Is my XP firewall running properly?

[Guest]

I seem to be having trouble with the XP firewall

All the critical and recommended updates and patches have been downloaded (except SP1, which shows a download time of over 3 hours; I am waiting for the CD to arrive).

The port scan on the HackerWatch site has been run a few times over the last couple of days and seems to give differing results, ie sometimes a port will be shown as secure but another time will be shown as closed but unsecure

Can anyone shed any light on this, please?

 

[Guest]

my computer doesnt look clea

----- Sunny Balu wrote: ----

I seem to be having trouble with the XP firewall

All the critical and recommended updates and patches have been downloaded (except SP1, which shows a download time of over 3 hours; I am waiting for the CD to arrive).

The port scan on the HackerWatch site has been run a few times over the last couple of days and seems to give differing results, ie sometimes a port will be shown as secure but another time will be shown as closed but unsecure

Can anyone shed any light on this, please?

 

[Sadie]

Sunny,

Don't wait for the service pack to arrive.While you are
sitting there expecting it to drop onto your mat,any
number of exploits could take hold of your machine and
cause you a whole load more trouble.XP 1a itself contains
a vital patch for a critical vulnerability.

If you really can't afford to spend three hours
downloading the service pack,please at least download and
install a tiny utility named XPDITE from here:

http://grc.com/xpdite/xpdite.htm

Following that,you can either run a port scan on grc.com-
"Shields Up",or Sygate:

http://scan.sygate.com/probe.html

Post back if any ports are actively responding to the
probes.

Sadie

-----Original Message-----
I seem to be having trouble with the XP firewall.

All the critical and recommended updates and patches

have been downloaded (except SP1, which shows a download
time of over 3 hours; I am waiting for the CD to
arrive).

The port scan on the HackerWatch site has been run a few

times over the last couple of days and seems to give
differing results, ie sometimes a port will be shown as
secure but another time will be shown as closed but
unsecure.

 

[Guest]

Dear Sadie

Many thanks for the advice - will get XPDITE straight away

Have also tried the Sygate port scan, and although most ports are at least closed, if not actually blocked, two are open. Don't know how much I should be telling you on an open forum, but is there any way I can close the open ports

Best wishes
Sunny Bal
(PS I don't have a problem with waiting for the long download to finish, but unfortunately, my internet connection cuts off after 2 hours and I can't do anything about it.)

 

[Bruce Chambers]

Greetings --

You can test your firewall at:

Symantec Security Check
http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT

Security Scan - Sygate Online Services
http://www.sygatetech.com/

WinXP's built-in firewall is _adequate_ at stopping incoming
attacks, and hiding your ports from probes. It doesn't give you any
alarms to tell you that it is working, though. Nor is it very easily
configurable. What WinXP also does not do, is protect you from any
Trojans or spyware that you (or someone else using your computer)
might download and install inadvertently. It doesn't monitor
out-going traffic at all, other than to check for IP-spoofing, much
less block (or at even ask you about) the bad or the questionable
out-going signals. It assumes that any application you have on your
hard drive is there because you want it there, and therefore has your
"permission" to access the Internet. Further, because the ICF is a
"stateful" firewall, it will also assume that any incoming traffic
that's a direct response to a Trojan's or spyware's out-going signal
is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even Symantec's Norton
Personal Firewall is superior by far, although it does take a heavier
toll of system performance then do ZoneAlarm or Sygate.


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Bruce Chambers]

Greetings --

FYI, Gibson's Shields Up! checks only a very few of the more than
65,000 ports available, and even skips one of the ones exploited by
messenger service spam.

(And "XPDite," from Gibson's description, sounds like pure snake
oil, but I haven't had the time - or the interest, to be honest - to
test its usefulness.)

Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[NT Canuck]

Greetings --

FYI, Gibson's Shields Up! checks only a very few of the more than 65,000 ports available, and even skips one of the ones
exploited by messenger service spam.

The ports tested at grc.com can be common or service ports,
users may select a range of upto 64 "specific" ports to test.
Due to the high traffic (yes folks do test there) it's difficult
to offer a fast port scan and do all 65535 x 2 (tcp and udp).

Since the service ports are of the most concern, start there.
Typically your firewall/filters work or they don't.

(And "XPDite," from Gibson's description, sounds like pure snake oil, but I haven't had the time - or the interest, to be
honest - to test its usefulness.)

Bruce Chambers

Then stick to what you do_know...no offense but a good post
should be honest and informative. Since these posts are viewed
uninversally (google etc.) the answers/remarks are archived so
it is always best practice (imv) to validate prior to posting.

thx for consideration. ;-)

Anyway...nothing stopping folks from making a better scanner.

Please be aware that ISP or your LAN router may obscure results
due to proxy settings or filters placed on your line (not unusual).

 

[Guest]

Thanks Bruce
I have looked at XPDite and I had already downloaded the relevant patch from Microsoft, so presumably won't be helped by XPDite anyway

I am getting more confused, though

I have tried security scans at HackerWatch, who don't show my IP address and come up with varying results for scans (sometimes ports are closed, other times they are blocked), Sygate who do give the IP address and come up with the same results each time (ports are either closed, or unfortunately, two are open) and Symantec who give a totally different IP address and give all ports (including a Trojan Horse scan) a 'stealth' rating. The proxy setting is unchecked for these tests, so presumably they are connecting direct to my PC

I shall be trying one of the firewalls you suggest, but would be interested to know why the conflicting results are being given

Thanks for your help again
Sunny Balu.

 

[Bruce Chambers]

Greetings --

I've looked at www.hackerwatch.com, but I can't find any option to
scan my system. The site seems to offer nothing but links to other
security related sites.

I can't say with any certainty why you're getting different
results from the different scanning sites. I'm inclined to think that
there may be a problem of some sort with your present firewall. Of
course, it could also be due to the different ways in which each
scanner works. This is one reason I offer multiple options: on the
off chance that one site will catch something that another missed, or
that one site's "false alarm" can be checked elsewhere. The differing
IP addresses might even be the result of something your ISP is doing.
All three sites (GRC, Symantec, and Sygate) report my system as
completely in "Stealth" mode, and identify only the one IP address
assigned to my NAT router.


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Guest]

Dear Bruce

The hackerwatch probe address is www.hackerwatch.org/probe/?affid=330-0

Will try one of the alternative firewalls you suggest and hope this makes things more secure

Many thanks for your continued help
Sunny B