Firewalls

[Jon Conner]

Is the firewall that is incorporated with Windows XP
sufficient enough for a home computer connected to the
internet via DSL, or is a third-party firewall (Norton,
Sygate, Zone Alarm) neccessary? If a third-party
firewall should be used, should Windows firewall then be
disabled? Any thoughts on this subject would be
helpful. Thank you.

Jon

 

[Guest]

well i think a softwarefirewall like ZoneAlarm or so is mutch better to configute
and when you use something like ZoneAlarm you should diable the integratet firewal
to be shure that ZoneAlarm can work propperly..

greeeeeeeeeet
Tom

 

[Juan]

Greetings:

The Windows Internet Connection Firewall is enough protection if you keep
your system updated
and patched. Experts recommend the use of only one firewall because of
posible conflicts that
could develop from the use of two, they recommend that if you install a
third-party firewall you should
disable the Windows Firewall.. some people install third-party firewalls and
report no conflict at all,
I myself have used two firewalls and have only experienced a bit lowered
connection speed, but that
again may depend on the computer's speed, and even so it may be worth the
sacrifice, a little speed
loss for extra protection seems like a good deal to me.

In my opinion third party firewalls advantages are; they warn and register
attempted or successfull
intrusions which you can configure the firewall to block. The use of two
firewalls also helps to block
practically all pop-ups.

Read how the Windows XP Internet Connection Firewall works.
http://support.microsoft.com/default.aspx?scid=kb;en-us;q320855

http://support.microsoft.com/default.aspx?scid=kb;en-us;320855&Product=winxp

Recommended newsgroup for further information:
microsoft.public.windows.networking.firewall



----------------Original Message--------------

 

[Jon Conner]

Gentlemen,

Thank you for your prompt response and advice. I think
I'll go with two firewalls and see what happens. As long
as my computer stays stable, I can give up a bit of
internet speed.

Jon

 

[Bruce Chambers]

Greetings --

Well, WinXP's built-in ICF is certainly better than nothing, but
it's no substitute for a real firewall.

WinXP's built-in firewall is _adequate_ at stopping incoming
attacks, and hiding your ports from probes. It doesn't give you any
alarms, or any other kind of indication, to tell you that it is
working, though. Nor is it very easily configurable. What WinXP also
does not do, is protect you from any Trojans or spyware that you (or
someone else using your computer) might download and install
inadvertently. It doesn't monitor out-going traffic at all, other
than to check for IP-spoofing, much less block (or at even ask you
about) the bad or the questionable out-going signals. It assumes that
any application you have on your hard drive is there because you want
it there, and therefore has your "permission" to access the Internet.
Further, because the ICF is a "stateful" firewall, it will also assume
that any incoming traffic that's a direct response to a Trojan's or
spyware's out-going signal is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even Symantec's Norton
Personal Firewall is superior by far, although it does take a heavier
toll of system performance then do ZoneAlarm or Sygate.

Running two or more software firewalls simultaneously is
unnecessary and can sometimes cause conflicts, possibly negating the
protection of both. In any event, having two firewalls running
simultaneously is most certainly an unnecessary drain on system
resources.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH

 

[Allan]

I use windows XP firewall and also free Zone Alarm and
have not had any troubles with it. The only trouble I had
was when I tried to update Zone Alarm to version 5 had
troubles so went back to version 4.

 

[Guest]

I reccomend using a third party firewall as it is much more configurable than ICF
ICF is no good if you are using it on a network

I have even been told that microsoft reccomend a third party firewall
With the release of SP2 the Windows firewall seems to be more configurable

 

[Steve Riley [MSFT]]

We recommend that you use whatever's necessary to address the threats you're
facing.

For many users, the capabilities of ICF were good enough, but it wasn't very
useful in a corporate network. Most of the changes to the firewall in SP 2
help it work better in corporate settings (multiple profiles, subnet
restrictions, listening application permissions, and so on).

One capability we still don't have is outbound application control. Our
testing showed that all the dialogs produced by that kind of feature end up
confusing many users. So our decision is not to implement such a thing. And
we believe that not having this feature doesn't generally weaken security.

If, however, you want such capability, then by all means use a host firewall
that provides it. It's more important that you use *something* than nothing
at all.