A question about Firewall in XP

[T O M M Y]

I know there is a built-in firewall in XP for limiting access to the
computer and securing it from hackers...I also-beside that Firewall -use
ZoneAlarm Pro when browsing the net....

My question is : "Is it enough to use only XP's firewall, or for more
security and stability additional firewalls are also needed?"

And " Is it right that firewalls can't stop viruses from stepping into the
computer,and their only aim is security from hacking activities?"

Any suggestion is much regarded

 

[purplehaz]

The xp firewall is not enough cause it does not block outbound connections.
Using both is not needed and could cause probs. Using ZA alone is the best
way to go in your setup.

A firewall can stop a virus/trojan. There are many that just look for open
ports and install silently when they find the port open. A perfect example
is the ms blast worm. If you had a firewall enabled you cannot get the ms
blast virus. But a firewall is in no way a substitute for a good anti-virus
program.

 

[Patrick]

I know there is a built-in firewall in XP for limiting access to the
computer and securing it from hackers...I also-beside that Firewall
-use ZoneAlarm Pro when browsing the net....

My question is : "Is it enough to use only XP's firewall, or for
more security and stability additional firewalls are also needed?"

And " Is it right that firewalls can't stop viruses from stepping
into the computer,and their only aim is security from hacking
activities?"

Any suggestion is much regarded

I used XP firewal, it stopped the NETBIOS (Messenger Service) thingy for a
while, then started letting them through.
So installed ZA free fing, along with AVG etc, I haven't ever had a virus.
(am I speaking too loud).

 

[whoever]

And " Is it right that firewalls can't stop viruses from stepping into
the computer,and their only aim is security from hacking activities?"

Most viruses these days are distributed by e-mail - a firewall won't
prevent such a virus. Worms, on the other hand, usually work by connecting
to your machine from "outside", so a firewall can protect against a worm.

In the last couple of weeks, the MS Blaster worm and the Sobig-F virus have
hit the headlines. A firewall would have blocked the first, but not the
2nd.

 

[PS]

Tom-

With the XP ICF (internet connection firewall) my system is invisible to the
'Shields Up' test! This is good.

http://grc.com/default.htm

ICF only protects you from incoming traffic. Zone-Alarm will monitor
outgoing traffic from your system, which will come in handy if your system
is infected with a trojan.

PS
"This post represents MY opinion and experiences only"

 

[Robert]

Hi, Tommy!

You might want to have a look at the following page (_"Personal Firewalls"
are mostly snake-oil_):

http://www.samspade.org/d/firewalls.html

"Maybe it'll block trojans from phoning home, but if you've run a trojan
your system is completely compromised "

Cheers,
Robert

 

[sli]

Hi, Tommy!

You might want to have a look at the following page (_"Personal
Firewalls" are mostly snake-oil_):

http://www.samspade.org/d/firewalls.html

Funny, he doesn't mention that a personal firewall could have provented a
few hundred thousand computers from getting the recent blast worm.
Considering the investment is $0 some might consider it worthwhile.

 

[CZ]

Robert:
connection or cable modem are way better than any 'software firewall' (The
NetGear RT311 and RT314 are extremely sophisticated and flexible NATs and
start at less than $100 - they do full NATing, allow port forwarding and
filtering to a protected network (NetGear Firewalls and NATs).

Agreed. I have two of the RT 314s. Excellent products.

listens on all the ports on your system. This provides no real additional
security over turning off the services that you don't use.

I disagree as follows:
BID does intrusion detection (RT 314 does not)
ZA free allows me to control what programs can call home (RT 314 does not)
NIS provides control over fragmented IP (RT 314 does not)

Also, a user with a host based firewall does not have to choose which
services to disable, thus avoid the possibility of causing problems due to
dependencies
off
the services that you don't use. (Maybe it'll block trojans from phoning
home, but A) if you've run a trojan your system is completely compromised"

On a clean install of XP Pro, I have had ZA free prompt me re: about 18 of
XP's applets/features/whatever calling home. I would associate that with
security.

 

[Robert]

Hi, CZ!

Thanks for a very informed and informative answer.

Cheers,
Robert

 

[whoever]

Even the little hardware NAT boxes that you can get for
sharing a DSL connection or cable modem are way better than any
'software firewall' (The NetGear RT311 and RT314 are extremely
sophisticated and flexible NATs and start at less than $100 - they do
full NATing, allow port forwarding and filtering to a protected
network (NetGear Firewalls and NATs).

I'm a big fan of these boxes, and I encourage anyone that I know who is
getting a broadband connection to consider shelling out the extra money (or
put it on their christmas "wish list") for one.

So... what does a 'personal firewall' actually do? Well, effectively
it listens on all the ports on your system. This provides no real
additional security over turning off the services that you don't use.

I'll repeat that - it provides no real additional security over
turning off the services that you don't use. (Maybe it'll block
trojans from phoning home, but A) if you've run a trojan your system
is completely compromised"

The article you're quoting is fairly typical of the sort of technical
bigotry that is rife in the area of compurers generally (I know - I'm
regularly guilty of it myself). The author thinks personal firewalls are a
waste of time because he doesn't think he needs one.

There's one thing that a "personal firewall" can do that no external box
can do - it can verify that outbound connections are being made by services
that are allowed to make them. Finding out that you've got a trojan is the
first step to rectifying the problem, and a personal firewall may be the
only way you will find out. (Unfortunately, for the not technically
inclined, asking for verification about outbound processes doesn't help
much, because it either causes terminal confusion, or they turn the
prompting off, and everything is allowed access the internet. It would be
nice if there was a setting that allowed personal firewalls to ask a
centralised database on the internet of a particular client application was
"safe", and only prompt the user if the application was unknown).

