JJ_, on 14 October 2012 - 14:51, said:
I don't understand why a lot of the so called 'experts' on Neowin seem to be fixated on advising people on using the half baked Windows 7 firewall or not having a firewall at all. By default, the WIndows 7 firewall allows all outbound traffic. You can set it to block outbound traffic but then you will have to manually create a rule for each and every application which you wish to allow access to the internet (talk about tedious). Most annoying of all is that it will not prompt you when a new program wants to establish an outgoing connection.
'Experts' of Neowin, please explain to me how your NAT gateway, your beloved MSE and half baked Windows 7 firewall at default settings will protect against unknown 0-day threats or driveby's from sending out your keystrokes or personal files to the attacker?
Where do I even begin to rebuttel this? Let me start with understanding nat and you do not. If you did you wouldn't have this argument.
Nat by default stops incoming attacks against your internal network. All routers do nat. Also many routers support other firewall attributes. Even corp firewalls do not get updates and what have you as often that these pos near useless "firewalls" do.
Your internal network is controlled by you and you allow what attaches to your network so therefore is secure against your neighbors for the most part anyway. I would be more concerned with someone breaking your wireless than someone getting into your network from the Internet.
Also, in case you didn't know, your pos router, that you have no faith in what so ever, has gotten attacked about 5000 times in the time it takes you to read this post. So even though you have absolutely no faith in it, it has done its job in protecting you better than you could have even imagined.
A software firewall is good for protecting you on unsecure networks like hotels, public hot spots, library networks, etc. But on secure networks they are nothing more than unnecessary overhead.