Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

Wired Routers for Win98

- - - - -

  • Please log in to reply
61 replies to this topic

#26
Guest_wsxedcrfv_*

Guest_wsxedcrfv_*
  • Guests
  • Joined --

Software firewalls control traffic in and out of individual PCs.

Let me ask this simple question:

For those that religiously run a software firewall on their win-98 system(s) - not your dual-boot system(s) - your WINDOWS 98 system(s) - when was the last time, or how often did your firewall ever alert you to unauthorized out-bound activity that was ultimately traced back to a malicious process or program running on your system (ie - a virus, trojan or worm) ?

Don't tell me about some legit app that you installed and found later that it tried to phone-home.

Tell me about how your software firewall blocked a communications attempt by a trojan, virus or worm on your Windows 98 system.


How to remove advertisement from MSFN

#27
Guest_wsxedcrfv_*

Guest_wsxedcrfv_*
  • Guests
  • Joined --

Resource usage is not an issue with a good software firewall.

Memory management and system resources (heaps) are two areas where win-9x performs poorly compared to NT.

I'm sorry, but any background process that's running on my win-98 system(s) better have a dam good excuse for existing and it better perform an extremely useful and necessary function if it's always going to be running. Software firewalls simply don't quality. Period.

When it comes to Windows 98, the time for running a software firewall has come and gone, replaced by NAT and also made moot by the disappearance in general of threats that are operable on win-9x.

#28
Tripredacus

Tripredacus

    K-Mart-ian Legend

  • Super Moderator
  • 9,902 posts
  • Joined 28-April 06
  • OS:Server 2012
  • Country: Country Flag

Donator


As noted, the Westell 6100F does not come with any firewall settings turned on. I am using this modem as well. I currently have it configured in Bridge Mode.

Please explain how that modem, when used in it's default configuration, will not be acting or performing as a NAT-router, and as such will be blocking all unsolicited in-bound packets, and therefore will be operating as a 100% effective in-bound firewall.


It depends on how the ISP configured it. Different ISPs or regions may configure the settings differently based on what kind of system it is going to be used on. Since mine is not in the default modes, I cannot say what all the settings were. I did know that the firewall was not turned on. These things are just 1 port routers, or mine only has 1 private side port. They did have DHCP enabled on it, however.
MSFN RULES | GimageX HTA for PE 3-5 | lol probloms
msfn2_zpsc37c7153.jpg

#29
JorgeA

JorgeA

    FORMAT B: /V /S

  • MSFN Sponsor
  • 3,215 posts
  • Joined 08-April 10
  • OS:Vista Home Premium x64
  • Country: Country Flag
Mijzelf,

Thanks for all the information, I appreciate it. I'm still surprised to learn that I've had a (kind of a) router all along. This whole discussion has saved me the effort of researching a router purchase, and the expense of making it.

Would there be any purpose in changing the default setting as seen on page 70 of the Westell's manual, or is it better to leave it alone despite the fact that it says that is "No security"?

--JorgeA

#30
JorgeA

JorgeA

    FORMAT B: /V /S

  • MSFN Sponsor
  • 3,215 posts
  • Joined 08-April 10
  • OS:Vista Home Premium x64
  • Country: Country Flag
wsxedcrfv,

Thanks very much for the detailed recommendations and procedure for replacing Java Runtime. I'll start implementing them. From this thread it looks like I'm already doing #7. I guess that #10 wouldn't apply to the Win98 machines (I haven't gotten into multibooting).

I've had Spybot on the Win98 tower for several years. The first thread I started on this forum had to do with Spybot crashing on that PC every time I did a manual scan. I still keep it for the two purposes you indicate, but may switch to SuperAntiSpyware because -- speaking of resource hogs -- Spybot is a really big one.

--JorgeA

#31
herbalist

herbalist

    paranoid independent

  • Member
  • PipPipPipPipPip
  • 729 posts
  • Joined 15-December 06
  • OS:98
  • Country: Country Flag

For those that religiously run a software firewall on their win-98 system(s) - not your dual-boot system(s) - your WINDOWS 98 system(s) - when was the last time, or how often did your firewall ever alert you to unauthorized out-bound activity that was ultimately traced back to a malicious process or program running on your system (ie - a virus, trojan or worm) ?

