whats the point of windows firewall?

[Guest]

i have zone alarm free edition installed on my laptop, which asks me when
something is tring to access the internet etc, yet windows firewall which i
used to have never asked me anything, and when i did a leak test on it the
leak test said i didnt have a firewall running, whereas my zone alarm blocks
it??? whats the point in the windows one???

 

[Ted Zieglar]

Windows Firewall provides essential firewall protection for users who do
not install a third-party firewall. Windows Firewall is not designed to
alert users when their computer is attempting to contact the internet.

 

[B. Nice]

i have zone alarm free edition installed on my laptop, which asks me when
something is tring to access the internet etc, yet windows firewall which i
used to have never asked me anything, and when i did a leak test on it the
leak test said i didnt have a firewall running, whereas my zone alarm blocks
it??? whats the point in the windows one???

The windows firewall concentrates on blocking inbound connections
which can be done reliably to a high degree.

Doing outbound connection control on the same machine as one is trying
to protect is both unreliable and counter-productive. Trying to
control the behaviour of malware already allowed to run is nothing but
a silly idea. It cannot work reliably and therefore provides a false
sense of security.

If you want to find several leak tests that ZoneAlarm Free don't stop
either, you just need to go here:
http://www.firewallleaktester.com/tests_overview.php - press the "view
results" button at the bottom.

ZA free leaks like a sieve.

/B. Nice

 

[Ted Zieglar]

"Trying to control the behaviour of malware already allowed to run is
nothing but a silly idea. It cannot work reliably and therefore provides
a false sense of security."

I think that would come as a great surprise to Zone Labs, Symantec,
F-Protect, McAfee, Kaspersky, Trend Micro, etc.

 

[Bruce Chambers]

i have zone alarm free edition installed on my laptop, which asks me when
something is tring to access the internet etc, yet windows firewall which i
used to have never asked me anything, and when i did a leak test on it the
leak test said i didnt have a firewall running, whereas my zone alarm blocks
it??? whats the point in the windows one???

The "point" of the built-in firewall is to protect your computer from
outside attacks, not from you.

WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes. What WinXP SP2's firewall does not
do, is provide an important additional layer of protection by informing
you about any Trojans or spyware that you (or someone else using your
computer) might download and install inadvertently. It doesn't monitor
out-going network traffic at all, other than to check for IP-spoofing,
much less block (or at even ask you about) the bad or the questionable
out-going signals. It assumes that any application you have on your
hard drive is there because you want it there, and therefore has your
"permission" to access the Internet. Further, because the Windows
Firewall is a "stateful" firewall, it will also assume that any incoming
traffic that's a direct response to a Trojan's or spyware's out-going
signal is also authorized.

ZoneAlarm or Kerio are much better than WinXP's built-in firewall,
in that they do provide that extra layer of protection, are much more
easily configured, and have free versions readily available for
downloading. Even the commercially available Symantec's Norton Personal
Firewall provides superior protection, although it does take a heavier
toll of system performance then do ZoneAlarm or Kerio.

Having said that, it's important to remember that firewalls and
anti-virus applications, which should always be used and should always
be running, while important components of "safe hex," cannot, and should
not be expected to, protect the computer user from him/herself.
Ultimately, it is incumbent upon each and every computer user to learn
how to secure his/her own computer.

--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell

 

[Steven L Umbach]

Because it is built into the operating system, uses little resources, and is
easy to configure for what it does. It most likely is the best host firewall
for the average user that has no need to manage which applications can
access the internet such as for a computer that is used by multiple users.
It is my opinion that it may be best to not alert users of every time
something wants to access the internet because if the user makes a wrong
choice he has either done a denial of service on himself or allowed
malicious traffic that the Windows Firewall could silently drop. It seems
that once a user figured out that a wrong decision blocked their internet
access they tend to say yes to everything after that. I would rather that
the user rely on their spyware an antivirus program [that can monitor all
the time] to protect their computer from such. In any case a user with cable
or DSL should not rely solely on a host/software firewall to protect their
network.

Steve

 

[B. Nice]

"Trying to control the behaviour of malware already allowed to run is
nothing but a silly idea. It cannot work reliably and therefore provides
a false sense of security."

I think that would come as a great surprise to Zone Labs, Symantec,
F-Protect, McAfee, Kaspersky, Trend Micro, etc.

No, it would'nt. They know that perfectly well. That's why they
constantly have to enhance their socalled "security products" to keep
up with the skill sets of crackers. And that's why they have to, like
ZoneLabs, come up with totally new great-sounding concepts like an
"OSFirewall" - *LOL* - they made that word up.

