I realize I'm not getting a lot of questions answered here lately, and I'm going to presume that this is for legitimate reasons (i.e., people don't know or are too busy to think about it), not because they seem stupid (if they do, please tell me, on the list or privately). I run Windows as a VMWare guest on top of my CentOS host, and I generally have not used a firewall on the guest. This is partly because I only run it rarely, and it seems like a waste when it's running on a host that has its own, pretty effective firewall, but today I began to wonder - would it be a bad idea (or a complete waste) to use a firewall, like ZoneAlarm, on my Windows guest OS? Opinions welcome. Thanks. mhr
On Fri, 2009-12-11 at 13:50 -0800, MHR wrote:> I realize I'm not getting a lot of questions answered here lately, and > I'm going to presume that this is for legitimate reasons (i.e., people > don't know or are too busy to think about it), not because they seem > stupid (if they do, please tell me, on the list or privately). > > I run Windows as a VMWare guest on top of my CentOS host, and I > generally have not used a firewall on the guest. This is partly > because I only run it rarely, and it seems like a waste when it's > running on a host that has its own, pretty effective firewall, but > today I began to wonder - would it be a bad idea (or a complete waste) > to use a firewall, like ZoneAlarm, on my Windows guest OS? > > Opinions welcome. >Disclaimer: This is just my own opinion, on a good day maybe worth $0.02 (US). I'd say that my circumstances are pretty similar to yours in that I run the Windoze VM occasionally for non-critical uses ( most of the time ). My network is protected by a separate CentOS 5 box with Shorewall as a front-end for iptables, and I feel as secure as anyone has a right to while still having an active Internet connection. ;> So far, my practice has been to just run with the Windoze firewall enabled, and I do that mostly to keep the rest of that miserable excuse for an OS from whining about no detectable firewall in place, rather than in any expectation that it will actually prevent something bad from happening. I also have Windoze 2000 VMs with no firewall, and as far as I know nothing bad has slid onto my network. The bottom line is that in a VM protected by a "real" firewall, I see no particular need for another waste of system resources on an OS that wastes too much already. ;>> Thanks. > > mhr > _______________________________________________-- Ron Loftin reloftin at twcny.rr.com "God, root, what is difference ?" Piter from UserFriendly
On Fri, Dec 11, 2009 at 4:50 PM, MHR <mhullrich at gmail.com> wrote:> I realize I'm not getting a lot of questions answered here lately, and > I'm going to presume that this is for legitimate reasons (i.e., people > don't know or are too busy to think about it), not because they seem > stupid (if they do, please tell me, on the list or privately). > > I run Windows as a VMWare guest on top of my CentOS host, and I > generally have not used a firewall on the guest. ?This is partly > because I only run it rarely, and it seems like a waste when it's > running on a host that has its own, pretty effective firewall, but > today I began to wonder - would it be a bad idea (or a complete waste) > to use a firewall, like ZoneAlarm, on my Windows guest OS? > > Opinions welcome. > > Thanks. > mhrThis depends on how you have the guest network setup. If it's in bridged mode, then the firewall on the host does nothing to protect the guest. If you're running NAT mode, then that's sort of like a (consumer) firewall already, so should be pretty safe.
On Fri, Dec 11, 2009 at 1:50 PM, MHR <mhullrich at gmail.com> wrote:> I realize I'm not getting a lot of questions answered here lately, and > I'm going to presume that this is for legitimate reasons (i.e., people > don't know or are too busy to think about it), not because they seem > stupid (if they do, please tell me, on the list or privately). > > I run Windows as a VMWare guest on top of my CentOS host, and I > generally have not used a firewall on the guest. ?This is partly > because I only run it rarely, and it seems like a waste when it's > running on a host that has its own, pretty effective firewall, but > today I began to wonder - would it be a bad idea (or a complete waste) > to use a firewall, like ZoneAlarm, on my Windows guest OS? >In addition to running Microsoft's free firewall, I also run Microsoft's antivirus/malware software which is also free. This is on a dual boot netbook - and I typically only use Windows for either for my MagicJack phone or debugging user issues. -- Enjoy global warming while it lasts.
Mhr wrote on Fri, 11 Dec 2009 13:50:27 -0800:> would it be a bad idea (or a complete waste) > to use a firewall, like ZoneAlarm, on my Windows guest OS?Yes, using ZA is a bad idea. XP has its own firewall which is enabled by default if you are patched up-to-date. Keep that on. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com