JorgeA

Wired Routers for Win98

62 posts in this topic

Would you say that there's generally just too much focus on (or trust in) software firewalls?

There are a lot of die-hard win-98 users that are still running ie6, have never tried another browser, who access the internet on dial-up, and who are paranoid about security and are getting ulcers over the end of fire-wall and antivirus support for win-98. No matter how many times you tell them that win-98 is not and never has been vulnerable to any network worm, they just don't listen or understand. And those of them on broadband, with their computer behind a NAT-router, have zero to worry about.

Firewalls were useful back during the early days of commercial and residential broad-band (1998 - 2002) and back then Windows NT, 2K and XP-SP0 desperately needed to have a firewall app running on it. Lots of those machines became infected with stuff that turned them into someone's private file server (usually hidden in the recycler directory).

NT-based OS's are simply not designed well enough to be trusted to sit even on a local lan without having their own in-bound firewall. Windows 9x/me, either by dumb luck or good design, is simply far less vulnerable to network intrusion and remote control. But the popular press and technology writers have always focused way more on the NT-based os's, so when they write about Windows needing a firewall, they mean NT, 2K, XP, etc.

I've never had a case where the Norton firewall alerted me to an unknown program trying to go out on the 'Net. But there have been times where it's told me that it blocked an outside attempt to invade my Win98 PC. However, that was when the PC was on dial-up. I don't remember it happening again since I got DSL.

Any attempt to "invade" your PC would not have worked - even without your firewall if you're running win-98. Those attempts are still happening, but are being blocked by your modem now.

Let me make sure I have this right. So I can actually set up a LAN behind this Westell device, enabling file sharing and the like, while dispensing with the various PCs' individual software firewalls, and they will still have as much protection from intruders as before?

Your windows-98 systems will not and do not need to be running firewall software. Period.

Your NT-based PC's can infect each-other on the local lan (they won't be able to infect your win-98 systems - unless you share the c:\windows directory on your win-98 machines).

Your NT-based PC's will not be directly infected by any sort of worm or packet-based intrusion from the internet, but if they get infected due to you downloading and running an infected file, clicking on an viral e-mail attachment, or triggering a browser-based exploit while web surfing, then the resulting infection could spread to your other NT-based machines unless they are running their own local in-bound firewall.

Your local lan is protected / hidden from the internet as far as file-sharing goes, and even more so if you bind your file-sharing to the NetBEUI protocal instead of TCP/IP.

0

Share this post


Link to post
Share on other sites

Some DSL and cable modems are actually combo devices, combining a router and modem in the same enclosure. But your DSL modem appears to be only a simple DSL modem, designed for use only with Verizon (see http://www.westell.com/liteline-proline-model-6100/f90-610015-06-2.html ). Google "F90-610015-06" for lots of other information on this modem.

Apparently, your dsl modem configuration can be viewed, but not adjusted, using Internet Explorer or other browser (for a "how to" see http://text.broadbandreports.com/forum/r20957298-Linksys-WRT54G-Westell-F9061001506-Success . Note that the Linksys router's default WEB address (http://192.168.1.1/) is the same as your Westell DSL modem's WEB address and will have to be changed prior to use. Similarly, other routers may also use http://192.168.1.1/ as their default WEB addresses, and thus their WEB addresses also would have to be changed).

I currently use an old Linksys router, which I purchased used for less than $10, then modernized or updated the firmware from the Linksys website. Linksys routers are well documented and supported on the Linksys website and easily configurable (e.g. pings and port 113 were disabled by opening the router configuration menus in my browser and checking the appropriate checkbox). But other leading brand browsers may also do the job. Also, the router does not have to be the newest or high-speed (1000 mb}, unless all other devices on the network are high-speed.

The GRC Shields Up "Ping Test" is important because, although your firewall may or may not block "all unsolicited in-bound packets", the better security is to remain invisible on the Internet to all unsolicited and potentially malicious probes. If your computer responds to an unsolicited probe with a ping, the prober now knows you're there and your IP address.

