Running two firewalls? Can it be done.. should it be done?

[James]

On another forum someone suggested that running two firewalls (i.e.
WinXP's firewall plus a 3rd party firewall) afforded extra protection.
When I countered that most advised against this due to potential
conflicts, he answered:

One problem w/ the way you formulate "two firewalls" is, this is not as
if I were running Sygate with ZA, it's running ICF/WFW w/ Sygate which
is a different matter. They don't operate on the same level. WFW "front
ends" Sygate on my system and would on any other. There are 3rd party
firewalls that you can't do this with - Symantec's and I think Kerio as
well.

About your other point: as I wrote in one of my posts, I insist on
having outbound App control and advanced rule making - shutting down
ports, restricting apps to a single port and so on. Others have
different ways of controling those things. WFW does have the abilty to
close a port to a process. And I have other ways to control applications
via a application "firewall" - in my case System Safety Monitor. There
is another one called Process Guard by the TDS people and more of these
kinds of programs on the way.

 

[Phil]

You could run two firewalls, but it's not needed. That person doesn't know
what their talking about. You get no extra protection from using two
firewalls. Just use one that has inbound and outbound protection and be done
with it. Having the xp firewall on to "double up" on incoming protection
does nothing except possibly cause conflicts.

 

[Andre Da Costa]

The Windows XP Firewall in SP2 is now bidirectional, that means it checks
incoming and outgoing content, if you don't plan on upgrading to SP2, please
use a third party firewall.

Andre

 

[James]

Really? And when did this happen? When I checked yesterday it was still
only monitoring incoming and NOT OUTGOING messages. Where did you hear
this piece of information? And what does any of this have to do with the
subject at hand?

 

[GwD]

Look at the settings. It is blocking outgoing. And the subject at hand is
firewalls including XP's.

 

[James]

Can you offer the evidence that WinXP's firewall is blocking outgoing
messages?

 

[Ken Blake]

In

On another forum someone suggested that running two firewalls
(i.e.
WinXP's firewall plus a 3rd party firewall) afforded extra
protection.
When I countered that most advised against this due to
potential
conflicts, he answered:

One problem w/ the way you formulate "two firewalls" is, this
is not
as if I were running Sygate with ZA, it's running ICF/WFW w/
Sygate
which is a different matter. They don't operate on the same
level.
WFW "front ends" Sygate on my system and would on any other.
There
are 3rd party firewalls that you can't do this with -
Symantec's and
I think Kerio as well.

About your other point: as I wrote in one of my posts, I insist
on
having outbound App control and advanced rule making - shutting
down
ports, restricting apps to a single port and so on. Others have
different ways of controling those things. WFW does have the
abilty to
close a port to a process. And I have other ways to control
applications via a application "firewall" - in my case System
Safety
Monitor. There is another one called Process Guard by the TDS
people
and more of these kinds of programs on the way.

-------------

So, I put it to you once more: Is there anything to be gained
from
running both? If I configured WinXP firewall in such a way,
would I
receive added protection?

You'll find those with different points on view on this. Here's
mine: don't run two firewalls. You achieve no extra protection,
you incur the extra overhead of running two firewalls, and you
run the risk (probably small, but not zero) of conflicts between
them.

See
http://www.microsoft.com/athome/security/protect/firewall.mspx

 

[Ken Blake]

In

The Windows XP Firewall in SP2 is now bidirectional, that means
it
checks incoming and outgoing content,

This is *not* correct. It is identical to the original XP
firewall in this respect. It monitors incoming traffic only.

Refer to
http://www.microsoft.com/athome/security/protect/firewall.mspx
and read the answer to the question "Should I use a non-Microsoft
personal firewall instead of the built-in Internet Connection
Firewall?"

 

[SlowJet]

I agree with the guy 98.6%.

It's a complimentary symbiotic abnormality that just happens to work.
It might not later.

I was running WFW with Winproxy, but the DCOM errors with WIM was getting in
the way.
As the two run in different accounts.

In fact today my trial spy blocker expired and I turned off WFW because of
other problems and even though I am port blocked to the max with my FW, I
feel a little exposed during startup.

But lets face it, if you're the typical home user run ZA and thank you're
lucky stars you didn't have to re-install this month. Assuming you actually
used the computer during the month. lol


(Also, all those parrots can't proof what they say.)
SJ

 

[SlowJet]

Hope three a charm. Are you deaf or stuborn? lol

SJ

 

[James]

Well..I'm a little deaf and a lot stubborn. ;-)

I don't expect miracles from having three spyware progs. Really. But I'm
also not fooling myself that six will be enough.... how about nine?
why not eleven? Where does it end? The OP to give answer to my question
said there was no such thing as enough protection. What on earth does
that translate into ????

 

[SlowJet]

Well, enough would be when all known conditions are accounted for, all the
time.
My 3pFW starts up really slow because it has a proxy cache, three anti
engines and anti files, it is my clients DNS and DHCP server also, so it
takes time.
During that time if I use the Simple WFW, it gives me a "SHields UP" affect.
Also during shut down.

Plus, and I wisk this was configuable for clients also, simple things like
the windows time, the AV update, wAU, don't need to come through the 3rd
pary FW and thus do not take a license computer connection from other
protocols. (But it seems to arbitrary as to what can be configured for the
gateway and what can't, especially MS supplied programs that come with
Winknows.

Someday, somewhere, someone will write a whiz bang do it all host / client /
net firewall for Windows with multiple layers for the diffent purposes.

Until then ZAZAZAZAZAZAZ my net connection sleeps with the fish.

SJ

 

[Guest]

-----Original Message-----
I don't expect miracles from having three spyware progs.
Really. But I'm also not fooling myself that six will
be enough.... how about nine? why not eleven?
Where does it end?

One firewall is all you need. You only need
other "spyware progs" if you install that junk in the
first place. But if you do install it, then I agree
with...

The OP to give answer to my question
said there was no such thing as enough protection.
What on earth does that translate into ????

Once you decide to let it in, it will be a constant arms
race.

 

[SlowJet]

You have your bits mixed up with your bites. lol

SJ

 

[Plato]

On another forum someone suggested that running two firewalls (i.e.

You only need one running 24/7 if you need one at all.

 

[Phil]

XP's firewall does not block outgoing connection requests. Never did and
still does not in sp2.

 

[Alex Nichol]

The Windows XP Firewall in SP2 is now bidirectional, that means it checks
incoming and outgoing content, if you don't plan on upgrading to SP2, please
use a third party firewall.

It is not.

You seem to be making a habit of providing ill informed advice. Please
check on facts

 

[Alex Nichol]

You'll find those with different points on view on this. Here's
mine: don't run two firewalls. You achieve no extra protection,
you incur the extra overhead of running two firewalls, and you
run the risk (probably small, but not zero) of conflicts between
them.

The one exception there I would say is to have Windows firewall
available, and have it in place before doing any maintenance on your
other one, such as updating, which might disable that in the process.

The windows one on at the same time as another is not going to do any
harm; but will add nothing and it may be tricky to get settings for both
working in harmony

 

[Ken Blake]

In

The one exception there I would say is to have Windows firewall
available, and have it in place before doing any maintenance on
your
other one, such as updating, which might disable that in the
process.

Yes, that's certainly good advice. You don't ever want to be
connected to the internet with no firewall in operation.