Windows XP SP2 Firwall does not block programs, programs just run

[Mark]

I did a system restore on my emachine laptop running Windows XP Home
Edition SP1. When I initially installed Windows XP SP2 final from this URL:

Windows XP Service Pack 2 Network Installation Package for IT
Professionals and Developers
http://www.microsoft.com/downloads/...BE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en

to the laptop, this made the laptop no longer boot in Windows XP.

Right after performing the system restore to Windows XP Home Edition
SP1, I installed Windows XP SP2.

When the Windows XP Firewall prompts to block a program, I click Block
and the program continues to run. No programs get blocked in the
Windows XP SP2 Firewall.

I did receive a prompt for SUS20Client from Automatic Update, but I am
not sure what SUS20Client is and when I clicked Block on the Windows XP
SP2 Firewall, the program ran; I viewed it running in the Windows XP
Task Manager - Processes.

Why is the Windows XP SP2 Firewall not blocking programs that I click to
Block?

 

[sgopus]

I think you are misunderstanding what the firewall does.
Blocking a program from accessing the internet, doesn't
stop it from running, it just blocks it from getting to
the internet. So unless the program requires internet
access to run, it will run, it may at some point give an
error display.

 

[Mark]

The program does access the Internet when I click Block.

 

[Mike Kolitz]

It's also necessary to point out that the Windows firewall does not handle
outbound traffic - only inbound. The Windows firewall will only prompt you
to block a program's communications if it appears that the program has
received an unsolicited request from outside of the local machine (or
wherever you have the boundary configured).

 

[sgopus]

I suggest you get zonealarm (free) from zonelabs.com
if you want to stop traffic in both directions.
do not run the windows firewall with zonealarm, they could
conflict and cause loads of problems.
if you decide to get zonealarm then configure it to not
show alerts, most of this is normal internet traffic and
you don't need to see/worry about that. Do allow you to
configure it yourself, so that new programs need express
permission from you to access the internet.

 

[Jupiter Jones [MVP]]

The Basic windows XP firewall is not intended to nor does it stop
outbound traffic.
Most likely you blocked whatever was attempting to access your
computer through that program.
So now whatever it was does not get to the program but the program is
not stopped by the firewall.

You need to learn more about firewalls in general and how they
perform.
If you get a full featured firewall, you will become more lost as you
will then have to also manage outbound traffic.

 

[Ben]

sgopus æ到:

I suggest you get zonealarm (free) from zonelabs.com
if you want to stop traffic in both directions.
do not run the windows firewall with zonealarm, they could
conflict and cause loads of problems.
if you decide to get zonealarm then configure it to not
show alerts, most of this is normal internet traffic and
you don't need to see/worry about that. Do allow you to
configure it yourself, so that new programs need express
permission from you to access the internet.

If an outward traffic is from a Trojean, it will be take cared of by an
antivirus.
So, I guess MS or Trend or Norton firewalls dont block outward traffics
is because of this.
Even if you install ZoneAlarm, it will ask you about how to do with an
outward traffic, can you handle it??

 

[Mark]

Microsoft's emphasized in Windows XP SP2 that it now has a built-in
firewall to protect your Windows computer. Based on this discussion so
far, it seems like Windows XP SP2 Firewall is just an implemented
marketing ploy to make Windows users think their Windows computer(s) are
protected but they are not.

When disabling the Windows XP SP2 Firewall you receive an annoying
balloon that keeps popping up every so often.

I use a hardware based firewall on my Windows XP system and I am testing
to see if the new Windows XP SP2 Firewall has any worthwhile protection
in it. Apparently the Windows XP SP2 Firewall is a complete joke and
Microsoft should not have wasted their time and effort on it.

 

[Tom Porterfield]

The program does access the Internet when I click Block.

And it will. You got prompted because the program was trying to open a
port for incoming traffic. If you clicked block, then the program can
not receive direct incoming traffic from the internet that it did not
specifically request, but it can still send requests out for information
and receive responses to those specific requests.
--
Tom Porterfield
MS-MVP MCE
http://support.telop.org

Please post all follow-ups to the newsgroup only.

 

[Mark]

It seems Microsoft included a partial firewall in Windows XP SP2. They
should have just left the Windows XP SP2 Firewall out of the SP2 update.