Some software firewalls use more resources than other software firewalls, so resource use may have to be considered on older computers. But, for example, I've used Sygate firewall software on an old 286 Mhz computer, with no observable degradation in performance. And, if you're running a peer-to-peer or home network, the software firewall can be configured to allow certain traffic on the home network (such as printer or file sharing), while restricting traffic, on the same physical network, to/from the Internet. Also, software firewalls are important to prevent unwanted outgoing traffic from your computer, particularly from newly installed software, whose initial behavior after installation may or may not be welcome (such as, calling home or opening up a WEB page after installation, or attempting to update the software to a newer version, or downloading and installing additional software). Some software attempt to open a WEB page in Internet Explorer, even though IE is not my default browser. A software firewall can block IE from being used by such software.

0

Share this post


Link to post
Share on other sites

Some DSL and cable modems are actually combo devices, combining a router and modem in the same enclosure. But your DSL modem appears to be only a simple DSL modem, designed for use only with Verizon (see http://www.westell.com/liteline-proline-model-6100/f90-610015-06-2.html ). Google "F90-610015-06" for lots of other information on this modem.

If his modem is a Proline 6100, as described by the PDF I posted earlier, then it does NAT by default, unless you put it into a bridge mode.

Having only one RJ-45 ethernet jack for the LAN connection does not necessarily mean the device does not perform internal NAT. (Naturally, any modem that has more than one LAN jack must also be a NAT router).

The GRC Shields Up "Ping Test" is important because, although your firewall may or may not block "all unsolicited in-bound packets", the better security is to remain invisible on the Internet to all unsolicited and potentially malicious probes. If your computer responds to an unsolicited probe with a ping, the prober now knows you're there and your IP address.

It's no big deal if your modem responds to pings or not. Any automated port-scanner that's operating on your IP is just as likely to simply try all the usual ports (netbios, etc) and not waste time with a two-stage port scan.

Some software firewalls use more resources than other software firewalls, so resource use may have to be considered on older computers. But, for example, I've used Sygate firewall software on an old 286 Mhz computer, with no observable degradation in performance. And, if you're running a peer-to-peer or home network, the software firewall can be configured to allow certain traffic on the home network (such as printer or file sharing), while restricting traffic, on the same physical network, to/from the Internet.

The decision to use a software firewall should be based first and foremost on the absolute necessity that it will perform a useful function - not necessarily the resources it will use. Experience tells us that Windows 98 is not a vulnerable OS when it comes to unsolicited in-bound packets. Putting any PC behind a NAT-router automatically negates the need in the vast majority of situations to also run a firewall on the PC regardless what OS it's running.

Configuring firewall rules is usually a painful process, completely worthless in my opinion. There are better ways to establish rules or restrictions on resource use on a local lan.

Also, software firewalls are important to prevent unwanted outgoing traffic from your computer, particularly from newly installed software, whose initial behavior after installation may or may not be welcome (such as, calling home or opening up a WEB page after installation, or attempting to update the software to a newer version, or downloading and installing additional software). Some software attempt to open a WEB page in Internet Explorer, even though IE is not my default browser. A software firewall can block IE from being used by such software.

As I predicted, firewall advocates ultimately fall back to the idea that firewalls are useful (perhaps more useful) for control vs security. Usually there is little to be gained by exerting this control, in the long run, vs the time wasted and the performance hit just by having it.

If I don't want a newly-installed app to phone home, then I'll unplug my ethernet cable before I run it for the first time. How's that for an out-bound firewall?

0

Share this post


Link to post
Share on other sites

rilef,

Thanks for jumping in.

I sense a flame war erupting here, or maybe my question has rekindled an old argument. Hopefully what I report below will help to stop things from getting to that point.

