NAT router, AV and firewall

If I have a NAT router that stops incoming packets (grc.com says my
machine is completly stealthed even when I use only the NAT firewall)
and a good updated AV-software that will detect virus and trojans...

Is there then any reason at all to have a software firewall?

I have always had one, to monitor programs, but it takes both RAM and
CPU% and my AV should detect any trojans before they send anything,
right?

My AV both has a normal program-scan (scans all started programs), a
web-scanner (scans everything downloaded with a browser) and a
mail-scanner (scans everything received through mail).

It has a "network scanner" as well which I don't use (think that is
supposed to scan network traffic, sound a bit like a firewall :-)
--
Lars-Erik - http://www.osterud.name - ICQ 7297605

Re: NAT router, AV and firewall

Lars-Erik Østerud wrote:
> If I have a NAT router that stops incoming packets (grc.com says my
> machine is completly stealthed even when I use only the NAT firewall)
> and a good updated AV-software that will detect virus and trojans...
>
> Is there then any reason at all to have a software firewall?

No, you really don't need one of the router has a syslog function so
that you can look at inbound and outbound traffic to and from the
router, with something like Wallwatcher.

http://www.sonic.net/wallwatcher/

>
> I have always had one, to monitor programs, but it takes both RAM and
> CPU% and my AV should detect any trojans before they send anything,
> right?

The AV program can be beaten by a 0 day exploit that the AV may not be
able to detect.
>
> My AV both has a normal program-scan (scans all started programs), a
> web-scanner (scans everything downloaded with a browser) and a
> mail-scanner (scans everything received through mail).

All of it can be beaten by malware under the right conditions.
>
> It has a "network scanner" as well which I don't use (think that is
> supposed to scan network traffic, sound a bit like a firewall :-)

You can get a FW router that can stop inbound, outbound and has a syslog.

You can use other tools to detect things and run them as needed to look
around on the machine yourself.

long
http://www.windowsecurity.com/articles/Hidden_Backdoors_Troj an_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html

short
http://tinyurl.com/klw1

Re: NAT router, AV and firewall

Mr. Arnold wrote:

> No, you really don't need one of the router has a syslog function so
> that you can look at inbound and outbound traffic to and from the

Itæs a very cheap router :-) It can block incoming packets, it has
some function to stop break-in attempts (but that slows it down to
much). Nothing much else. So it does not examine the packages.
--
Lars-Erik - http://www.osterud.name - ICQ 7297605