On Fri, 2009-12-11 at 13:50 -0800, MHR wrote:
I realize I'm not getting a lot of questions answered here lately, and I'm going to presume that this is for legitimate reasons (i.e., people don't know or are too busy to think about it), not because they seem stupid (if they do, please tell me, on the list or privately).
I run Windows as a VMWare guest on top of my CentOS host, and I generally have not used a firewall on the guest. This is partly because I only run it rarely, and it seems like a waste when it's running on a host that has its own, pretty effective firewall, but today I began to wonder - would it be a bad idea (or a complete waste) to use a firewall, like ZoneAlarm, on my Windows guest OS?
Opinions welcome.
Disclaimer: This is just my own opinion, on a good day maybe worth $0.02 (US).
I'd say that my circumstances are pretty similar to yours in that I run the Windoze VM occasionally for non-critical uses ( most of the time ). My network is protected by a separate CentOS 5 box with Shorewall as a front-end for iptables, and I feel as secure as anyone has a right to while still having an active Internet connection. ;>
So far, my practice has been to just run with the Windoze firewall enabled, and I do that mostly to keep the rest of that miserable excuse for an OS from whining about no detectable firewall in place, rather than in any expectation that it will actually prevent something bad from happening. I also have Windoze 2000 VMs with no firewall, and as far as I know nothing bad has slid onto my network.
The bottom line is that in a VM protected by a "real" firewall, I see no particular need for another waste of system resources on an OS that wastes too much already. ;>
Thanks.
mhr _______________________________________________