But why would they care? - These companies are in it for the money. As
long as the money keep rolling in and they can keep their customers
happy by blowing smoke in their eyes - why would they care about
boring showstoppers like facts?

Don't be blinded by marketing bullshit - instead start thinking for
yourselves.

/B. Nice

 

[B. Nice]

The "point" of the built-in firewall is to protect your computer from
outside attacks, not from you.

WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes. What WinXP SP2's firewall does not
do, is provide an important additional layer of protection by informing
you about any Trojans or spyware that you (or someone else using your
computer) might download and install inadvertently. It doesn't monitor
out-going network traffic at all, other than to check for IP-spoofing,
much less block (or at even ask you about) the bad or the questionable
out-going signals. It assumes that any application you have on your
hard drive is there because you want it there, and therefore has your
"permission" to access the Internet. Further, because the Windows
Firewall is a "stateful" firewall, it will also assume that any incoming
traffic that's a direct response to a Trojan's or spyware's out-going
signal is also authorized.

ZoneAlarm or Kerio are much better than WinXP's built-in firewall,
in that they do provide that extra layer of protection, are much more
easily configured, and have free versions readily available for
downloading. Even the commercially available Symantec's Norton Personal
Firewall provides superior protection, although it does take a heavier
toll of system performance then do ZoneAlarm or Kerio.

Thanks for copy/pasting this advertisement again.

Now - just to get some sort of balance - maybe it's time to also read
some more critical stuff like this:
http://www.matousec.com/projects/windows-personal-firewall-analysis/results.php

Here is what they have to say about ZoneAlarm after putting it to the
test: "However, its security is very poor and we do not recommend
ZoneAlarm Pro for any serious use."

And here is what they have to say about Kerio: "We can hardly imagine
a personal firewall with worse level of security."

Having said that, it's important to remember that firewalls and
anti-virus applications, which should always be used and should always
be running, while important components of "safe hex," cannot, and should
not be expected to, protect the computer user from him/herself.

Wait a minute. You started by saing that the "point" of the WinFW was
to protect you from outside attacks - not from you. Then you're saying
that other firewalls are much better at doing exactly that, but then
end up saying that firewalls should NOT be expected to protect the
user from oneself anyway. Ehhmm, can you please make up your mind,
Bruce?

Ultimately, it is incumbent upon each and every computer user to learn
how to secure his/her own computer.

Sure - and personal firewalls are'nt the best choice.

/B. Nice

 

[Ted Zieglar]

Lol...

"Now - just to get some sort of balance - maybe it's time to also read
some more critical stuff like this:"

The Flat Earth Society -
Deprogramming the Masses Since 1547
http://www.alaska.net/~clund/e_djublonskopf/Flatearthsociety.htm

 

[Robert Moir]

"Trying to control the behaviour of malware already allowed to run is
nothing but a silly idea. It cannot work reliably and therefore provides a
false sense of security."

I think that would come as a great surprise to Zone Labs, Symantec,
F-Protect, McAfee, Kaspersky, Trend Micro, etc.

You think incorrectly. While none of the AV vendors make a big noise about
this in their advertising blurb, you'll find all their engineers subscribe
to the old "prevention is better than cure" philosophy for exactly this
reason.

Once an operating system has been compromised you absolutely cannot
guarantee that operating system is clean simply by using tools that are run
inside the operating system environment. This is a well known tenet of
dealing with malware and has been so for a very long time.

http://www.bitdefender.com/bd/site/presscenter.php?menu_id=25&n_id=58

 

[Robert Moir]

i have zone alarm free edition installed on my laptop, which asks me when
something is tring to access the internet etc, yet windows firewall which
i
used to have never asked me anything, and when i did a leak test on it the
leak test said i didnt have a firewall running, whereas my zone alarm
blocks
it??? whats the point in the windows one???

Yep, what use is a product that runs quietly in the background and does
exactly what it claims to do, no more and no less, without constantly
interupting you all the time to tell you how clever it is?

I'd much rather use Zone Alarm. It isn't like I use my computer for anything
other than the entertainment I get from clicking on pointless messages from
a security program that wants a cookie for saving me from something that
wasn't actually a real threat.
[this post may or may not contain twice the rda of sarcasm]

 

[Ted Zieglar]

Maybe, but that didn't have anything to do with my post.

 

[Robert Moir]

Maybe, but that didn't have anything to do with my post.

It had everything to do with your post. I'll spell it out for you.

B.Nice pointed out that: "Trying to control the behaviour of malware already
allowed to run is nothing but a silly idea. It cannot work reliably and
therefore provides a false sense of security."

You replied to them with: "I think that would come as a great surprise to
Zone Labs, Symantec, F-Protect, McAfee, Kaspersky, Trend Micro, etc."

