PlanetZ forums - scopeusers.com

The most important thing is to use a router with a secure password. This is because it contains a NAT firewall. Software firewalls are not as secure.

If you set Firefox to delete all cookies when you close it, I bet you will find that Spybot doesn't find anything. The adware and malware are cookies. Adware is a privacy issue and not dangerous but it makes you think Spybot is doing a lot more than it is when you could have simply deleted the cookies manually in your browser.

braincell wrote:The most important thing is to use a router with a secure password.

yep, this is indeed a good suggestion. more and more router manufacturers start to move away from default passwords nowadays, but still one should set a different one.

This is because it contains a NAT firewall. Software firewalls are not as secure.

this is rubbish.

1) NAT and firewalling are two completely different things. both work, nevertheless, hand in hand on your router to add extra security for the connected network behind it.
NAT does not automatically mean 1:n NAT, often referred to as PAT, which is what you probably use. there's also static NATing which is, if unprotected by filter mechanisms, as unsecure as connecting an unsecured host without a NAT gateway to the open internet.
2) all firewalls, including those nice blackboxes, are coded in software, in the end. and there are huge differences between a simple portfilter, a stateful firewall engine, and maybe application based filtering, or IDS/IPS systems.

-greetings, markus-

You are so wrong once again. Why don't you do some research before you mouth off? Do a google search. All the experts disagree with what you just said. I use both types of firewalls but if I had to pick one over the other clearly the hardware NAT firewall is more important.

braincell wrote:You are so wrong once again. Why don't you do some research before you mouth off? Do a google search. All the experts disagree with what you just said.

I'm my own expert on that matter. you, instead, seem to know almost nothing about what you typed. you just fire up google to find proofs for everything you want to prove wrong or right. that has nothing to do with knowledge.

if you can't tell the difference between a firewall and a NAT device, just don't pretend you do.

and, no, there is no such thing as a hardware firewall. it is a piece of hardware running an OS with a software firewall on top of it. it just don't look like that.

You are not fooling anyone. I never said a hardware firewall is the same thing as a software firewall. I said it is better for security. I don't know you. You have no credentials as far as I am concerned. A lot of people have done research on this matter and they always say a hardware firewall offers more security and I have not once heard anyone (with the exception of you) claim anything else. I know you will come back with some other crap trying to prove how intelligent you are. Don't bother.You are not going to sway me or anyone else who knows how to search the internet for answers.

braincell wrote:You are not fooling anyone. I never said a hardware firewall is the same thing as a software firewall. I said it is better for security.

then you may be more precise. one of the worlds most respected firewall, the checkpoint firewall-1, IS a piece of software only. you can get it as a black box (or appliance) as well as a software you install to a (limited in choice) piece of hardware you own. that doesn't make it a hardware firewall.
of course you can't compare it to your norton internet security. but without differencing the sherre statement a software firewall is more insecure than a black box is wrong. ask your experts.

it can do NAT as well, but NAT is an absolutely independend feature. NAT is not firewalling just because most home routers do PAT on their single provider assigned ip and drop everything that is not a related package to an established outgoing connection just because they are not

if you, nevertheless, define a software firewall a piece of software you run on the host you work on, while the thing you call "hardware firewall" is a different box you put between your pc and the cable modem, I'm willing to admit that I would recommend the box over the (personal) fw software, as well. I said that already.

but just because a box provides NAT it is not a firewall. and a misconfigured NAT device can still be as open as space. translating addresses is not a filtering method. only combining both mechanisms can provide additional security. and that's what your google experts will tell you as well. period.

mixing up definitions makes you no expert whatsoever.

I don't know you. You have no credentials as far as I am concerned.

I don't know you either. and as long as you don't bring up credentials you are as dumb as I am. (while I hold some industry-approved certifications on that matter, alongside some years of implementing and maintaining firewall and NAT devices for our customers).

A lot of people have done research on this matter and they always say a hardware firewall offers more security and I have not once heard anyone (with the exception of you) claim anything else.

see above. I did not claim anything wrong. but I stand with my comments that NAT and firewalling are different things. things that can go well together, but work as well separately. and sometimes you don't even want both together.

I know you will come back with some other crap trying to prove how intelligent you are.

and why would you know that? because you are the only smart person here? you're so funny...

garyb wrote:OSX is relatively free of virii because of the laws of scale. it makes less sense to write virii for OSX since there aren't as many people browsing with that platform(of course, OSX has huge back doors that can be exploited, which is required by the powers that be). there ARE unix virii, you're just not very likely to run into them......

as i understand it, the OLD mac os(OS2-9), was virtually impervious to any virus. even if someone were to infect it, it could be eliminated with a simple cut and paste from the install files. OSX is not like that, however.

its becoming more popular now, and if apple did the smart thing and sell OS/X to everyone to use on any machine now there is not future for windows, (vista = windows 7 is based on vista ) dont worry, there will be tons of virus for you.

braincell wrote:For me programs like Spybot Search and Destroy are just a waste of time because they never find anything bad on my computer.

