JorgeA

Wired Routers for Win98

62 posts in this topic

For those that religiously run a software firewall on their win-98 system(s) - not your dual-boot system(s) - your WINDOWS 98 system(s) - when was the last time, or how often did your firewall ever alert you to unauthorized out-bound activity that was ultimately traced back to a malicious process or program running on your system (ie - a virus, trojan or worm) ?

Except for systems I have set up for malware testing, I haven't had any type of infection on any OS in over 6 years. My PCs are all default-deny secured. Unless I specifically allow it, they are almost impossible to infect. On the 98 test unit, the firewall has alerted me to outbound traffic initiated by malware on 3 or 4 occasions. Each time it was missed by the AVs. The last time this happened was about a year ago. IMO, how often it happens is not the issue. If it happened even once, the firewall has earned its keep.

Memory management and system resources (heaps) are two areas where win-9x performs poorly compared to NT.

I'm sorry, but any background process that's running on my win-98 system(s) better have a dam good excuse for existing and it better perform an extremely useful and necessary function if it's always going to be running. Software firewalls simply don't quality. Period.

We're just not going to agree on this one. On any OS I use, the first thing I install is the firewall, then the rest of the security package. Except for test setups, all my Windows systems get the same security package, Kerio 2.1.5, SSM, and Proxomitron. I consider a security package necessary and have been using this one for the last 5 years. Security apps don't have to be heavy resource and memory loads. On mine, the combined package is using half of what the browser is with 2 open tabs on this forum. If you want to run your OS on the assumption that there's nothing left on the web to infect it, that's your choice. I won't take that risk, especially when there's no cost or performance loss for protecting it other than the initial setup time. Even though 98 itself isn't directly targeted anymore, the software running on it is, the browser, the media player, the PDF software, flash player, office software. Malicious code doesn't have to compromise the OS itself to be dangerous or costly.

Most of 98's resource problems come from apps that don't use them properly or have memory leaks. Internet Explorer is one of the worst for draining a system. If you choose apps that manage their system usage well, 98 will run stable for a long time without rebooting, even with several background apps. 98 might not manage resources and memory as well as an NT system, but you make it sound like it's outright fragile. Once I stopped running an AV and got rid of Internet Explorer, my usable time on 98 between reboots went from hours to days. The improvements developed on this forum have improved that even more. If 98 is too unstable to run a few background apps, there'd be no point in using it, let alone improving it. But as long as the user makes efficient use of memory and resources one of the primary considerations when choosing software, 98 will run pretty much whatever you want it to.

0

Share this post


Link to post
Share on other sites

Except for systems I have set up for malware testing, I haven't had any type of infection on any OS in over 6 years.

So you have some systems that you use specifically for malware testing. Most people don't do malware testing. Right off the bat, you've just described a special case where running a firewall is a tool that you use as part of this malware testing.

My PCs are all default-deny secured.

Not sure how you do that in Win-98. Do you go to Control Panel, select Security, then click on the "Default Deny" radio button?

On the 98 test unit, the firewall has alerted me to outbound traffic initiated by malware on 3 or 4 occasions. Each time it was missed by the AVs. The last time this happened was about a year ago. IMO, how often it happens is not the issue. If it happened even once, the firewall has earned its keep.

You're specifically subjecting PC's to malware, then you're pointing out how necessary the firewall is because it blocked the activity of the malware (and then only a paltry 3 or 4 times). I'm sorry - that does not constitute anything resembling a valid general use-case situation. If you have to force-feed malware to a win-98 system just to prove that your firewall saved the system, I think that's a pretty lame reason to run a firewall.

Even though 98 itself isn't directly targeted anymore, the software running on it is, the browser, the media player, the PDF software, flash player, office software. Malicious code doesn't have to compromise the OS itself to be dangerous or costly.

I test every malware POC that I can find on my win-98 system, and have yet to find any that work as advertized. I don't buy your argument that PDF and Flash vulnerabilities function properly on win-98 systems. I've even tried live PDF malware on Acrobat 6. They do absolutely nothing but cause Acrobat to throw up an error message.

0

Share this post


Link to post
Share on other sites
I'm still surprised to learn that I've had a (kind of a) router all along.

You can skip that 'kind of'. A router is a router.

