Windows Firewall questions

[Vic]

Trying to figure out if Windows firewall is actually blocking any
intrusions from the internet. The software is setup to give a popup
notice if it blocks something. Blocking is enabled on the LAN (local
area connection) and modem. The only exception is File and Printer
sharing.

The only popups to have occurred is when LAN was setup and I fooled
around setting up WOL ... I've never seen a popup saying it blocked
unwanted internet traffic!

Could it be the firewall is not setup properly (I know very little about
this)?
Could it be the DSL modem/router 'firewall' is blocking everything so
Windows Firewall is not needed?

Thanks
Vic

 

[Bruce Chambers]

Trying to figure out if Windows firewall is actually blocking any
intrusions from the internet. The software is setup to give a popup
notice if it blocks something. Blocking is enabled on the LAN (local
area connection) and modem. The only exception is File and Printer
sharing.

The only popups to have occurred is when LAN was setup and I fooled
around setting up WOL ... I've never seen a popup saying it blocked
unwanted internet traffic!

What version of WinXP are you running? I've never seen nor heard of a
version of WinXP whose built-in firewall offers to announce inbound
attempts at attacks. (There is an option to be notified if an
application on your computer tries something unexpected, but this is
something completely different.)

Could it be the firewall is not setup properly (I know very little about
this)?

I don't see how. WinXP's built-in firewall is simple to the point of
being on or off; there's nothing to configure, except for the internal LAN.

Could it be the DSL modem/router 'firewall' is blocking everything so
Windows Firewall is not needed?

If you use a router with NAT, it's still a very good idea to use a 3rd
party software firewall. Like WinXP's built-in firewall, NAT-capable
routers do nothing to protect the user from him/herself (or any
"curious," over-confident teenagers in the home). Again -- and I cannot
emphasize this enough -- almost all spyware and many Trojans and worms
are downloaded and installed deliberately (albeit unknowing of the
potential consequences) by the user. So a software firewall, such as
Sygate or ZoneAlarm, that can detect and warn the user of unauthorized
out-going traffic is an important element of protecting one's privacy
and security. (Remember: Most anti-virus applications do not even scan
for or protect you from adware/spyware, because, after all, you've
installed them yourself, so you must want them there, right?)

I use both a router with NAT and Sygate Personal Firewall, even
though I generally know better than to install scumware. When it comes
to computer security and protecting my privacy, I prefer the old "belt
and suspenders" approach. In the professional IT community, this is
also known as a "layered defense." Basically, it comes down to never,
ever "putting all of your eggs in one basket."



--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell

 

[Vic]

Hi Bruce

Wow, your reply is very informative, and I realize there is a LOT to
know about setting up firewalls.

You asked:

What version of WinXP are you running? I've never seen nor heard of a
version of WinXP whose built-in firewall offers to announce inbound
attempts at attacks. (There is an option to be notified if an
application on your computer tries something unexpected, but this is
something completely different.)

It's XP Home SP2. When you said an APPLICATION doing something funny
could trigger the warning popup it struck a cord. THAT is when I saw
popups. Guess I was under the impression the firewall warned of
unexpected 'visitors' attempting access from the internet!

How can I know if the firewall IS stopping unsolicited inbound attempts?

-- almost all spyware and many Trojans and worms
are downloaded and installed deliberately (albeit unknowing of the
potential consequences) by the user. So a software firewall, such as
Sygate or ZoneAlarm, that can detect and warn the user of unauthorized
out-going traffic is an important element of protecting one's privacy
and security. (Remember: Most anti-virus applications do not even scan
for or protect you from adware/spyware, because, after all, you've
installed them yourself, so you must want them there, right?)

The reason all the questions and concern over the firewall came up after
doing a virus scan (yesterday) with Trendmicro's 'Sysclean"
http://www.trendmicro.com/download/sysclean.asp , it found a rather
'unknown' virus (cannot remember the name right now). Don't have the
faintest idea how it came here although I have been looking at various
software packages from the internet. A full system scan showed no other
'packed' (ZIP etc) files had it. Hmmm!

My system is pretty low end for XP. It's an OLD Tyan S1590 mobo w/AMD
550mhz CPU, 384mb memory. Because of that I've always hesitated to run a
firewall, concerned about sluggish performance!

If I may ask, being the job Windows Firewall does seems 'minimal' and I
have no concerns about funny business going on over the home network,
does it really make sense to have it on? I know the DSL modem/router
(Siemens SpeedStream) has a built-in 'firewall' blocking ports. I've
done NUMEROUS checks for security on various websites including
http://grc.com/default.htm (click on SHIELDS-UP) which checks a
multitude of things. All ports come up STEALTH (green) and the PC always
gets a good bill of health, though not perfect. In your opinion does it
make sense to turn off Windows Firewall and install another (e.g.
Zonealarm or Sygate Personal Firewall)?

