Internet connection firewall question

[John]

Hi,

During Internet connection configuration, I check the "Internet
connection firewall" option. Does this mean, nobody will be able to
access my computer no matter what? Saw some dude on CNN saying that
you need a personal firewall so that your PC will not be hijacked by
hackers. How good is this "Internet connection firewall" I am seeing
on Windows XP?

John

 

[Bruce Chambers]

Greetings --

WinXP's built-in firewall is fine at stopping incoming attacks, and
hiding your ports from probes. It doesn't give you any alarms to tell
you that it is working, though. What WinXP also does not do, is
protect you from any Trojans or spyware that you might download and
install inadvertently. It doesn't monitor out-going traffic at all,
much less block (or at least ask you about) the bad or the
questionable out-going packets.

ZoneAlarm or Sygate are much better, and there are a free versions
available. Personally, I've been very happy with Symantec's Norton
Internet Security 2002 (NIS 2003 is now available), which includes
Norton AntiVirus, Norton Personal Firewall, parental controls, privacy
controls, and ad blocking. (Just the elimination of most pop-up ads
on the Internet made the price worth-while to me.)

You can compare several firewall solutions, some of them free,
here:

The DSL Zone Your Broadband Solution Source
http://thedslzone.com/Software.html


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[John]

Ah, great. I am big on downloading stuff. So I figure PC is fairly
safe. Saw it on the news recently, some hackers were able to hijack
PCs with broadband access to the Internet and used them to run porno
sites. I don't think this is done with Trojans or spyware though.
Amazing how they were able to do that.


John

 

[Lionel Fourquaux]

WinXP's built-in firewall is fine at stopping incoming attacks, and
hiding your ports from probes. It doesn't give you any alarms to tell
you that it is working, though. What WinXP also does not do, is
protect you from any Trojans or spyware that you might download and
install inadvertently. It doesn't monitor out-going traffic at all,
much less block (or at least ask you about) the bad or the
questionable out-going packets.

That's not completely true. WinXP's firewall can log the packets it
drops, and this is IMHO much better than "noisy" firewalls that keeps
telling you it blocked a packet (usually perfectly harmless).

As for outgoing traffic... Well, if you install trojans on your computer,
you've a problem that no firewall will cure. First rule of security: there
is no subtitute to educating users. Moreover, it's really _easy_ for a
programmer to work around these filters on outgoing packets,
assuming the firewall is configured to let http connections through
(just start a hidden instance of the web browser, inject your
code in it, and use the http port for your connections).

ZoneAlarm

I've a really bad experience with ZoneAlarm. It uses a kernel-mode
driver (of course) that appears to be really buggy and causes WinXP
to crash (blue screen) regularly. Moreover, this one is _really_ noisy.

I'm not advocating a no-firewall solution for everyone, and
blocking outgoing packets can be a way to make users aware
that they are installing software they should not. Just remember
that no firewall will protect you if you install unsafe software.

And WinXP's firewall is really not so bad...