# Physical firewalls?



## Strokes (Apr 18, 2010)

Hey guys. I finally cleared some maleware from my desktop and realized I could use a second firewall. So I've heard of physical firewalls before. What are they? How do they work and how can I build/buy one? 
Thanks.


----------



## MyCattMaxx (Apr 18, 2010)

You are referring to a hardware firewall or NAT.
Most routers have NAT built into them.
Malware does not come into your computer by evading the firewall in 99% of the cases.
Malware comes in by downloaded items and sometimes just by visiting a web page. It can even come in via email.

Hope that helps.


----------



## Geoff (Apr 18, 2010)

A hardware firewall and NAT are not the same thing, NAT stands for network address translation, and basically just keeps the external IP within the modem, so people on the outside can not access your computers unless you have ports forwarded or DMZ setup.  Although it is a measure of protection, it's not that secure.


----------



## Strokes (Apr 18, 2010)

Hmmm... so I guess what I'd be interested in is a piece of hardware that would constantly scan for viruses and maleware, but wouldn't use any (k, maybe very few) of my system resources. Any suggestions?


----------



## Zatharus (Apr 18, 2010)

You can purchase standalone hardware that can sniff your network data for viruses, but they aren't cheap or consumer oriented.  Your best bet is safe browsing practices and vigilance with anti-virus and malware scans on a regular basis.  Also, make sure to back up your important files often!


----------



## Homenet (Apr 20, 2010)

Zatharus said:


> You can purchase standalone hardware that can sniff your network data for viruses, but they aren't cheap or consumer oriented.  Your best bet is safe browsing practices and vigilance with anti-virus and malware scans on a regular basis.  Also, make sure to back up your important files often!



Yep, this! The best defence against viruses and malware is to be sensible when viewing websites and opening files. Use virustotal.com for any files your suspicious of and use a secure browser (the new firefox) with a decent real time protection AV. Run a malware antibytes scan every week or so and perhaps a rootkit scanner (sophos have a good one)


----------



## The_Other_One (Apr 20, 2010)

Strokes said:


> Hmmm... so I guess what I'd be interested in is a piece of hardware that would constantly scan for viruses and maleware, but wouldn't use any (k, maybe very few) of my system resources. Any suggestions?



Nearly every malware-infested computer I've worked on since I started working at a computer shop has malware installed from some other program.  In other words, the user downloaded something infected (say a free game) and the malware loaded alongside the software.

I'd be difficult if not impossible to check everything going across the network.  Packets are "built" on the user end of the network thus whatever is doing the "sniffing" would essentially have to load whatever you're loading, check it, then send it to you.  I'm sure there are firewalls/routers that could have blacklists and such, but your average computer is more than capable of doing this without major performance implications.

Hardware firewalls will protect from unwanted activity across unused ports, but malicious attacks can still be made through commonly used ports.  They typically have no idea what the data is that's being forwarded, so your computer needs it's own protection.

My suggestion...  Keep your hardware firewall locked down, using only the ports you need.  Install a good software firewall on your computer (Windows 7 Firewall Control is a good addition to Vista/7's built in firewall).  Keep virus scanners running and up to day.  Keep all your programs (Browser and OS) up to date.  And of course, practice safe browsing habits


----------



## Geoff (Apr 20, 2010)

You really just need to be aware.  I don't run any AV software on my computer and I never get viruses.  You just need to watch what you download/install and use your head.


----------



## The_Other_One (Apr 20, 2010)

Well to be honest, I don't run any AV either   Though I have scanned a time or two using eset's online scanner.


----------



## softe (Apr 22, 2010)

you do not need an external firewall,  use software based ones such as zonealarm, ans as some of the members mentioned, malware or spyware does not come in the system via RJ but rather downloading cracked games, illegal software or via email or sometimes opening a web page that is highly infested with spyware that shoots files for you to save and open, sometimes some sites will inject auto notations via cookies.


----------

