Vic said:
Hi Bruce
Wow, your reply is very informative, and I realize there is a LOT to
know about setting up firewalls.
You asked:
It's XP Home SP2. When you said an APPLICATION doing something funny
could trigger the warning popup it struck a cord. THAT is when I saw
popups. Guess I was under the impression the firewall warned of
unexpected 'visitors' attempting access from the internet!
How can I know if the firewall IS stopping unsolicited inbound attempts?
You can't, really, except the the absence of the sort of malware that
firewalls prevent. That's one of the weaknesses of WinXP's built-in
firewall; one has to take its proper functioning on faith.
My system is pretty low end for XP. It's an OLD Tyan S1590 mobo w/AMD
550mhz CPU, 384mb memory. Because of that I've always hesitated to run a
firewall, concerned about sluggish performance!
If I may ask, being the job Windows Firewall does seems 'minimal' and I
have no concerns about funny business going on over the home network,
does it really make sense to have it on? I know the DSL modem/router
(Siemens SpeedStream) has a built-in 'firewall' blocking ports.
As the WinXP firewall provides no additional protection over a router
with NAT, it could be turned off without any loss of protection. So
long as that router is guaranteed not to ever fail, that is.
I've
done NUMEROUS checks for security on various websites including
http://grc.com/default.htm (click on SHIELDS-UP) which checks a
multitude of things. All ports come up STEALTH (green) and the PC always
gets a good bill of health, though not perfect.
The last time I checked the "Shields Up" page, it neglected to
check some of the very ports used by Blaster/Welchia, et al. Has that
oversight been corrected?
Anyway, another site for testing is:
Symantec Security Check
http://security.symantec.com/ssc/home.asp
Additionally, Gibson is a very poor source for computer security
advice. Gibson has been fooling a lot of people for several years, now,
so don't feel too bad about having believed him. He mixes just enough
facts in with his hysteria and hyperbole to be plausible. Despicably,
Gibson is assuming a presumably morally superior pose as a White Knight
out to rescue the poor, defenseless computer user, all the while
offering solutions that do no good whatsoever.
Perhaps you should read what real computer security specialists
have to say about Steve Gibson's "security" expertise. You can start here:
http://www.grcsucks.com/
In your opinion does it
make sense to turn off Windows Firewall and install another (e.g.
Zonealarm or Sygate Personal Firewall)?
Yes. it does. That's what I do for my own machines.
I know you believe in many layers of defense ... but how about on a
low-end PC with an operator who is conservative and VERY cautious about
sites visited?
Well, you are the single most important component of any computer
security plan. There are several essential components to computer
security: a knowledgeable and pro-active user, a properly configured
firewall, reliable and up-to-date antivirus software, and the prompt
repair (via patches, hotfixes, or service packs) of any known
vulnerabilities.
The weakest link in this "equation" is, most often, the computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer. All
too few people keep their antivirus software current, install patches
in a timely manner, or stop to really think about that cutesy link
they're about to click.
Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.
To learn more about practicing "safe hex," start with these links:
Protect Your PC
http://www.microsoft.com/security/protect/default.asp
Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/
List of Antivirus Software Vendors
http://support.microsoft.com/default.aspx?scid=kb;en-us;49500
Home PC Firewall Guide
http://www.firewallguide.com/
Scumware.com
http://www.scumware.com/
Thanks again for your input, you guys are a tremendous help!
Vic
You're welcome.
--
Bruce Chambers
Help us help you:
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin
Many people would rather die than think; in fact, most do. -Bertrand Russell