Except for systems I have set up for malware testing, I haven't had any type of infection on any OS in over 6 years. My PCs are all default-deny secured. Unless I specifically allow it, they are almost impossible to infect. On the 98 test unit, the firewall has alerted me to outbound traffic initiated by malware on 3 or 4 occasions. Each time it was missed by the AVs. The last time this happened was about a year ago. IMO, how often it happens is not the issue. If it happened even once, the firewall has earned its keep.

Memory management and system resources (heaps) are two areas where win-9x performs poorly compared to NT.
I'm sorry, but any background process that's running on my win-98 system(s) better have a dam good excuse for existing and it better perform an extremely useful and necessary function if it's always going to be running. Software firewalls simply don't quality. Period.

We're just not going to agree on this one. On any OS I use, the first thing I install is the firewall, then the rest of the security package. Except for test setups, all my Windows systems get the same security package, Kerio 2.1.5, SSM, and Proxomitron. I consider a security package necessary and have been using this one for the last 5 years. Security apps don't have to be heavy resource and memory loads. On mine, the combined package is using half of what the browser is with 2 open tabs on this forum. If you want to run your OS on the assumption that there's nothing left on the web to infect it, that's your choice. I won't take that risk, especially when there's no cost or performance loss for protecting it other than the initial setup time. Even though 98 itself isn't directly targeted anymore, the software running on it is, the browser, the media player, the PDF software, flash player, office software. Malicious code doesn't have to compromise the OS itself to be dangerous or costly.

Most of 98's resource problems come from apps that don't use them properly or have memory leaks. Internet Explorer is one of the worst for draining a system. If you choose apps that manage their system usage well, 98 will run stable for a long time without rebooting, even with several background apps. 98 might not manage resources and memory as well as an NT system, but you make it sound like it's outright fragile. Once I stopped running an AV and got rid of Internet Explorer, my usable time on 98 between reboots went from hours to days. The improvements developed on this forum have improved that even more. If 98 is too unstable to run a few background apps, there'd be no point in using it, let alone improving it. But as long as the user makes efficient use of memory and resources one of the primary considerations when choosing software, 98 will run pretty much whatever you want it to.

#32
Guest_wsxedcrfv_*

Guest_wsxedcrfv_*
  • Guests
  • Joined --

Except for systems I have set up for malware testing, I haven't had any type of infection on any OS in over 6 years.

So you have some systems that you use specifically for malware testing. Most people don't do malware testing. Right off the bat, you've just described a special case where running a firewall is a tool that you use as part of this malware testing.

My PCs are all default-deny secured.

Not sure how you do that in Win-98. Do you go to Control Panel, select Security, then click on the "Default Deny" radio button?

On the 98 test unit, the firewall has alerted me to outbound traffic initiated by malware on 3 or 4 occasions. Each time it was missed by the AVs. The last time this happened was about a year ago. IMO, how often it happens is not the issue. If it happened even once, the firewall has earned its keep.

You're specifically subjecting PC's to malware, then you're pointing out how necessary the firewall is because it blocked the activity of the malware (and then only a paltry 3 or 4 times). I'm sorry - that does not constitute anything resembling a valid general use-case situation. If you have to force-feed malware to a win-98 system just to prove that your firewall saved the system, I think that's a pretty lame reason to run a firewall.

Even though 98 itself isn't directly targeted anymore, the software running on it is, the browser, the media player, the PDF software, flash player, office software. Malicious code doesn't have to compromise the OS itself to be dangerous or costly.

I test every malware POC that I can find on my win-98 system, and have yet to find any that work as advertized. I don't buy your argument that PDF and Flash vulnerabilities function properly on win-98 systems. I've even tried live PDF malware on Acrobat 6. They do absolutely nothing but cause Acrobat to throw up an error message.

#33
Mijzelf

Mijzelf

    Advanced Member

  • Member
  • PipPipPip
  • 462 posts
  • Joined 11-April 07

I'm still surprised to learn that I've had a (kind of a) router all along.

You can skip that 'kind of'. A router is a router.

Would there be any purpose in changing the default setting as seen on page 70 of the Westell's manual, or is it better to leave it alone despite the fact that it says that is "No security"?