Prompted by your post, I went into my Westell's configuration. Had to set a new password and all. I'm too new at the networking game to dare to actually change any settings in there, but it sure does look like I can change them. I even clicked a few settings on and off, but left everything unchanged in the end. (I didn't hit the "Apply" button.) Every button that I tried seemed to respond as one would expect. Maybe this will help to settle the question of whether this box is a simple modem, or a router (maybe a modem with extra features? or a combo device as you think might be possible).

If you go to page 70 of the 6100's guide, you'll find a screenshot of the general firewall settings. It matches exactly the screen that I got when I clicked on the Westell menu to access the firewall settings. I was surprised to see that the default (and current) value is "No Security," because all of my PC's did well on the Gibson tests (except for the ping test). Could that be the computers' software firewalls in action?

Thanks again!

--JorgeA

0

Share this post


Link to post
Share on other sites

wsxedcrfv,

See my reply to rilef.

It looks like the Westell 6100F that I have may be in fact some kind of combo device, as I can go into the settings and (apparently) change them, including firewall and port rules. (Please excuse my noobness if I'm getting the terminology wrong.)

Check out page 70 of the PDF to the manual. The general firewall settings menu is just like the one I saw when I went into my box's configuration application. Now, you'll see that the default setting is "No Security." Yet, as I said before, my PC's did pretty well on the Gibson tests. Two questions: Could that be thanks to the software firewalls -- and, if I were to uninstall them, then which of those security settings would I choose to emulate the level of protection that the current firewalls are providing?

On the other hand, since the software firewalls are already in place, one could say that there's very little additional time and effort involved in keeping them running. So isn't it possible that the question boils down to whether you want to dedicate resources on a Win98 machine to a firewall?

One last thing (for now, anyway). I assume that none of this affects the wisdom of running antivirus/antimalware applications, as opposed to a firewall?

I appreciate all the information you've been passing along -- thank you!

--JorgeA

0

Share this post


Link to post
Share on other sites

If you go to page 70 of the 6100's guide, you'll find a screenshot of the general firewall settings. It matches exactly the screen that I got when I clicked on the Westell menu to access the firewall settings. I was surprised to see that the default (and current) value is "No Security," because all of my PC's did well on the Gibson tests (except for the ping test). Could that be the computers' software firewalls in action?

No, it's the nature of a NAT router. An open port is a port where some service is running, on which can be connected. The router doesn't run any services on the outside, so all ports are closed. And because it costs less CPU power to ignore the 'knocking on the door' than yelling 'nobody home', the closed ports are stealth too.

When you want an open port, you'll have to forward it manually in the router's setup (or use uPnP, but that's another story), to point to a service which is running on one of your computers.

Because the NAT router already blocks all incoming traffic by nature, the purpose of a firewall on a NAT router is limited. The following options could be implemented:

- Detect a portscan and close all open ports temporary

- Block outgoing traffic to certain ip-addresses/URL's

- Block ingoing traffic to open ports from certain ip-addresses

- Deep packet inspection to filter active-X components and stuff like that

- ...

On the other hand, since the software firewalls are already in place, one could say that there's very little additional time and effort involved in keeping them running. So isn't it possible that the question boils down to whether you want to dedicate resources on a Win98 machine to a firewall?

A good firewall hardly uses any resources (as long as it doesn't do deep packet inspections) compared to antivirus software, and can provide you a lot of information about which processes are talking to whom. So it can be useful to keep a software firewall running.

One last thing (for now, anyway). I assume that none of this affects the wisdom of running antivirus/antimalware applications, as opposed to a firewall?

Indeed. It are unrelated areas.

Edited by Mijzelf
0

Share this post


Link to post
Share on other sites

Check out page 70 of the PDF to the manual. The general firewall settings menu is just like the one I saw when I went into my box's configuration application. Now, you'll see that the default setting is "No Security." Yet, as I said before, my PC's did pretty well on the Gibson tests. Two questions: Could that be thanks to the software firewalls -- and, if I were to uninstall them, then which of those security settings would I choose to emulate the level of protection that the current firewalls are providing?

