Security without an firewall?

[CeeCee]

It would be nice to know, how secure the system really is on OS level, without an 3rd-party (or Windows build-in) firewall. Of course it would be easy to test with online security tests, BUT i don't like the idea to shut down the firewall, while connected to "big bad" internet.

 

Can Windows be safe (from incoming attacks), if it's just (fully) patched and securily "tweaked"? Basicly, why to update Windows, if you run an decent firewall...? Of course it's good to update, but i mean basicly...

[Andavari]

I think you can close a bunch of ports on your own, or through some software. The furthest I've ever went is using WWDC and manually disabling NetBIOS because doing so with WWDC killed my connection each time and it literally took forever to figure out after a fresh install of Windows that it was WWDC that caused my connection problem (partially user inflicted, and partially improper full documentation of changes).

 

Rather a firewall is needed or not in that instance of manually closing/disabling ports I really don't know because I've never personally tried it. I'd think some other software would need to be ran to insure the ports are closed though. If I'm remembering correctly I could have sworn I stumbled upon some open source port closing software on SourceForge.net, but I don't remember if it was for Linux or Windows.

 

In the long run if you don't want to run software-based firewalls it's probably far better to just run a hardware firewall.

[Pfipps]

In the other security forums it really doesn't come down to whether to use a firewall or not, but is a "closed" port any worse than a "stealthed" port.

Some security experts at Wilders and some guy working for AVIRA thinks that "stealth" is just a marketing gimmick started by people like "security evangelist" Steve Gibson.

 

However, I know that if there are any flaws in the TCP/IP stack, a stealth would block scans trying to take advantage of it...so I am essentially confused and err on the side of at least turning on the Windows firewall...which is really all you need if you are very careful about what you download. But a good antivirus/antispyware I think is still needed for the average user. I also think those HIPS like threatfire are good too. Classical HIPS are just too damn hard, that you end up clicking everything anyway.