one firewall better than two

Discussion in 'Windows Vista General Discussion' started by species8350, Dec 7, 2008.

  1. species8350

    species8350 Guest

    Hi,

    Evidently, one firewall is better thatn two, I realise that they
    compete, but I don't understand why this should be a problem.

    Evidently, the same principle applies to anti-virus programmes.

    Can anyone explain these facts to me?

    Thanks
     
    species8350, Dec 7, 2008
    #1
    1. Advertisements

  2. The primary problem is that in both instances these types of programs
    intercept input/output at a very low level - in most cases by inserting
    themselves into the actual routines that send data into and out of the
    system - and having two of them competing to say "STOP! That's a possible
    threat!" can cause system instability at the very least or freeze-ups and
    reboots at worst.

    You can have multiple antivirus programs as long as only one of them is
    "active" in real-time scanning and all others are set for on-demand use.
    But since firewall software doesn't offer this type of operating mode it is
    never wise to have two software firewalls running.

    If you don't trust your current firewall software, either replace it or
    supplement it with a router that has hardware firewall protection.
     
    Richard G. Harper [MVP], Dec 7, 2008
    #2
    1. Advertisements

  3. species8350

    Rick Rogers Guest

    No, two is not better than one. When programs compete for resources and file
    access, the user is the loser.

    If two firewalls are installed and actively monitoring network activity,
    there will be (not may be) conflicts. Resources will be needlessly occupied
    and detract from other functions.

    Same principle applies to multiple av programs as well with one difference:
    Two can be installed but only one should be resident and actively scanning.
    The other can be used as an on-demand scanner to confirm what the first
    finds or misses. Having two doing resident scanning is asking for trouble.
     
    Rick Rogers, Dec 7, 2008
    #3
  4. There can be only one! If you have more than one firewall
    they try to chop each other's heads off so they can steal their life
    essence. That's especially true if you run Scottish firewalls.
     
    the wharf rat, Dec 7, 2008
    #4
  5. Look, software firewalls generally suck. They're resource intensive,
    hard to configure, and easy to subvert. Your main line of defense
    shjould be a dedicated hardware firewall and the software firewalling should
    be limited to simple packet filters.

    My 2 cents...

    Just don't try to run Scottish firewalls. They have this thing
    about swords and head-chopping.
     
    the wharf rat, Dec 7, 2008
    #5
  6. species8350

    +Bob+ Guest

    Use a software firewall to protect against outbound access (unapproved
    programs calling out FROM your system).
    Exactly - Use a hardware firewall (your router) to block inbound
    access TO your network.

    Worth 4 cents (2 for each firewall)
    And they fight naked - definitely not for computers that kids use.
     
    +Bob+, Dec 8, 2008
    #6
  7. It doesn't, though... All the malware people need to do is
    use an known port... Oh, those PC things that say "XXX.exe is trying
    to dial out!!!"? The problem there is the same as with UAC: people
    don't bother to examine the messgae and just click ok...

    I can't stand zone alarm or any of that crap.
     
    the wharf rat, Dec 8, 2008
    #7
  8. species8350

    Poutnik Guest

    >, not_here.5.species8350
    @xoxy.net says...>
    Conecting ropes,
    one good knot properly created is always better,
    than 2 either bad ones, either created incorrectly.

    It applies to both FW/AV product and FW/AV configuration qualities.

    Well, there is exception for not resident AV, running on demand only,
    working as confirmation only.
     
    Poutnik, Dec 8, 2008
    #8
  9. species8350

    Poutnik Guest

    Yes, using 2 FWs is like wearing two pairs of shoes. :)
     
    Poutnik, Dec 8, 2008
    #9
  10. species8350

    species8350 Guest

    Thanks to all for responding

    Best wishes

    S
     
    species8350, Dec 8, 2008
    #10
  11. species8350

    Ollis Guest

    If a machine is running two host based software FW(s) on the machine, a
    condition can happened called double firewalled, meaning that inbound packets
    may not reach the machine, becuase one FW is allowing the packets to pass
    through the FW while the other FW is blocking the passage of the same inbound
    packets through the FW.
     
    Ollis, Dec 8, 2008
    #11
  12. species8350

    Bill Yanaire Guest

    Think of it as trying to install "Girlfriend 2.0" over "Wife 1.0". Your
    will lose all your cache and you will have headaches until you uninstall
    Wife 1.0!
     
    Bill Yanaire, Dec 8, 2008
    #12
  13. species8350

    Bill Yanaire Guest

    You probably installed Sheep-Fucker 2.0 and it crashed when you were running
    Masturbator 1.0.
     
    Bill Yanaire, Dec 9, 2008
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.