The Security settings on the modem (as described on page 70) really makes no sense. For example, the default: "No Security (None) is ProLine’s factory default security setting. Firewall is disabled. (All traffic is passed)"

That doesn't make sense. If all traffic is passed, then where exactly will it pass unsolicited inbound traffic to? To which local LAN ip will it pass any unsolicited packets? Without configuring any port-forwarding rules, I don't see how it can pass any unsolicited inbound packets at all. If someone else has an explanation for the security settings on this modem, please explain.

On the other hand, since the software firewalls are already in place, one could say that there's very little additional time and effort involved in keeping them running. So isn't it possible that the question boils down to whether you want to dedicate resources on a Win98 machine to a firewall?

If you had a direct connection to the internet (which you would have had on dial-up) then it's your call as to whether or not you run a firewall on a win-98 system. But once you're behind a NAT-router, the use of a software firewall on a win-98 system is a complete waste of system resources if your usage is purely for security. If your intent is for program control (ie - to prevent certain apps from "calling home") or you frequently test new programs for undesirable out-bound transmission behavior, then the use of a software firewall in that instance is useful to you. If it were me, I would simply modify the program's settings so it does not "call home" instead of using a firewall.

I ran a small network of about a dozen win-98 machines (and a few NT and win-2K machines) from mid-2000 to the end of 2005 (about 5.5 years straight) and all machines had their own direct internet IP address (no NAT router). That was arguably the most vulnerable period in the life span of windows 98 to have a machine directly exposed to the internet. The win-98 systems experienced no intrusion. We had a few instances of our NT and 2K machines becoming infected with something - but I don't know if it was the result of not having a firewall on those systems, or because of user-facilitated activity (web surfing, e-mail, etc).

One last thing (for now, anyway). I assume that none of this affects the wisdom of running antivirus/antimalware applications, as opposed to a firewall?

I believe that Anti-virus apps are far less useful today, on win-98 systems, then they were say during 2002 - 2006.

Since 2006, many viral / trojan threats are polymorphic and AV software has a very poor record of detecting them during the first week or month of their existance. We get a lot of spam on certain e-mail addresses (about 50 - 75 spams per day) and usually get 1 to 2 spams per day that contain a viral attachment. I submit those viral files to virustotal.com and they are scanned by 40 AV apps (all the major AV programs plus lots you've never heard of). The detection rate is usually about 5%. If I scan the same file a month later, the detection rate will be 50 - 75%.

So you've got the following to consider:

1) Relatively poor initial AV detection rates for new malware

2) Most or all new exploits are written for NT-based OS's and simply don't function on win-98

3) Many exploits can successfully deactivate your AV software just like they can deactivate your firewall (assuming the exploits even run on a win-98 system in the first place)

Combine all three, and you come to the conclusion that running an AV app on a win-98 system has only marginal benefit.

If you want to secure your machine against malware, do the following:

1) obtain and use a hosts file. Look at MVPS.org.

2) perform Spybot SD browser innoculation.

3) uninstall ALL versions of JAVA JRE and either (a) don't run the java JRE or (b) only keep the most recent version installed on your system (see below for more instructions about Java)

4) disable .PDF file handling by your broswer. Set your browser's pdf file handling option to "save as file" instead of "launch with adobe acrobat".

5) consider replacing adobe acrobat with another pdf viewing program. Regardless of which pdf program you use, disable it's java script option.

6) run a real-time registry monitoring program. Spybot's TeaTimer option, for example.

7) put a NAT-router between your PC and your cable or DSL modem (or turn on your modem's NAT functionality). If the IP address of your PC begins with 192.168.x.x then you already have a NAT-router somewhere in your network.

8) consider running a browser-protection program called NoScript. It might make your web-surfing a bit of a pain, but it will provide a moderate amount of protection against rogue scripts found in web content.

9) obtain and run some registry files or hand-alter some of your registry keys to absolutely disable the "auto-run" feature on all drives and removable media.

10) disable all unnecessary services running on your system (if you're running XP or Vista). Disable the IPC$ network share and all administrative shares while you're at it.

