Firewalls

[Eric Fehlhaber]

I was just wondering how the current Windows XP Pro firewall compares to
third party firewalls like McAfee? Also, how will the updated firewall in
SP2 stack up to third party firewalls?

Thanks

 

[Guest]

the windows firewall is hard to read. i don't like it. i am currently using sygate personal firewall and i find it easy to read the log. i also can track down the ip address most of the time. microsoft should do something like this instead of logging it in wordpad.

 

[JAX]

XP's firewall is very basic. It only stops incoming intrusions and does
nothing for outgoing traffic. That would be the case if you have
inadvertently downloaded some sort of "malware" that might send your
personal information to someone else. It is also not very configurable. It
beats not having a firewall at all but, I would suggest you install a 3rd
party firewall. There are a few free ones out there. I have used the free
version of ZoneAlarm for a few years and am satisfied with it. Here is a
link, if you care to check it out.
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

HTH, JAX

 

[S. Pidgorny]

The SP2 firewall doesn't have many of the bells and wistles of its
commercial counterparts but it's damn good personal firewall and it is going
to kill the competition.

 

[Bruce Chambers]

Greetings --

WinXP's built-in firewall is _adequate_ at stopping incoming
attacks, and hiding your ports from probes. It doesn't give you any
alarms, or any other kind of indication, to tell you that it is
working, though. Nor is it very easily configurable. What WinXP also
does not do, is protect you from any Trojans or spyware that you (or
someone else using your computer) might download and install
inadvertently. It doesn't monitor out-going traffic at all, other
than to check for IP-spoofing, much less block (or at even ask you
about) the bad or the questionable out-going signals. It assumes that
any application you have on your hard drive is there because you want
it there, and therefore has your "permission" to access the Internet.
Further, because the ICF is a "stateful" firewall, it will also assume
that any incoming traffic that's a direct response to a Trojan's or
spyware's out-going signal is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even the commercially
available Symantec's Norton Personal Firewall is superior by far,
although it does take a heavier toll of system performance then do
ZoneAlarm or Sygate.

The "next generation" Windows Firewall included with SP2, while
vastly superior to the original ICF in terms of visibility, usability
and configurability, is still rather lacking, as a solid security
component. It still can't supplant 3rd-party solutions, nor is it
intended to do so; rather, it's intended to complement them. And, like
the original ICF, it will not monitor out-going traffic.

It's most important virtues, I think, are it's improved
compatibility with internal LANs and its configurability via group
policies. Now, there's a simple, cheap tool that system admins can
use to protect the LAN workstations from that occasional - but not
rare enough - fool who manages to bypass the perimeter firewall and
manually install some malware that could then spread throughout the
LAN via shared drives.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH

 

[Bruce Chambers]

Greetings --

Hardly. It's an improvement over ICF, but still way behind
3rd-party solutions, as it's intended to be.

Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH

 

[Eric Fehlhaber]

First of all, thank you for all the input. I especially appreciate links to
online articles that I can read! Anyway, it seems like the windows firewall
is "sufficient" and that buying a third party firewall really wouldn't be
worth the money. Especially for a home user with up-to-date virus
protection and hardware firewall protection. Please correct me if I am
wrong!

Also, I was specifically interested in some info on McAfee's firewall for
the simple fact that I use virus scan 8 already.

Anyway, thanks again!

 

[Bruce Chambers]

Greetings --

Like WinXP's built-in firewall, NAT-capable routers and hardware
firewalls do little or nothing to protect the uninformed user from
him/herself. Again -- and I _cannot_ emphasize this enough -- almost
all spyware and many Trojans and worms are downloaded and installed
deliberately (albeit unknowingly) by the user. So a software
firewall, such as Sygate or ZoneAlarm, that can detect and warn the
user of unauthorized out-going traffic is an important element of
protecting one's privacy and security. Most antivirus applications do
not scan for or protect you from adware/spyware, because, after all,
you've installed them yourself, so you must want them there, right?

It's been several years since I've been tempted to try McAfee
products. Their quality seemed to take a steep nose-dive after they
were acquired by Network Associates.