Would there be any purpose in changing the default setting as seen on page 70 of the Westell's manual, or is it better to leave it alone despite the fact that it says that is "No security"?

When you only do some surfing it's hardly useful to have a hardware firewall. As soon as you start exposing some services (by portforwarding) to the internet a portscan detector could be useful, but I don't know if it's provided. I found that manual for you, but I didn't want to register to be able to download it. So I don't know which functionality the firewall has.

I never bothered to configure the firewall in my router. I just trust my exposed services to be bullet-proof.

0

Share this post


Link to post
Share on other sites

I never bothered to configure the firewall in my router. I just trust my exposed services to be bullet-proof.

Please explain what sort of "fire-walling" a router can do above and beyond dropping unsolicited in-bound packets when it's running in NAT mode.

If a router is performing NAT on it's lan side, what extra do you get when you turn on it's security or it's "firewall" features? (I'm specifically talking about these consumer-grade, ISP-provided combo modem-routers).

When you only do some surfing it's hardly useful to have a hardware firewall.

Are you equating a hardware firewall with a NAT-router?

In-bound firewalling never has anything to do with surfing. If your PC is turned on, and has a live internet connection, those are the criteria for using or needing an in-bound firewall.

0

Share this post


Link to post
Share on other sites
Please explain what sort of "fire-walling" a router can do above and beyond dropping unsolicited in-bound packets when it's running in NAT mode.

If a router is performing NAT on it's lan side, what extra do you get when you turn on it's security or it's "firewall" features?  (I'm specifically talking about these consumer-grade, ISP-provided combo modem-routers).

Because the NAT router already blocks all incoming traffic by nature, the purpose of a firewall on a NAT router is limited. The following options could be implemented:

- Detect a portscan and close all open ports temporary

- Block outgoing traffic to certain ip-addresses/URL's

- Block ingoing traffic to open ports from certain ip-addresses

- Deep packet inspection to filter active-X components and stuff like that

- ...

Edited by Mijzelf
0

Share this post


Link to post
Share on other sites

Because the NAT router already blocks all incoming traffic by nature, the purpose of a firewall on a NAT router is limited. The following options could be implemented:

- Detect a portscan and close all open ports temporary

- Block outgoing traffic to certain ip-addresses/URL's

- Block ingoing traffic to open ports from certain ip-addresses

- Deep packet inspection to filter active-X components and stuff like that

- ...

If a router is performing NAT on it's lan side, what extra do you get when you turn on it's security or it's "firewall" features? (I'm specifically talking about these consumer-grade, ISP-provided combo modem-routers).

I'll ask the question again. Does this particular modem, or any consumer-grade, ISP-provided modem/router, perform any of the above-listed functions?

The default mode (I'm sure) for the typical ISP-supplied modem is (a) NAT = turned on and (b) no ports are forwarded. To me, that is equivalent to in-bound firewalling. Even if these devices can detect a port-scan in real time, what good would that do? How would it alter it's operation if it's already blocking all unsolicited inbound ports? The typical user isin't going to open any ports anyways. And how many of these consumer devices perform DPI?

0

Share this post


Link to post
Share on other sites
Does this particular modem, or any consumer-grade, ISP-provided modem/router, perform any of the above-listed functions?

Can't say anything about this particular box, as I haven't seen the manual and/or specs. And yes, I have had a ISP provided modem/router which supported (some of) these functions. That was a Copperjet 801 when I remember well. (BTW, it had a single UTP port, and the box was configured in bridge mode).

Even if these devices can detect a port-scan in real time, what good would that do?

Well, let's say I have forwarded some port, and the firewall detects a portscan, and closes all ports for a few minutes. Your service is unreachable for the same amount of time, but the scriptkiddie on the other site has not found your open port.

The default mode (I'm sure) for the typical ISP-supplied modem is (a) NAT = turned on and (B) no ports are forwarded. To me, that is equivalent to in-bound firewalling. The typical user isin't going to open any ports anyways.

When your typical user doesn't open any ports, he probably won't notice the extra firewall functionality. But I think lots of people *do* open ports. It is needed for many games and for torrents. Googling on 'port forwarding problems' gives 2,290,000 hits.

0

Share this post


Link to post
Share on other sites
I'm still surprised to learn that I've had a (kind of a) router all along.