11) if your modem or router has uPnP function, disable it. Consider disabling the uPnP service if it's running on your machine.

------

Windows 98 came with an old version of java that can be (or should be) uninstalled. Do this first before you install any newer version from Sun (now known as Oracle):

To get rid of the version of java that came with Windows 98, do this:

- Click Start, Run and enter this:

- RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall

You may (or will) see a message saying "If this component is uninstalled, Microsoft Internet Explorer will not be able to download files from the World Wide Web. Do you want to uninstall the Microsoft VM?"

- Click Yes to confirm the uninstall, and restart your system when it's complete.

- Delete the following folders if they are still present:

c:\windows\java

c:\windows\inf\java.pnf

c:\windows\system32\jview.exe

c:\windows\system32\wjview.exe

- Click Start, Run and enter regedit to start the Registry Editor. Browse to the following keys, highlight and delete them:

HKEY_LOCAL_MACHINE\Software\Microsoft\Java VM

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet_Explorer\AdvancedOptions\JAVA_VM

- Now go to your Add/Remove programs and look for any instance of "Java Runtime" or "J2SE Runtime" and uninstall them. All of them - except if one of them is version 5.0 Update 22 (keep that one if you have it).

- If you've deleted all Java Runtime versions, and if you don't have version 5 Update 22, then download and install that version using this link:

http://cds-esd.sun.com/ESD6/JSCDL/jdk/1.5.0_22/jre-1_5_0_22-windows-i586-p.exe?AuthParam=1275837419_be8c60bd1872b14e000d9c3a30d1e8b8&TicketId=nod0BFsST39wnusplEOcWJyccA%3D%3D&GroupName=CDS&FilePath=/ESD6/JSCDL/jdk/1.5.0_22/jre-1_5_0_22-windows-i586-p.exe&File=jre-1_5_0_22-windows-i586-p.exe

0

Share this post


Link to post
Share on other sites

Hardware and software firewalls serve different but overlapping purposes. Hardware firewalls block inbound from the entire network behind them. They block or allow traffic on a per PC basis. Being separate from the PC, they're not vulnerable to infections of that PC (as long as UPnP is disabled). But as a result of being separate, hardware firewalls are not application aware. They can't tell if it's your browser or a trojan that's connecting out.

Software firewalls control traffic in and out of individual PCs. On networks with more than one PC behind a router or hardware firewall, a software firewall can prevent one compromised PC from infecting another on the same network. Software firewalls are application aware and can block or restrict traffic from one application while allowing another to connect out freely. That makes a software firewall useful as a parental or employee control tool. Kerio 2 for instance lets you makes time sensitive rules, such as blocking the browsers access after 11:00PM while allowing updaters to work normally. I've done that for a few clients. Now their kids won't talk to me! That same software firewall stopped their P2P program from working. An installed software firewall gives you flexibility not possible with hardware firewalls.

As I predicted, firewall advocates ultimately fall back to the idea that firewalls are useful (perhaps more useful) for control vs security.

I have to disagree with that statement. Control and security are directly connected. A secure system is one you control. A compromised system is one someone else controls. That's the goal of most malware, to take partial or full control of your system. A software firewall controls the communication channel the malware would have to use. Only a small percentage of PCs are compromised by unsolicited inbound traffic. Most are compromised by the users, willingly or otherwise. It doesn't matter how good or careful you are. Unless you have 100% control over all who use that PC, friends, family, kids, and can guarantee that all of them will use the same level of care, things will happen.

Other factors also need to be considered.