The "next generation" Windows Firewall included with SP2, while
vastly superior to the original ICF in terms of visibility, usability
and configurability, is still rather lacking, as a solid security
component. It still can't supplant 3rd-party solutions, nor is it
intended to do so; rather, it's intended to complement them. And, like
the original ICF, it will not monitor out-going traffic.

It's most important virtues, I think, are it's improved
compatibility with internal LANs and its configurability via group
policies. Now, there's a simple, cheap tool that system admins can
use to protect the LAN workstations from that occasional - but not
rare enough - fool who manages to bypass the perimeter firewall and
manually install some malware that could then spread throughout the
LAN via shared drives.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH

 

[BeamGuy]

Let's answer that with a story from last week. My work computer is behind a corporate
firewall,
and I am an administrator on it so I always have ALL the latest patches, and even have IE
security
turned up to "high", and use the mozila browser to avoid security concerns in IE. We have
the
corporate version of Trend A/V that updates automatically whenever my IT department cares
to,
and they can even force full scans of my system whenever they feel a need. I would say I
am
way above the average level of a security conciousness, and my company has a fairly large
number
of security tools.

About a week ago my computer got really sluggish and I noted some unusual pattern in the
cpu time dedecated to various processes - so I rebooted and brought up my network
monitoring
tool to check for unwanted tcp/ip connections. I found my system was connecting to a
computer
in amsterdam, found the application that was doing it, zipped it and sent it off to an A/V
site.
Not mine - I could not get through to trend.

The response I got back was that my fully patched, fully a/v protected, non-IE user system
had
a new virus that was not yet detected by trend,mcafee or several other a/v products, and
since
it had backdoor properties the hackers in amsterdam could have installed literally
anything on
my computer that they wanted. The advice was to re-format and start over. I resisted for a
day,
my IT department did not think it was necesssary, but I had no confidence in my privacy
anymore
and had it reformated.

IF I had had a software firewall on my system I would have been notified when the backdoor
called home to ask for instructions, and I would not have needed to reformat my system. It
is
a corporate computer, so technically I am not allowed to install such products. But I told
one of
the IT guys I was going to do it and he did not object - so now I have a software firewall
on my
corporate computer. I have to allow many of the corporate servers full access, but those
are not
the problem. It is the other silly users who download a virus in their mail, or the
vendors who
come in and plug their laptop into the network, or even silly me browsing the net with a
browser
that has another unpatched hole. The software firewall protects against all those things.
I've told
my friend the corporate IT guy that he should install one on every desktop and that I will
give
him a list of rules that allow all the services that 99% of the users use work flawlessly
while
containing the damage of the next virus that hits the company.

 

[Eric Fehlhaber]

Thanks for the info! I dont' mean to be a pest, but I'm just curious... If
what you say is true, then what does a hardware firewall block? It almost
sounds as though software firewalls are superior to hardware ones. If that
is the case, then why is so much invested by companies into Cisco firewalls
and things like that?

Thanks!

 

[Bruce Chambers]

Greetings --

Dedicated hardware firewalls are excellent for a network's
perimeter defense, as they "hide" all of the network's servers and
workstations. At one time, they were all that was necessary.
The professional grade firewalls sold by companies such as Cisco
actually provide both hardware _and_ software protection, via their
configuration software.

But now, there is malware that can be distributed via email or web
sites (by careless users) and installed on a network workstation to
attack networks from within. Because the antivirus applications that
would normally counter or mitigate this threat are purely reactive
(they cannot detect something that has not already been identified and
added to their virus definition files), it's advantageous to have a
software firewall on each workstation on the LAN to stop such
"imported" problems from spreading behind the firewall.

Computer security works best when a multi-layered approach is
used. An exploit that targets one defense's vulnerability - even a
temporary one - can be stopped by another defense.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH

 

[Greg R]

Take a look at this
http://www.keir.net/firehole.html

Greg R

 

[Bruce Chambers]

Greetings --

I use Sygate's Personal Firewall 5.5, Build 2577, and it
immediately detected and blocked Firehole's attempt to "hijack" my
default browser (Firefox).

Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH