Hello Colin, Forgive me, but I'm not too sure why you want to run either 2 firewalls or 2 anti-virus engines on the same machine for than matter. I think that there may be too much of a focus on the technology/paranoia and less on the cost/time of administration, doubling the number of possible application vulnerabilities and causing undue processing. Having double the precautions does not give you double the protection. I'm fairly sure that, although viruses are in the frontline, most computer problems still come from genuine bugs in code. Do you patch as often as you download updates?
2 A/V's - OK - on separate machines in a network, i.e. the SMTP mail based AV from one company, and the client & server based A/V from another - if your budget can stretch to that. Each has a chance to examining the files - so one vendor may pick up 99% of all viruses and another 99.3% (in tests according to blah blah PC mag), and they both release updates regularly, or as soon as a major virus/worm is released. But on the same machine, no, surely this would create undue overhead whilst each engine examines the files/attachments, but, yes, there is less chance of a problem as they are examining files as a single entity, and a slightly higher chance of one finding a virus that the other will miss. I would use one, from a leading vendor, and update regularly (home machine no more than once a week, in a business env, once a day). 2 Firewalls - this is different because you are dealing with a stream of TCP/IP packets that must be handled in a stream, it cannot be split and passed onto the application twice. The firewall is taking the packets off the wire from x.x.x.x location on the Internet, checking what service/application protocol they are (e.g. HTTP/FTP/SMTP/POP/TELNET), if it matches the filter/policy, will then pass that onto the respective 'allowed' application. On outgoing requests, the TCP port and application will have to be permitted, so the firewall will keep state, manage the communication from your machine, through it, to the external destination, and manage the return packets, ensuring they are delivered back to the same application. The firewall will most likely be acting as an application 'inspecting' proxy firewall, masking your internal network/machine/application/services, and possibly NAT'ing in a network environment - i.e. masking the real IP address, and setting up a proxy on separate IP and, for want of a better word, 'service' ports i.e. Above 1024. Normally these service ports are assigned randomly, so with 2 firewalls on the same machine, one stream would come in, be split (if it actually worked), assigned a random source port and passed to the 'allowed' application. Would the application receive 2 streams, or how would it handle it. I have no I idea, but I'm sure it would not be expecting it, and that would most likely cause trouble. Let's say one firewall allows HTTP, and the other does not. What will happen when a HTTP TCP packet arrives at your machine? Will one allow and one reject? Which one will decide first? IMHO, take the time to install one, make sure you only run the applications/services you want/know about, and the corresponding ports/services, then shut down the rest. Learn the firewall inside out – know your policy, and google for vulnerabilities for that firewall/OS/Applications you run, and make sure your machine is patched to the latest release (after testing in a non=production environment of course....). I have not gone into specific application protocol vulnerabilities i.e. HTTP, or TCP/IP Denial of Service/packet issues (unlikely that a personal firewall would handle these), but that's another story. Take Care Out There, and good luck. James Taylor not quite a CISSP, MIEE, CNE, ASE. --- Colin Rous <[EMAIL PROTECTED]> wrote: > G'day, all, > > I currently run two firewalls (Sygate and Tiny). I wanted > to replace one > with Outpost to see if Outpost is as good as people tell > me it is. Agnitum > warns you not to run more than one firewall, so I > disconnected from the > 'net, shut down both my firewalls and started the Outpost > install. The > install process noticed the existence of the other > non-running firewalls on > the sytem and gave me the following message: > > "You will most likely have the following problems if you > decide to run more > then one firewall on your computer: > > - Blue screen fatal errors, system freezing or sudden > system reboots. > - All access will be allowed for every application. > Nothing will be blocked. > - Every application will be blocked and you will be > unable to connect to > any web site. > - Your computer system will be unable to boot up. > - Every other error imaginable!" > > First, these claimed potential problems strike me as > being somewhat > over-the-top. Second, I run two AV programs (security in > depth, and all > that), one of which warns of dire consequences from > running more than one > AV program. In fact, I have no problems whatsoever; they > don't even trip > over each other's signature files. Neither do I get any > conflicts between > my current two firewalls or problems from running two. (I > pass all GRC, > Sygate and other tests with either or both.) > > So my question is: Has anyone experimented with running > Outpost with > another firewall? If so, what was your experience? If > not, can anyone think > of anything to justify Agnitum's claims? Is this just a > problem of > Outpost's? (No other firewall I know of issues such a > warning.) Or is this > just a marketing claim to encourage usage of Outpost and > only Outpost? (My > OS, BTW, is 98.) > > Cheers, > Colin > __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