When you only do some surfing it's hardly useful to have a hardware firewall. As soon as you start exposing some services (by portforwarding) to the internet a portscan detector could be useful, but I don't know if it's provided. I found that manual for you, but I didn't want to register to be able to download it. So I don't know which functionality the firewall has.

I never bothered to configure the firewall in my router. I just trust my exposed services to be bullet-proof.

#34
Guest_wsxedcrfv_*

Guest_wsxedcrfv_*
  • Guests
  • Joined --

I never bothered to configure the firewall in my router. I just trust my exposed services to be bullet-proof.

Please explain what sort of "fire-walling" a router can do above and beyond dropping unsolicited in-bound packets when it's running in NAT mode.

If a router is performing NAT on it's lan side, what extra do you get when you turn on it's security or it's "firewall" features? (I'm specifically talking about these consumer-grade, ISP-provided combo modem-routers).

When you only do some surfing it's hardly useful to have a hardware firewall.

Are you equating a hardware firewall with a NAT-router?

In-bound firewalling never has anything to do with surfing. If your PC is turned on, and has a live internet connection, those are the criteria for using or needing an in-bound firewall.

#35
Mijzelf

Mijzelf

    Advanced Member

  • Member
  • PipPipPip
  • 462 posts
  • Joined 11-April 07

Please explain what sort of "fire-walling" a router can do above and beyond dropping unsolicited in-bound packets when it's running in NAT mode.

If a router is performing NAT on it's lan side, what extra do you get when you turn on it's security or it's "firewall" features?  (I'm specifically talking about these consumer-grade, ISP-provided combo modem-routers).



Because the NAT router already blocks all incoming traffic by nature, the purpose of a firewall on a NAT router is limited. The following options could be implemented:
- Detect a portscan and close all open ports temporary
- Block outgoing traffic to certain ip-addresses/URL's
- Block ingoing traffic to open ports from certain ip-addresses
- Deep packet inspection to filter active-X components and stuff like that
- ...


Edited by Mijzelf, 08 June 2010 - 07:50 AM.


#36
Guest_wsxedcrfv_*

Guest_wsxedcrfv_*
  • Guests
  • Joined --

Because the NAT router already blocks all incoming traffic by nature, the purpose of a firewall on a NAT router is limited. The following options could be implemented:
- Detect a portscan and close all open ports temporary
- Block outgoing traffic to certain ip-addresses/URL's
- Block ingoing traffic to open ports from certain ip-addresses
- Deep packet inspection to filter active-X components and stuff like that
- ...

If a router is performing NAT on it's lan side, what extra do you get when you turn on it's security or it's "firewall" features? (I'm specifically talking about these consumer-grade, ISP-provided combo modem-routers).

I'll ask the question again. Does this particular modem, or any consumer-grade, ISP-provided modem/router, perform any of the above-listed functions?

The default mode (I'm sure) for the typical ISP-supplied modem is (a) NAT = turned on and (b) no ports are forwarded. To me, that is equivalent to in-bound firewalling. Even if these devices can detect a port-scan in real time, what good would that do? How would it alter it's operation if it's already blocking all unsolicited inbound ports? The typical user isin't going to open any ports anyways. And how many of these consumer devices perform DPI?

#37
Mijzelf

Mijzelf

    Advanced Member

  • Member
  • PipPipPip
  • 462 posts
  • Joined 11-April 07

Does this particular modem, or any consumer-grade, ISP-provided modem/router, perform any of the above-listed functions?

Can't say anything about this particular box, as I haven't seen the manual and/or specs. And yes, I have had a ISP provided modem/router which supported (some of) these functions. That was a Copperjet 801 when I remember well. (BTW, it had a single UTP port, and the box was configured in bridge mode).

Even if these devices can detect a port-scan in real time, what good would that do?

Well, let's say I have forwarded some port, and the firewall detects a portscan, and closes all ports for a few minutes. Your service is unreachable for the same amount of time, but the scriptkiddie on the other site has not found your open port.

The default mode (I'm sure) for the typical ISP-supplied modem is (a) NAT = turned on and (B) no ports are forwarded. To me, that is equivalent to in-bound firewalling. The typical user isin't going to open any ports anyways.