Its great for helping freinds or relatives who insist od downloading "free smileys" "free screen savers" clicking on "virus warnings" which are actually spyware infecting popups, and so on. also the teatimer shows you when a program is changing your registry, which is often useful for stopping unneeded startup "helpers" especially from adobe reader and apple.

braincell wrote:Haute Secure uses a different method and furthermore it is much more effective at blocking bad sites than Firefox is. I know this because I use Firefox and Haute Secure. If you don't use Haute Secure, then you don't know what you are talking about.

I'm not sure if that was directed at my post but I said nothing about Haute Secure?

I've just been using CCleaner's startup section lately because it happens to be installed on my pc's. I used to dig into the reg keys so that I could disable things like QTtask that like to re-add themselves each time they run (by modifying but not removing the key) but simply unchecking or "disabling" the keys in most apps (without removing/deleting them) accomplishes the same thing these days.

Incidentally kylie is being technically correct NAT (Network Address Translation) doesn't necessarily come with any form of firewall as it only provides a mechanism to translate between internal and external ports & ips. While NAT is some protection in and of itself. the 3 common types of firewalls are packet filtering (or custom iptables), a 'SPI' (stateful packet inspection) firewall and an 'application layer' firewall (as of uPnP home routers come close to the 3rd but in a more permissive sense than the term firewall really means).

For an average user many computing terms get confused as the publishers & writers try to distill things for them, fpr instance 'hard disk' (which people would often use in referring to 3.5" floppies) and 'cpu' (people tend to refer to the case and everything in it as the 'cpu'). Those are extreme examples, but since there's many sites out there that define things like this it's small wonder discussions can become confused by nomenclature.

valis wrote:Incidentally kylie is being technically correct NAT (Network Address Translation) doesn't necessarily come with any form of firewall as it only provides a mechanism to translate between internal and external ports & ips. While NAT is some protection in and of itself.

NAT in general means NO protection of anything. when you start differencing and discover the various types of NAT you will, indeed, notice that PAT (being a special case of NAT) can act in a protective way because of its very own nature. unfortunately NAT and PAT are often confused, mainly because PAT has evolved as one of the more commonly used variants of NAT. it was not mainly introduced because of its protective nature but because of address space preservation. there was a time when ISPs handed over /24 assignments without asking further. but they became more and more restrictive with their assignments, and even encouraged you to make use of server multihoming and, of course, use of RFC1918 address space behind NAT/PAT capable routers.

the advantages and disadvantages of NAT and PAT show up clearly when you start to deal with it seriously.

the 3 common types of firewalls are packet filtering (or custom iptables), a 'SPI' (stateful packet inspection) firewall and an 'application layer' firewall (as of uPnP home routers come close to the 3rd but in a more permissive sense than the term firewall really means).

operating a firewall does, moreover, not necessarily imply the use of NAT or PAT. firewalling can occur before or after addresses are translated, depending on your policies, and the capability of your firewall implementation.
NAT and PAT can even be done on the same device. but in case you do 1:1 NAT for whole IP ranges or static NAT for single hosts you have to limit access to the public address with firewall mechanisms, otherwise the translated address is almost fully accessible from the outside as if it would have been placed beside the NAT device and not behind it. (well, there are protocols and protocol suites that do not behave the same when NATed, like IPSec, but there are approaches to work around that problems.)

but keep in mind that the "hardware firewall" device referred to in this thread will mainly do add protection from the outside world. if you don't care for protection from the inside network, a PAT device with filters wont help you. it cannot decide whether the smtp connections from your spambot trojan is a bad thing or if it's just you sending out greeting cards to half of the world.
a software controlling what application is allowed to make connections to the outside (a function various personal firewall software products provide) is, thus not a bad addition to the "hardware firewall", although I admit that it is probably of limited use, provided the malware you caught is able to disable or manipulate it. and so we're back at virus scanners...

-greetings, markus-

Again an issue of nomenclature/semantics. NAT in a typical home router also comes with net/IP masq (network masquerading) to allow a single external IP(v4) address to be used by a larger number of devices on the local network. To be sure they're again two separate things but to a home/average user they're again one in the same.

Also I understand why you're taking issue with this as it shouldn't be seen as a 'security' layer in and of itself, but masking internal ip's makes it a bit more difficult (though not impossible by any means) to find internal machines to exploit, ignoring static routes. So it does offer 'some' protection, it's just the 'some' is 'not a whole heck of a lot' in comparison to implementing a true firewall.

In any case this is bordering on pedantic so I'll end here. Feel free to continue down the rabbit hole if you must...

valis wrote:In any case this is bordering on pedantic so I'll end here. Feel free to continue down the rabbit hole if you must...

ha, not me. but some things just had to be clarified. nuff said.