Both SoBig and Blaster would have been far less "successful" if more people
were using something like ZoneAlarm.

 

[Robert]

Hi!

The regular argument in favour of "personal firewalls" like ZoneAlarm
is that they will stop outbound Trojans from phoning home to mummy
while the Windows XP built-in firewall just won't.

I may be dumb but there is still a question that puzzles me.

If you have got the Windows XP built-in firewall + a good antivirus with
regular daily updates, is it still possible for Trojans to get into your
system at all (not mine, mind you!)?

And if Trojans cannot get in, what is the use of firewalls that would
prevent them from communicating with the outside world?

I am personally convinced that if everybody

a) had a good regularly updated antivirus (I can recommend the eTrust EZ
Antivirus for absolute efficiency and ultra-fast reactivity),
b) ran some kind of firewall on their systems,
c) used mail filtering programs like MailWasher,
d) and above all avoided opening suspicious messages with attachments,

Trojans, Worms and Viruses would not spread like they currently do.

How can people be so dumb as to think that Microsoft is writing to them?

Cheers,
Robert

 

[Gordon Burgess-Parker]

Not sure whether to LOL or not!

I agree, we can't have people throwing "thank you's" out into cyber space,
will-nilly.

 

[whoever]

The regular argument in favour of "personal firewalls" like ZoneAlarm
is that they will stop outbound Trojans from phoning home to mummy
while the Windows XP built-in firewall just won't.

I may be dumb but there is still a question that puzzles me.

If you have got the Windows XP built-in firewall + a good antivirus with
regular daily updates, is it still possible for Trojans to get into your
system at all (not mine, mind you!)?

Define "regular updates". They didn't do much to stop Sobig-F, did they?
Yet Sobig-F should have triggered an alert from ZoneAlarm, for example.

d) and above all avoided opening suspicious messages with attachments,

People who can't pass d) aren't likely to pass a, b or c.

 

[Patrick]

Not sure whether to LOL or not!

Nicely, 'taken on the the chin' Gordon

 

[Robert]

Hi, Whoever!

The eTrust antivirus had an update ready only a few hours after the Sobig virus
was known.

Quite a few of these Sobig-infected messages were sent to one of my email
accounts.

As I had been warned by eTrust not to "trust" such messages, I did not even look
at them.

I killed them all on the server.

But I would have done so in any case.

Messages with attachments from unknown senders should always be destroyed
systematically.

This method is even better than relying on firewalls and antiviruses.

It simply uses common sense and minimal Internet education.

Cheers,
Robert

 

[Sami Garzon]

I am personally convinced that if everybody

a) had a good regularly updated antivirus (I can recommend the eTrust EZ
Antivirus for absolute efficiency and ultra-fast reactivity),
b) ran some kind of firewall on their systems,
c) used mail filtering programs like MailWasher,
d) and above all avoided opening suspicious messages with attachments,

Add:

e) Had its OS updated (I can recommend windowsupdate),

 

[whoever]

The eTrust antivirus had an update ready only a few hours after the
Sobig virus was known.

You didn't quote what you were responding to. The fact the eTrust had an
update ready only a few hours after SoBig-F went wild didn't stop it being
the most virulent virus the internet has ever seen.

What percentage of users do you think update their AV signatures once a
week, or better? On one machine that I use, that only has a dialup
connection, I only update them once every couple of months, because it
takes 20-30 minutes to update the signatures on that slow connection.

 

[Robert]

Hi, Whoever!

First, maybe people buy the wrong antiviruses!

Then,obviously people don't update their antivirus
protection frequently enough.

On average, eTrust issue antivirus database updates
every day! Sometimes when viral activity is strong, they
issue updates twice a day!

You cannot expect antivirus protection unless you install
all appropriate updates as soon as they become available.

The same is true of the Windows Updates. They offer
adequate protection only to people who bother to
download and install them.

I personally use a standard 56 K dial-up connection.
Downloading the eTrust database update takes only
a few minutes every day. These updates weigh 500 KB
on average.

Files that take 20-30 minutes to download are usually files
that weigh more than 5 MB.

There must be something wrong with your connection settings,
or your ISP is not giving you a third of the bandwidth
that they should!

56K dial-up connections are slow compared to ADSL or
cable, bu they are not supposed to be so slow as yours seems
to be!

Cheers,
Robert

---- Original Message ----
From: whoever
Newsgroups:
microsoft.public.windows.inetexplorer.ie6_outlookexpress,microsoft.public.window
sxp.basics,microsoft.public.windowsxp.general,microsoft.public.windowsxp.securit
y_admin
Sent: Friday, August 29, 2003 9:02 PM Subject: Re: A question about Firewall in
XP

| The fact the eTrust had an | update ready only a few hours after SoBig-F
| went wild didn't stop it being the most virulent virus the internet has ever
seen.
|
| What percentage of users do you think update their AV signatures once a
| week, or better? On one machine that I use, that only has a dialup
| connection, I only update them once every couple of months, because it
| takes 20-30 minutes to update the signatures on that slow connection.

 

[T O M M Y]

What about people having an old never-updated XP Pro? I have a dial up
connection and couldn't update my XP at any time...
well, I still run the old XP (ver 2002) since Microsoft only supports its
high speed connection customers.( Although many people still use slow dial
up connections around the world). Besides, you may go away from your
computer
during the update time, but what can you do with dialup accidental
disconnections? Even the best download accelerator programs do not support
XP's built-in update....
Better Microsoft break down its download updates into smaller one to help
customers like us working in a more secure environment.

 

[David Candy]

I don't update. Either XP was fit for sale or it wasn't. I maintain it was so updates are unnecessary. Because I don't update I don't have any problems.