When your typical user doesn't open any ports, he probably won't notice the extra firewall functionality. But I think lots of people *do* open ports. It is needed for many games and for torrents. Googling on 'port forwarding problems' gives 2,290,000 hits.

#38
JorgeA

JorgeA

    FORMAT B: /V /S

  • MSFN Sponsor
  • 3,215 posts
  • Joined 08-April 10
  • OS:Vista Home Premium x64
  • Country: Country Flag

I'm still surprised to learn that I've had a (kind of a) router all along.

You can skip that 'kind of'. A router is a router.

Would there be any purpose in changing the default setting as seen on page 70 of the Westell's manual, or is it better to leave it alone despite the fact that it says that is "No security"?

When you only do some surfing it's hardly useful to have a hardware firewall. As soon as you start exposing some services (by portforwarding) to the internet a portscan detector could be useful, but I don't know if it's provided. I found that manual for you, but I didn't want to register to be able to download it. So I don't know which functionality the firewall has.

I never bothered to configure the firewall in my router. I just trust my exposed services to be bullet-proof.

Mijzelf,

I have uploaded a screenshot of that page 70 so that you can see the various possible settings. I tried to upload the top half of page 71, where the choices are explained, but that put me over the capacity limit, so here they are:

General Firewall Settings
Maximum Security (High)

High security level only allows basic Internet functionality. Only Mail, News, Web, FTP, and IPSEC are allowed. All other traffic is prohibited.
Typical Security (Medium)
Like High security, Medium security only allows basic Internet functionality by default. However, Medium security allows customization through NAT configuration so that you can enable the traffic that you want to pass.
Minimum Security (Low)
Low security setting will allow all traffic except for known attacks. With Low security, your ProLine is visible to other computers on the Internet.
No Security (None)
No Security (None) is ProLine’s factory default security setting.
Firewall is disabled. (All traffic is passed)
Custom Security (Custom)
Custom is a security option that allows you to edit the firewall configuration directly. Note: Only the most advanced users should try this.

O.K., so given what we know that the default "No Security" setting will do (that is, my PCs are already almost completely invisible), under what conditions would it be useful/necessary to change to a different setting?

Second question. Let me see if I got this right. Your exposed services can be bullet-proof even in the default setting, thanks to the level of protection that the router gives in that setting?

--JorgeA

Attached Files



#39
Mijzelf

Mijzelf

    Advanced Member

  • Member
  • PipPipPip
  • 462 posts
  • Joined 11-April 07
 This firewall seems pretty useless to me. High and Medium will block all outbound traffic, except the most basic services. You can surf the internet as long as the webpages are on default (http,https) ports, but for instance streaming video won't work.

Minimum is the same as No, except that is protects against 'known attacks', whatever that may be.

The only possibly useful option is Custom, depending on how configurable it is, but seeing the rest of the "firewall", I'm not very hopeful.

Second question. Let me see if I got this right. Your exposed services can be bullet-proof even in the default setting, thanks to the level of protection that the router gives in that setting?


Wrong. The services are bullet-proof because they are not vulnerable to attacks. Even if a hacker knows which services I run on which ports (which is partly not difficult to find, a simple portscan will show I'm running a webserver, the other services are using non-default ports), he can't do anything with it. 

For the weaker services I trust my router not to expose them, because I didn't forward any ports to them.












#40
JorgeA

JorgeA

    FORMAT B: /V /S

  • MSFN Sponsor
  • 3,215 posts
  • Joined 08-April 10
  • OS:Vista Home Premium x64
  • Country: Country Flag

Second question. Let me see if I got this right. Your exposed services can be bullet-proof even in the default setting, thanks to the level of protection that the router gives in that setting?


Wrong. The services are bullet-proof because they are not vulnerable to attacks. Even if a hacker knows which services I run on which ports (which is partly not difficult to find, a simple portscan will show I'm running a webserver, the other services are using non-default ports), he can't do anything with it. 

For the weaker services I trust my router not to expose them, because I didn't forward any ports to them.

Mijzelf,

O.K., I see an opportunity to learn here.