I replied to you illustrating the ways in which B.Nice's point was correct.

Let's add some more weight to the arguement:
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

 

[Leythos]

It had everything to do with your post. I'll spell it out for you.

B.Nice pointed out that: "Trying to control the behaviour of malware already
allowed to run is nothing but a silly idea. It cannot work reliably and
therefore provides a false sense of security."

You replied to them with: "I think that would come as a great surprise to
Zone Labs, Symantec, F-Protect, McAfee, Kaspersky, Trend Micro, etc."

I replied to you illustrating the ways in which B.Nice's point was correct.

Let's add some more weight to the arguement:
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

Try using Windows firewall in the real world, in the wild, with hundreds
of non-technical, non-security minded users. It's almost completely
useless.

Windows Firewall is good for getting Windows installed and updates
downloaded as long as the user does nothing else while downloading
updates.

Windows Firewall permits applications to create exceptions, in the
default installation using the default user settings.

While I don't like PFW solutions, most of them will at least be less
prone to having an exception entered without the user knowing about it,
if not blocking it completely.

 

[B. Nice]

Lol...

"Now - just to get some sort of balance - maybe it's time to also read
some more critical stuff like this:"

The Flat Earth Society -
Deprogramming the Masses Since 1547
http://www.alaska.net/~clund/e_djublonskopf/Flatearthsociety.htm

LOL - That was a new way of saying "I'm clueless".

 

[B. Nice]

Try using Windows firewall in the real world, in the wild, with hundreds
of non-technical, non-security minded users. It's almost completely
useless.

It is'nt even close to "completely useless". It's a great step forward
in out-of-the-box prevention of internet worms being spread to
non-technical users behaving reasonably.

And no PFW will protect non-technical, non-security minded users from
doing something stupid. Especially not if those users are running as
admins, like you point out yourself.

Windows Firewall is good for getting Windows installed and updates
downloaded as long as the user does nothing else while downloading
updates.

That's true for any PFW.

Windows Firewall permits applications to create exceptions, in the
default installation using the default user settings.

In a default installation with the user running as admin, any
application can do anything it wants. So that's no argument.

Furthermore, malware writers can test their code against any PFW while
the opposite logically cannot be done.

While I don't like PFW solutions, most of them will at least be less
prone to having an exception entered without the user knowing about it,
if not blocking it completely.

The question must be if it is worth it to add additional complexity
(with all it leads to in terms of further vulnerabilities, more
problems for the user and false sense of security) to a system to
implement a security concept based on hope. I think not.

Teaching users a few ground rules and making them constantly aware of
what they are doing is much better than throwing PFW's at them giving
them a false sense of security.

When you get a car - do you learn to drive it safely - or do you just
install some extra airbags?

/B. Nice

 

[Leythos]

It is'nt even close to "completely useless". It's a great step forward
in out-of-the-box prevention of internet worms being spread to
non-technical users behaving reasonably.

Since applications, without any warning, can create exceptions, without
any user knowing about it, it's worthless.

And no PFW will protect non-technical, non-security minded users from
doing something stupid. Especially not if those users are running as
admins, like you point out yourself.

Wrong, there are many things that exploit the Admin user level, and
while all of them would target the Windows Firewall, not near as many
target the non-windows firewall solutions. Just by numbers alone that
makes third-party solutions more likely to provide protection.

That's true for any PFW.

If you agree to that idea, then you can't disagree that Windows Firewall
is a larger target and since it doesn't alert users to changes, since it
doesn't show real-time traffic, since it can easily be disabled without
the user knowing, it means that the other solutions provide a better
means of protections.

[snipped rest as it all falls apart after the above]

 

[B. Nice]

Since applications, without any warning, can create exceptions, without
any user knowing about it, it's worthless.

Since any application running with admin rights can do anything, any
PFW is worthless in that respect.

Wrong, there are many things that exploit the Admin user level, and
while all of them would target the Windows Firewall, not near as many
target the non-windows firewall solutions. Just by numbers alone that
makes third-party solutions more likely to provide protection.

Pure speculation. It's childsplay for malware to figure out what
PFW-solution(s) are running and to act accordingly. And remember:
"Malware writers can test their code against any PFW while the
opposite logically cannot be done." - but of course you snipped that
strong argument away.

If you agree to that idea, then you can't disagree that Windows Firewall
is a larger target and since it doesn't alert users to changes, since it
doesn't show real-time traffic, since it can easily be disabled without
the user knowing, it means that the other solutions provide a better
means of protections.

[spin-attempt ignored]

[snipped rest as it all falls apart after the above]

No. You snipped away some strong arguments, because they did'nt fit
your agenda. Nothing new.

/B. Nice