  1. AV support is all but done for 9X systems. We no longer have a semi-reliable way to detect malicious code in real time, not that they were very good at it to begin with. The conventional approach to security is not available to 9X users any more. This gives us 2 choices, default-deny, or trusting that 9X usn't popular enough to be targeted. IMO, the 2nd is not an option. It's trusting in blind luck.
  2. Kernel EX is making it possible to run more "modern" software on 9X systems. It's also likely that it is also making it possible for more malicious code to work as well. By making 9X more functional, we may be making it more vulnerable. This is uncharted territory for 9X that needs to be explored, or at the very least, to remain aware of the possibility.
  3. Legitimate sites get hacked and serve up malware. Financial institutions, facebook ads, etc. You don't have to go looking for it. The internet is much more dangerous than it ever has been before. Even the DNS system has proven to be vulnerable. There's no guarantee that where you want to go is where you'll end up. IMO, all of the web has to be treated as untrusted and potentially hostile. The common sense approach of "don't visit dangerous sites" isn't sufficient.
  4. The "enemy" has changed. It's not script kiddies any more. It's professional coders and thieves. Their agendas have changed. Instead of recognition or glory, it's profit and control. In todays political climate, it can even be your own government or authorities or those of another nation. It's not just your data or your desktop they want anymore. Often it's your PC to be used as a pawn in someone elses war.
  5. 98 itself might not be directly targeted as much as it used to be, but the applications running on it are, starting with PDFs and flash. If I remember correctly, Flash was used as the vector to target routers from the PC. Yes, it was fixed, but will you bet on it being a one time occurrence? Malware isn't strictly for 9X systems or NT systems. Much of it works on both. It's no different than any other user applications. I've got malware obtained from members here and elsewhere that behaves very much like a rootkit on a 9X system. It's one thing to claim that todays malware is written for NT systems. Who is even checking how much of it works on 9X, or with Kernel EX? Is anyone looking at all? IMO, that's an unverified assumption.

I'll never understand why some dismiss apps or a system "calling home" as a problem. Most trojans do this. Would you allow people you barely know to use you phone whenever they want to without asking you? How is this different, especially when you consider the personal info the app calling home has access to and the fact that you don't know what it's sending?

Resource usage is not an issue with a good software firewall. Even my old HP with a 366mhz Celeron experienced no slowdown with Kerio 2.1.5 and SSM. Yes, the combined security suites were resource hogs, but they were never designed for 9X systems to begin with. 9X compatibility was an afterthought. NIS for instance added over 90 seconds to the boot time of my old HP and reduced it's usable time to half of what it was without it. AVs are the real resource hogs, not firewalls.

Configuring firewall rules is usually a painful process, completely worthless in my opinion.

Can't agree. There is something of a learning curve involved but that same knowledge gained will also help with configuring hardware firewalls, setting up home networks, etc. Once the basics are learned, it's not that hard. We're working with an unsupported OS, which means we have to provide our own support. To one degree or another, all of it is a bit of a pain, whether it's fixing compatibility issues or testing newly found vulnerabilities. Learning the basics of the internet we want to use these 9X systems on should be part of that process. With firewall rules, when they're done, it's over. Unless you change your system, they don't change. Until recently, we've always had 2 options, pay someone to take care of our systems and security (system and AV updates) or do it ourselves. We now have one choice if we want to use 9X. If this place has proven anything, it's that we can make 9X better and safer than MS or any AV vendor ever has.

I agree with many of the suggestions, but not necessarily with the way they're implemented. Getting rid of the old software is important. I'd add IE6 to that list if your setup allows it. It's always been the biggest weakness in 9X. Instead of NoScript, I'd use Proxomitron which works with all browsers and is much more powerful (and has a much steeper learning curve). I suggest a security policy based on default-deny and enforced with the system policy editor or SSM, free version. For registry protection, no need for real time protection. A batch file running at bootup can give you a clean, optimized registry at each reboot. The link in my signature explains how to write your own.

The hosts file doesn't help much with protecting your system. It's not possible for them to keep up with malicious sites. They change way too fast. It is useful as a junk remover, such as the common ad sites, a lot of Google garbage, etc. It can also be useful for its intended purpose, a real address book for sites you need to be sure of, instead of relying on a potentially vulnerable DNS system.