Help me to understand. You wrote that your ports are not vulnerable to attack even if a hacker knows which services you're running on which ports. What function/application would it be, then, that is protecting your services, and wouldn't that be called the "firewall"? Maybe there is a distinction between the protection that a "router" offers, vs. the protection given by a "hardware firewall" -- am I getting closer to the mark?

Finally, and to go back to the question that started this thread -- in your view, and knowing everything we've discovered about this Westell 6100F, would I need another device in order to adequately protect the various PCs (including or especially the Win98 systems), or is the 6100F enough? And if another device is needed, would that be instead of the Westell, or in addition to it? Remember that I don't intend to network the various PCs to each other, necessarily.

Thanks again for sharing your knowledge.

--JorgeA

#41
herbalist

herbalist

    paranoid independent

  • Member
  • PipPipPipPipPip
  • 729 posts
  • Joined 15-December 06
  • OS:98
  • Country: Country Flag

You're specifically subjecting PC's to malware, then you're pointing out how necessary the firewall is because it blocked the activity of the malware (and then only a paltry 3 or 4 times). I'm sorry - that does not constitute anything resembling a valid general use-case situation. If you have to force-feed malware to a win-98 system just to prove that your firewall saved the system, I think that's a pretty lame reason to run a firewall.

Twisting what I said into this is lame. If you had bothered to read it, you'll see I said the last time was about a year ago.

Not sure how you do that in Win-98. Do you go to Control Panel, select Security, then click on the "Default Deny" radio button?

Use the forum search. That's been addressed in several threads.
I see no point in continuing this "discussion". You've made your choice and I've made mine.

#42
Mijzelf

Mijzelf

    Advanced Member

  • Member
  • PipPipPip
  • 462 posts
  • Joined 11-April 07

Help me to understand. You wrote that your ports are not vulnerable to attack even if a hacker knows which services you're running on which ports. What function/application would it be, then, that is protecting your services, and wouldn't that be called the "firewall"?

No, that is called a carefully written service. For instance I'm running lighttpd (a webserver). Literally thousands of people have been examining the sourcecode, and the last known vulnerabilities have been fixed in 2007. So I dare to expose that server to the internet.

Btw, a firewall won't add any security. You can compare a router with a telephone exchange. An open port is then an extension number. Without extension numbers it's impossible to call a particular phone behind the exchange. But all phones can call out.
When a port is open a peddler could call and try to sell the service (your daughter) an ipod. Maybe it's not a good idea to open that port.
A firewall could be a telephonist, which decides whether or not to connect in incoming call to your daughter. A peddler will never reach your daughter, but her friends can call freely.
On the other hand, when a friend turns out to be a peddler, you'll have a drain in your bank account. In that case you'll need a 'deep packet inspecting firewall', ie a telephonist which listens to the conversation, and pulls the plug when something goes wrong. When your daughter is called by her Chinese friend, the 'deep packet inspecting firewall' won't work because it doesn't understand Chinese.
Because there are many languages a firewall can't do much to protect a weak service when a connection is already made. It can only listen to the conversation (which costs *lots* of CPU power) and hope it will recognize it when the conversation becomes evil. (And hope it's not a false positive).

So you should only forward calls to a bullet-proof service. Your mother-in-law. No way anybody could sell an ipod to her.

Finally, and to go back to the question that started this thread -- in your view, and knowing everything we've discovered about this Westell 6100F, would I need another device in order to adequately protect the various PCs (including or especially the Win98 systems), or is the 6100F enough?

Your Westell is fine. Summarizing:
- All NAT routers have the same inbound protection, which is strong.
- A firewall in a consumer router can give hardly any protection.
So another router would not add any safety. It could only give you more options to arrange your network, but seeing your questions I don't think your are waiting for more options.

Remember that I don't intend to network the various PCs to each other, necessarily.

You already have a network, in which the router is hardly involved. The router only assigns IP addresses to all PC's, and after that all traffic between the PC's is handled by the switch.

