 2004 3:59 PM To: 'Discussion of Hardware and Software issues' Subject: RE: [dba-Tech] Software Firewalls No, a software firewall can help with apps "phoning home". I run both. Bobby -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Arthur Fuller Sent: Monday, December 06, 2004 3:50 PM To: Discussion of Hardware and Software issues Subject: Re: [dba-Tech] Software Firewalls Stupid question of the month (perhaps)... Given that I have a LinkSys router, is any additional software firewall redundant? Arthur > > -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.289 / Virus Database: 265.4.6 - Release Date: 12/5/2004 _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com