Originally posted by MrRiplEy[H]
IThe fact is that without a personal firewall you have and will not have any control whatsoever about what goes in or out your computer. You could have 10 trojans running without knowing, despite firewalling or virusshielding.
The problem is when the firewall coexists on the same machine as the infection you cannot be 100% sure. There are always new ways to beat the firewalls coming out. Personal Firewalls are not new technology and yet they still fail to properly protect.
I could have 10 trojans running but I would know because:
- my antivirus software prevents software from executing from within common places spyware pop up from (ie temp directories)
- my antivirus software prevents outbound communications on common spyware reporting vectors (eg port 25, irc etc)
- my antispyware would report them on its regular scans (and prevent execution on a signature basis)
- my edge (gateway) firewall prevents inbound spyware (and virus's) via either HTTP, FTP, or Email protocols
- my edge (gateway) firewall looks for outbound spyware traffic, blocks and reports it
- my edge (gateway) firewall looks for outbound proxy or http tunneling trafic, blocks and reports it
- my edge (gateway) firewall sends me weekly report summaries internet usage. Anything that slipped through the above would be picked up as anomolous traffic by either protocol or destination