You can skip that 'kind of'. A router is a router.

Would there be any purpose in changing the default setting as seen on page 70 of the Westell's manual, or is it better to leave it alone despite the fact that it says that is "No security"?

When you only do some surfing it's hardly useful to have a hardware firewall. As soon as you start exposing some services (by portforwarding) to the internet a portscan detector could be useful, but I don't know if it's provided. I found that manual for you, but I didn't want to register to be able to download it. So I don't know which functionality the firewall has.

I never bothered to configure the firewall in my router. I just trust my exposed services to be bullet-proof.

Mijzelf,

I have uploaded a screenshot of that page 70 so that you can see the various possible settings. I tried to upload the top half of page 71, where the choices are explained, but that put me over the capacity limit, so here they are:

General Firewall Settings

Maximum Security (High)

High security level only allows basic Internet functionality. Only Mail, News, Web, FTP, and IPSEC are allowed. All other traffic is prohibited.

Typical Security (Medium)

Like High security, Medium security only allows basic Internet functionality by default. However, Medium security allows customization through NAT configuration so that you can enable the traffic that you want to pass.

Minimum Security (Low)

Low security setting will allow all traffic except for known attacks. With Low security, your ProLine is visible to other computers on the Internet.

No Security (None)

No Security (None) is ProLine’s factory default security setting.

Firewall is disabled. (All traffic is passed)

Custom Security (Custom)

Custom is a security option that allows you to edit the firewall configuration directly. Note: Only the most advanced users should try this.

O.K., so given what we know that the default "No Security" setting will do (that is, my PCs are already almost completely invisible), under what conditions would it be useful/necessary to change to a different setting?

Second question. Let me see if I got this right. Your exposed services can be bullet-proof even in the default setting, thanks to the level of protection that the router gives in that setting?

--JorgeA

Westell p70 Shot 2.pdf

Westell p70 Shot 1.pdf

0

Share this post


Link to post
Share on other sites

 This firewall seems pretty useless to me. High and Medium will block all outbound traffic, except the most basic services. You can surf the internet as long as the webpages are on default (http,https) ports, but for instance streaming video won't work.

Minimum is the same as No, except that is protects against 'known attacks', whatever that may be.

The only possibly useful option is Custom, depending on how configurable it is, but seeing the rest of the "firewall", I'm not very hopeful.

Second question. Let me see if I got this right. Your exposed services can be bullet-proof even in the default setting, thanks to the level of protection that the router gives in that setting?

Wrong. The services are bullet-proof because they are not vulnerable to attacks. Even if a hacker knows which services I run on which ports (which is partly not difficult to find, a simple portscan will show I'm running a webserver, the other services are using non-default ports), he can't do anything with it. 

For the weaker services I trust my router not to expose them, because I didn't forward any ports to them.

0

Share this post


Link to post
Share on other sites
Second question. Let me see if I got this right. Your exposed services can be bullet-proof even in the default setting, thanks to the level of protection that the router gives in that setting?

Wrong. The services are bullet-proof because they are not vulnerable to attacks. Even if a hacker knows which services I run on which ports (which is partly not difficult to find, a simple portscan will show I'm running a webserver, the other services are using non-default ports), he can't do anything with it. 

For the weaker services I trust my router not to expose them, because I didn't forward any ports to them.

Mijzelf,

O.K., I see an opportunity to learn here.

Help me to understand. You wrote that your ports are not vulnerable to attack even if a hacker knows which services you're running on which ports. What function/application would it be, then, that is protecting your services, and wouldn't that be called the "firewall"? Maybe there is a distinction between the protection that a "router" offers, vs. the protection given by a "hardware firewall" -- am I getting closer to the mark?

Finally, and to go back to the question that started this thread -- in your view, and knowing everything we've discovered about this Westell 6100F, would I need another device in order to adequately protect the various PCs (including or especially the Win98 systems), or is the 6100F enough? And if another device is needed, would that be instead of the Westell, or in addition to it? Remember that I don't intend to network the various PCs to each other, necessarily.

Thanks again for sharing your knowledge.

--JorgeA

0

Share this post


Link to post
Share on other sites
You're specifically subjecting PC's to malware, then you're pointing out how necessary the firewall is because it blocked the activity of the malware (and then only a paltry 3 or 4 times). I'm sorry - that does not constitute anything resembling a valid general use-case situation. If you have to force-feed malware to a win-98 system just to prove that your firewall saved the system, I think that's a pretty lame reason to run a firewall.