As I stated in my previous reply to this discussion, I am currently only
testing the Windows XP SP2 Firewall because there are many Windows XP
users believing from Microsoft's emphasis on SP2 that they no longer
need to use a firewall on their system because SP2 has one.

 

[Mark]

Microsoft provides no details in the Windows XP SP2 Firewall about what
it is actually blocking and provides the program its blocking.
Microsoft's vague firewall blocking messages are not very useful.

The program still receives and sends data on the Internet, but not sure
what the Windows XP SP2 Firewall blocks, or if it actually does block
anything. Microsoft may be displaying messages that something is
getting blocked and its not actually blocking.

At least with ZoneAlarm you can see what the firewall is blocking.

 

[CZ]

Microsoft's emphasized in Windows XP SP2 that it now has a built-in
firewall to protect your Windows computer. Based on this discussion so
far, it seems like Windows XP SP2 Firewall is just an implemented
marketing ploy to make Windows users think their Windows computer(s) are
protected but they are not.

Mark:

IMO, Windows firewall is not a marketing ploy.
Many users have insecure setups that include open ports. These users are
the focus of Windows Firewall.
If MS did a bidirectional packet filtering firewall, MS would be accused of
trying to force out third party products.
Windows Firewall provides the minimum protection to control ports, and that
is both significant and incomplete, but much better than not offering any
firewalling.

BTW: Windows Firewall is stateful and can dynamically block source address
spoofing, most third party firewalls are stateless and cannot do that.
Also, Windows Firewall loads early to protect your computer during the
bootup process, does your third party product?

 

[Tom Porterfield]

It seems Microsoft included a partial firewall in Windows XP SP2. They
should have just left the Windows XP SP2 Firewall out of the SP2 update.

As I stated in my previous reply to this discussion, I am currently only
testing the Windows XP SP2 Firewall because there are many Windows XP
users believing from Microsoft's emphasis on SP2 that they no longer
need to use a firewall on their system because SP2 has one.

If you are good to make sure you don't get anything on your machine that
would make unwanted outgoing connections, then the XP firewall is good
enough. And it is far better than no firewall at all as it very
effectively blocks unwanted incoming traffic. If you also need fuller
control on outgoing traffic then you will need a different firewall
product. The purpose of the XP SP2 firewall is not to put other
firewall vendors out of business, but rather to protect the PC from a
fairly common attack vector, something that it does quite well.
--
Tom Porterfield
MS-MVP MCE
http://support.telop.org

Please post all follow-ups to the newsgroup only.

 

[Ken Blake]

In

Microsoft's emphasized in Windows XP SP2 that it now has a
built-in
firewall to protect your Windows computer.

No, it's not that it "now" has a built-in firewall; Windows XP
has always had a built-in firewall. What's different in SP2 is
that the firewall is improved, and that it's now turned on by
default.

Based on this discussion
so far, it seems like Windows XP SP2 Firewall is just an
implemented
marketing ploy to make Windows users think their Windows
computer(s)
are protected but they are not.

Not true. It's not the best product available, but it's far from
useless. It offers good protection, but other products offer
better protection.

When disabling the Windows XP SP2 Firewall you receive an
annoying
balloon that keeps popping up every so often.

I use a hardware based firewall on my Windows XP system and I
am
testing to see if the new Windows XP SP2 Firewall has any
worthwhile
protection in it

If you have a hardeware firewall, the Windows firewall adds
nothing. However you might want to consider adding a third-party
sowftare firewall which will add monitoring of outbound internet
access.

Apparently the Windows XP SP2 Firewall is a
complete joke

Nonesense. Just because there's a better product doesn't mean
that this one is useless. A Rolls-Royce may be a better car than
a Ford, but that doesn't make the Ford incapable of getting you
where you want to go.

 

[Jupiter Jones [MVP]]

If you are unsure if ICF, or any other firewall for that matter,
blocks anything perhaps you should go to any of the numerous sites
designed to test your firewall and report the results.
This can be a good idea whether you use ICF or the most expensive and
exotic firewall available.

Just because ICF does not report and does not stop outbound traffic
does not make it useless.

Granted controlling outbound can help you identify an internal
problem.
But if you carefully maintain your computer as well as carefully
control what is installed, outbound will have nothing to catch.
If outbound catches something, there is already a failure in the way
you manage the computer.

ICF is great as intended.
It is only when someone expects the features of the premium firewalls
that ICF looks bad.