0

Share this post


Link to post
Share on other sites

As noted, the Westell 6100F does not come with any firewall settings turned on. I am using this modem as well. I currently have it configured in Bridge Mode (like the old DSL Modems) and it is connected to a wireless router. No DHCP enabled (but WPA2) on either side, using static IPs and DNS Servers.

If you switch it to bridge mode, the light pattern will be different. You won't see an orange light anymore if you lose the network connection. Also, you will need to configure your router (or PC) to connect with the PPPoE settings in the modem. If you lose these you can get the numbers from support.

Basically what they did was make it so the modem could start the PPPoE handshake on its own instead of relying on a single computer to do it.

As far as OS requirements on networking hardware, with exception to IPv6 or other OS dependent technologies, the requirements are bound to two things only:

1. The software that comes with the product

2. The OSes that the technical support department will help you with.

0

Share this post


Link to post
Share on other sites

As noted, the Westell 6100F does not come with any firewall settings turned on. I am using this modem as well. I currently have it configured in Bridge Mode.

Please explain how that modem, when used in it's default configuration, will not be acting or performing as a NAT-router, and as such will be blocking all unsolicited in-bound packets, and therefore will be operating as a 100% effective in-bound firewall.

0

Share this post


Link to post
Share on other sites

Software firewalls control traffic in and out of individual PCs.

Let me ask this simple question:

For those that religiously run a software firewall on their win-98 system(s) - not your dual-boot system(s) - your WINDOWS 98 system(s) - when was the last time, or how often did your firewall ever alert you to unauthorized out-bound activity that was ultimately traced back to a malicious process or program running on your system (ie - a virus, trojan or worm) ?

Don't tell me about some legit app that you installed and found later that it tried to phone-home.

Tell me about how your software firewall blocked a communications attempt by a trojan, virus or worm on your Windows 98 system.

0

Share this post


Link to post
Share on other sites

Resource usage is not an issue with a good software firewall.

Memory management and system resources (heaps) are two areas where win-9x performs poorly compared to NT.

I'm sorry, but any background process that's running on my win-98 system(s) better have a dam good excuse for existing and it better perform an extremely useful and necessary function if it's always going to be running. Software firewalls simply don't quality. Period.

When it comes to Windows 98, the time for running a software firewall has come and gone, replaced by NAT and also made moot by the disappearance in general of threats that are operable on win-9x.

0

Share this post


Link to post
Share on other sites

As noted, the Westell 6100F does not come with any firewall settings turned on. I am using this modem as well. I currently have it configured in Bridge Mode.

Please explain how that modem, when used in it's default configuration, will not be acting or performing as a NAT-router, and as such will be blocking all unsolicited in-bound packets, and therefore will be operating as a 100% effective in-bound firewall.

It depends on how the ISP configured it. Different ISPs or regions may configure the settings differently based on what kind of system it is going to be used on. Since mine is not in the default modes, I cannot say what all the settings were. I did know that the firewall was not turned on. These things are just 1 port routers, or mine only has 1 private side port. They did have DHCP enabled on it, however.

0

Share this post


Link to post
Share on other sites

Mijzelf,

Thanks for all the information, I appreciate it. I'm still surprised to learn that I've had a (kind of a) router all along. This whole discussion has saved me the effort of researching a router purchase, and the expense of making it.

Would there be any purpose in changing the default setting as seen on page 70 of the Westell's manual, or is it better to leave it alone despite the fact that it says that is "No security"?

--JorgeA

0

Share this post


Link to post
Share on other sites

wsxedcrfv,

Thanks very much for the detailed recommendations and procedure for replacing Java Runtime. I'll start implementing them. From this thread it looks like I'm already doing #7. I guess that #10 wouldn't apply to the Win98 machines (I haven't gotten into multibooting).

I've had Spybot on the Win98 tower for several years. The first thread I started on this forum had to do with Spybot crashing on that PC every time I did a manual scan. I still keep it for the two purposes you indicate, but may switch to SuperAntiSpyware because -- speaking of resource hogs -- Spybot is a really big one.

--JorgeA

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.