Personal Firewall Question


G

-=gu=-

Hello,
My boss wants me to find out if there is value in turning
on everyone's XP personal firewall and if we did, what
kind of problems are we going to be opening ourselves up
to.
Feel free to throw your hat in the ring.

Thanks!
 
Ad

Advertisements

C

Carey Frisch [MVP]

Use the Internet Connection Firewall
http://www.microsoft.com/windowsxp/using/networking/learnmore/icf.mspx

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

--------------------------------------------------------------------------------------

"-=gu=-" (e-mail address removed) wrote in message:

| Hello,
| My boss wants me to find out if there is value in turning
| on everyone's XP personal firewall and if we did, what
| kind of problems are we going to be opening ourselves up
| to.
| Feel free to throw your hat in the ring.
|
| Thanks!
 
Ad

Advertisements

B

Bruce Chambers

Greetings --

Without knowing _anything_ about how your computer(s) is used, or
what kind, if any, of network configuration you have, it's impossible
to provide an answer of any real value.

Given today's widely-publicized and well-known hostile Internet
environment, only a fool or a masochist would go on-line without both
a firewall and antivirus protection. People really shouldn't need to
be told to use a firewall or an antivirus application, no more than
they should need to be told not to stick their hands into an open
flame.

WinXP's built-in firewall is _adequate_ at stopping incoming
attacks, and hiding your ports from probes. It doesn't give you any
alarms, or any other kind of indication, to tell you that it is
working, though. Nor is it very easily configurable. What WinXP also
does not do, is protect you from any Trojans or spyware that you (or
someone else using your computer) might download and install
inadvertently. It doesn't monitor out-going traffic at all, other
than to check for IP-spoofing, much less block (or at even ask you
about) the bad or the questionable out-going signals. It assumes that
any application you have on your hard drive is there because you want
it there, and therefore has your "permission" to access the Internet.
Further, because the ICF is a "stateful" firewall, it will also assume
that any incoming traffic that's a direct response to a Trojan's or
spyware's out-going signal is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even the commercially
available Symantec's Norton Personal Firewall is superior by far,
although it does take a heavier toll of system performance then do
ZoneAlarm or Sygate.

To enable/disable the built-in firewall, Start > Network
Connections > Right-click the connection > Properties > Advanced >
Protect my computer.....

HOW TO Enable or Disable Internet Connection Firewall in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q283673

If you're using AOL, MSN, NetZero, or another on-line content
providing service that doesn't trust its customers to control their
own computers and insists upon the installation of a proprietary
connectoid, you'll either need to find a 3rd party firewall that is
compatible with them, or switch to a real ISP that is compatible with
the real Internet.

Additionally, WinXP's built-in firewall is not designed to be used
on internal LAN connections. The _only_ connection on which you
should have ICF enabled is the direct connection to the Internet.

Internet Firewalls Can Prevent Browsing and File Sharing
http://support.microsoft.com/default.aspx?scid=kb;EN-US;298804

This matter is addressed in Service Pack 2. WinXP's redesigned
built-in Windows Firewall will allow exceptions for File & Print
Sharing.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top