Router firewall vs Software firewall

With the router firewall enabled, do I still need a software firewall ie Zonealarm and if so, any suggestions on improvements to Zonealarm?
Running a wireless LAN by the way.

Thanks.

Windows Firewalls provide next to no security anyway read the frontpage article, besides most routers setup correctly will provide sufficient security, the only way to keep your windows machine completely secure is to turn it off/ unplug it from the network forever.

The inbuilt Windows XP firewall is very good and I have heard good things about zonealarm.

according to the chat on PDC++ last night, there are some severe holes, including those covered by the cover-story, in the SP2 firewall.. Zonealarm is impervious to worm attacks, afaik.

__________________
NODE ID: 194
NODE NAME: Efenthar

Kung-Foo Webdesign
<a href='http://www.kung-foo.co.nz' target='_blank'>http://www.kung-foo.co.nz</a>

Plus software firewalls are messy and waste resources.. get an external box doing dedicated security tasks IMO

An external box is a pain in the arse to config and monitor. I can just tick a couple of boxes on my machine and voila! I don't bother to though because I do NAT on my DSL router.

An external box also won't pickup backdoors and spyware but niether will ICF. Zonealarm is good at that.

a good external box should be designed to be set and forget, anyone with a linux/bsd based firewall appliance can attest to that Mine takes 15-20 minutes to install and configure, and I only have to remote into it on occasion to check up on it. The average amount of time spent remotely accessing is about 3 minutes a fortnight, just to check the logs for attack patterns and make sure it's all updated..

As for backdoors - all non-requested incoming traffic is blocked, very simple
spyware - Again, properly configured an external box will deal to most spyware, and spybot can deal with the rest

And by the way, NAT isnt an entirely effective layer of security, so dont depend on it

I'm not an expert on spyware but if I programed some I'd initiate a connection from the machine I'm spying on. I'd also make the request look like a perfectly normal web request (or whatever) so that any firewall in the way would not be able to tell.

A fair amount of time has past since Telecom rolled out DSL in NZ and NAT has proven itself to be a very effect layer of security.

Broken record...

properly configured an external box will deal to most spyware, and spybot can deal with the rest

Ideally, for a Windows computer you would want an external firewall (using the term losely here, a decent Linux or *BSD box will do) and a personal firewall. Stay away from the latest version (v5) of ZoneAlarm, causes no end of problems (does things it shouldn't, even when disabled) from what I've heard. Personally, I would stay away from ZoneAlarm all together and get something better like Kerio but it's up to you.

SP2 firewall is okay but there are a few issues and more importantly in my opinion since it's Microsoft and the Windows default, regardless of whether it has more security flaws or not, they are more likely to be found and more likely to be exploited when found.

As I said, ideally for a Windows comp, you would want an external firewall and a personal firewall. However, if you have to choose between them, I would choose a personal firewall. But make sure you keep it up to date!

I find it depends who is using the computer. For less geeky family and friends I never rely on just NAT or a gateway / firewall / proxy. It always pays to install say the free copy of Zone Alarm on their PC's. Sure it chews a bit of memory but it's an excellent tool and very easy for joe six pack to use. The amount of headaches is saves is well worth it.

On my own machine I just rely on NAT and smoothwall (linux firewall / gateway) and use my jedi like geek sense.

:P

What are the issues with Windows ICF?

IF you know/like command line I would use a Linux box for the security of the system.

ELSE IF you have a family environment I would stick with Windows and its GUI.

As for the firewall software to uses, I wouldnt just stick with the SP2 udate to windows firewall. I still cant block the ICMP (ping) from my computer using SP2 but with Norton I can atleast limit which computers I will allow an echo to.

SP2 firewall does have some advantages in that the user can now allow or stop certain replys on the network. It also has a log that can be enabled to monitor network traffic on different ports(not that I use it).

As for public knowledge and teaching of the product, microsofts help files are not to detail by what I have found(unless someone has found good documentation on how to use it?).

Any way thats just my opinion.