Twisting what I said into this is lame. If you had bothered to read it, you'll see I said the last time was about a year ago.

Not sure how you do that in Win-98. Do you go to Control Panel, select Security, then click on the "Default Deny" radio button?

Use the forum search. That's been addressed in several threads.

I see no point in continuing this "discussion". You've made your choice and I've made mine.

0

Share this post


Link to post
Share on other sites

Help me to understand. You wrote that your ports are not vulnerable to attack even if a hacker knows which services you're running on which ports. What function/application would it be, then, that is protecting your services, and wouldn't that be called the "firewall"?

No, that is called a carefully written service. For instance I'm running lighttpd (a webserver). Literally thousands of people have been examining the sourcecode, and the last known vulnerabilities have been fixed in 2007. So I dare to expose that server to the internet.

Btw, a firewall won't add any security. You can compare a router with a telephone exchange. An open port is then an extension number. Without extension numbers it's impossible to call a particular phone behind the exchange. But all phones can call out.

When a port is open a peddler could call and try to sell the service (your daughter) an ipod. Maybe it's not a good idea to open that port.

A firewall could be a telephonist, which decides whether or not to connect in incoming call to your daughter. A peddler will never reach your daughter, but her friends can call freely.

On the other hand, when a friend turns out to be a peddler, you'll have a drain in your bank account. In that case you'll need a 'deep packet inspecting firewall', ie a telephonist which listens to the conversation, and pulls the plug when something goes wrong. When your daughter is called by her Chinese friend, the 'deep packet inspecting firewall' won't work because it doesn't understand Chinese.

Because there are many languages a firewall can't do much to protect a weak service when a connection is already made. It can only listen to the conversation (which costs *lots* of CPU power) and hope it will recognize it when the conversation becomes evil. (And hope it's not a false positive).

So you should only forward calls to a bullet-proof service. Your mother-in-law. No way anybody could sell an ipod to her.

Finally, and to go back to the question that started this thread -- in your view, and knowing everything we've discovered about this Westell 6100F, would I need another device in order to adequately protect the various PCs (including or especially the Win98 systems), or is the 6100F enough?

Your Westell is fine. Summarizing:

- All NAT routers have the same inbound protection, which is strong.

- A firewall in a consumer router can give hardly any protection.

So another router would not add any safety. It could only give you more options to arrange your network, but seeing your questions I don't think your are waiting for more options.

Remember that I don't intend to network the various PCs to each other, necessarily.

You already have a network, in which the router is hardly involved. The router only assigns IP addresses to all PC's, and after that all traffic between the PC's is handled by the switch.

0

Share this post


Link to post
Share on other sites

Mijzelf,

Your reply illustrates the reason why I decided to help to pay for this forum. In fact (except for the heat that was generated for a couple of days) this whole thread has been highly instructive, and for it I thank you and everyone else who's pitched in. You really made things clear with the analogy to a telephone exchange in the house. LOL

Over the years, I've participated in many forums of all sorts. The level of helpfulness and interest shown to a non-expert on this forum is unrivaled in my experience. :thumbup

--JorgeA

0

Share this post


Link to post
Share on other sites

The hosts file doesn't help much with protecting your system. It's not possible for them to keep up with malicious sites.

It's not necessarily malicious sites that are a security problem: http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html

----------

June 8, 2010

An incredibly large number of sites have been hacked in the last day with a malware script pointing to (...). Not only small sites, but some big ones got hit as well. What do all these sites have in common? They are all hosted on IIS servers and using ASP.net. It looks like SQL injection attacks against third party ad management scripts.

----------

Blocking Ad-Servers and click-trackers with a hosts file does more than just make the browsing experience more enjoyable. Increasingly it also functions to protect PC's from unnecessary exposure to potentially malicious code.

0

Share this post


Link to post
Share on other sites
Blocking Ad-Servers and click-trackers with a hosts file does more than just make the browsing experience more enjoyable. Increasingly it also functions to protect PC's from unnecessary exposure to potentially malicious code.

Quite true. And the best independent HOSTS file for this use is findable here.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.