Quote:
Originally Posted by noise
it's paranoia. i went for years and years without a virus scanner. started using one maybe a year ago because i liked its firewall and decided to just go for the whole suite (ESET). it has gone off a handful of times, but it's usually just quarantining keygens that i run in Sandboxie anyway so it's more annoying than anything...
as for my firewall, i never notice anything either. inbound stuff doesn't really get past my router, and i keep all outbound under tight control...
it's more about being aware about where you're clicking on than anything else  |
Well yea, routers function as a sort of firewall for unsolicited requests, but advanced port scanners get past that. You can even go to sites to test your vulnerabilities and (although you do have a connection to the website hosting the scanners) your open ports will be apparent regardless of whether you're behind a router or not.
If you set up your firewall to notify you of every unsolicited request, you'll be clicking alerts all day long. I'm not talking about slim firewalls either.
It's easy to set up a scanner to scan a range of IP addresses, which for most will be a WAN IP, the IP on the outside interface of their router, and upon response it's not uncommon for a script to be run by the scanner to broadcast to all IP addresses in the MAC table of the router. You see it if you have a decent firewall that notifies you of things like that.
I've worked on military PIX firewalls and witnessed loads of such seemingly innocuous flags in both the firewall and IDS server logs. Most of the time it's just running on auto-pilot and nothing comes of it, but it kinda says you're visible to the world.
In the military, our tier-1 routers were specifically for that. A firewall separated our tier-1 and tier 2 routers and everything below that firewall was completely invisible to the world outside our network.
With home routers, that's not usually the case.
The home router IS the only tier, and its mac table is accessible by the TCP/IP protocol that's delivering packets. The only block you have between your router and your computer is a firewall of your own. That makes your personal computer invisible and stealthed if it's set up correctly.
Do you really need to do all that? I'd say it's better to have protection than not, even if... like you... you've somehow never managed to get infected without user intervention. At least you know that if you aren't as careful as you should be, a real-time virus scanner is going to save your ass from yourself, and an firewall will save your ass from everybody else.