#43
JorgeA

JorgeA

    FORMAT B: /V /S

  • MSFN Sponsor
  • 3,215 posts
  • Joined 08-April 10
  • OS:Vista Home Premium x64
  • Country: Country Flag
Mijzelf,

Your reply illustrates the reason why I decided to help to pay for this forum. In fact (except for the heat that was generated for a couple of days) this whole thread has been highly instructive, and for it I thank you and everyone else who's pitched in. You really made things clear with the analogy to a telephone exchange in the house. LOL

Over the years, I've participated in many forums of all sorts. The level of helpfulness and interest shown to a non-expert on this forum is unrivaled in my experience. :thumbup

--JorgeA

#44
Guest_wsxedcrfv_*

Guest_wsxedcrfv_*
  • Guests
  • Joined --

The hosts file doesn't help much with protecting your system. It's not possible for them to keep up with malicious sites.

It's not necessarily malicious sites that are a security problem: http://blog.sucuri.n...-robint-us.html

----------
June 8, 2010
An incredibly large number of sites have been hacked in the last day with a malware script pointing to (...). Not only small sites, but some big ones got hit as well. What do all these sites have in common? They are all hosted on IIS servers and using ASP.net. It looks like SQL injection attacks against third party ad management scripts.
----------

Blocking Ad-Servers and click-trackers with a hosts file does more than just make the browsing experience more enjoyable. Increasingly it also functions to protect PC's from unnecessary exposure to potentially malicious code.

#45
dencorso

dencorso

    Iuvat plus qui nihil obstat

  • Supervisor
  • 5,943 posts
  • Joined 07-April 07
  • OS:98SE
  • Country: Country Flag

Donator

Blocking Ad-Servers and click-trackers with a hosts file does more than just make the browsing experience more enjoyable. Increasingly it also functions to protect PC's from unnecessary exposure to potentially malicious code.


Quite true. And the best independent HOSTS file for this use is findable here.

#46
JorgeA

JorgeA

    FORMAT B: /V /S

  • MSFN Sponsor
  • 3,215 posts
  • Joined 08-April 10
  • OS:Vista Home Premium x64
  • Country: Country Flag

Blocking Ad-Servers and click-trackers with a hosts file does more than just make the browsing experience more enjoyable. Increasingly it also functions to protect PC's from unnecessary exposure to potentially malicious code.


Quite true. And the best independent HOSTS file for this use is findable here.

dencorso,

Would this be used in addition to, or instead of, the two resident functions in Spybot (Immunization & TeaTimer)?

In other words, since I no longer do manual scans with Spybot (and you know why ;) ), I'm looking for a way to replicate those two functions that doesn't involve using that resource hog.

--JorgeA

#47
dencorso

dencorso

    Iuvat plus qui nihil obstat

  • Supervisor
  • 5,943 posts
  • Joined 07-April 07
  • OS:98SE
  • Country: Country Flag

Donator

I think, JorgeA, that it would replace the HOSTS file created by SSD during Immunization.
Right now I'm not quite sure whether Immunization only creates a HOSTS file or if it does more things in addition to it.
However, I, myself, do not swap HOSTS files. I make a backup of my current one (which I know is working well), then merge the new URLs to the old file, a time-consuming task I perform using Beyond Compare, so I don't do it as often as I'd like to. :}
Then, I substitute the new one for the old one, keeping my eyes wide-open to hunt down any URL that may prevent my accessing places I trust (it's rare, but has happened in the past). As always, YMMV.

#48
JorgeA

JorgeA

    FORMAT B: /V /S

  • MSFN Sponsor
  • 3,215 posts
  • Joined 08-April 10
  • OS:Vista Home Premium x64
  • Country: Country Flag
dencorso,

It does sound like an interesting (if labor-intensive) alternative. I'll look into it further.

Muito obrigado!

--JorgeA

#49
Mijzelf

Mijzelf

    Advanced Member

  • Member
  • PipPipPip
  • 462 posts
  • Joined 11-April 07
@dencorso: Doesn't using such a giant hosts file give a serious performance hit in name resolving actions? I don't think the name resolving system on W9x is designed to cope with such a database.   

#50
lightning slinger

lightning slinger

    Member

  • Member
  • PipPip
  • 207 posts
  • Joined 18-July 06
  • OS:none specified
@Mijzelf. I have never encountered any problems with a large hosts file on 98SE. I have at present 137269 entries using Hostsman v.3.2.73 with MVPS, hphosts(all three files) and Peter Lowe's AdServers all enabled.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users