I know you believe in many layers of defense ... but how about on a
low-end PC with an operator who is conservative and VERY cautious about
sites visited?

Thanks again for your input, you guys are a tremendous help!
Vic

What version of WinXP are you running? I've never seen nor heard of a
version of WinXP whose built-in firewall offers to announce inbound
attempts at attacks. (There is an option to be notified if an
application on your computer tries something unexpected, but this is
something completely different.)



I don't see how. WinXP's built-in firewall is simple to the point of
being on or off; there's nothing to configure, except for the internal LAN.


If you use a router with NAT, it's still a very good idea to use a 3rd
party software firewall. Like WinXP's built-in firewall, NAT-capable
routers do nothing to protect the user from him/herself (or any
"curious," over-confident teenagers in the home). Again -- and I cannot
emphasize this enough -- almost all spyware and many Trojans and worms
are downloaded and installed deliberately (albeit unknowing of the
potential consequences) by the user. So a software firewall, such as
Sygate or ZoneAlarm, that can detect and warn the user of unauthorized
out-going traffic is an important element of protecting one's privacy
and security. (Remember: Most anti-virus applications do not even scan
for or protect you from adware/spyware, because, after all, you've
installed them yourself, so you must want them there, right?)

I use both a router with NAT and Sygate Personal Firewall, even
though I generally know better than to install scumware. When it comes
to computer security and protecting my privacy, I prefer the old "belt
and suspenders" approach. In the professional IT community, this is
also known as a "layered defense." Basically, it comes down to never,
ever "putting all of your eggs in one basket."



--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand

Russell

 

[Bruce Chambers]

Hi Bruce

Wow, your reply is very informative, and I realize there is a LOT to
know about setting up firewalls.

You asked:



It's XP Home SP2. When you said an APPLICATION doing something funny
could trigger the warning popup it struck a cord. THAT is when I saw
popups. Guess I was under the impression the firewall warned of
unexpected 'visitors' attempting access from the internet!

How can I know if the firewall IS stopping unsolicited inbound attempts?

You can't, really, except the the absence of the sort of malware that
firewalls prevent. That's one of the weaknesses of WinXP's built-in
firewall; one has to take its proper functioning on faith.

My system is pretty low end for XP. It's an OLD Tyan S1590 mobo w/AMD
550mhz CPU, 384mb memory. Because of that I've always hesitated to run a
firewall, concerned about sluggish performance!

If I may ask, being the job Windows Firewall does seems 'minimal' and I
have no concerns about funny business going on over the home network,
does it really make sense to have it on? I know the DSL modem/router
(Siemens SpeedStream) has a built-in 'firewall' blocking ports.

As the WinXP firewall provides no additional protection over a router
with NAT, it could be turned off without any loss of protection. So
long as that router is guaranteed not to ever fail, that is.

I've
done NUMEROUS checks for security on various websites including
http://grc.com/default.htm (click on SHIELDS-UP) which checks a
multitude of things. All ports come up STEALTH (green) and the PC always
gets a good bill of health, though not perfect.

The last time I checked the "Shields Up" page, it neglected to
check some of the very ports used by Blaster/Welchia, et al. Has that
oversight been corrected?

Anyway, another site for testing is:

Symantec Security Check
http://security.symantec.com/ssc/home.asp

Additionally, Gibson is a very poor source for computer security
advice. Gibson has been fooling a lot of people for several years, now,
so don't feel too bad about having believed him. He mixes just enough
facts in with his hysteria and hyperbole to be plausible. Despicably,
Gibson is assuming a presumably morally superior pose as a White Knight
out to rescue the poor, defenseless computer user, all the while
offering solutions that do no good whatsoever.

Perhaps you should read what real computer security specialists
have to say about Steve Gibson's "security" expertise. You can start here:
http://www.grcsucks.com/

In your opinion does it
make sense to turn off Windows Firewall and install another (e.g.
Zonealarm or Sygate Personal Firewall)?

Yes. it does. That's what I do for my own machines.

I know you believe in many layers of defense ... but how about on a
low-end PC with an operator who is conservative and VERY cautious about
sites visited?

Well, you are the single most important component of any computer
security plan. There are several essential components to computer
security: a knowledgeable and pro-active user, a properly configured
firewall, reliable and up-to-date antivirus software, and the prompt
repair (via patches, hotfixes, or service packs) of any known
vulnerabilities.

The weakest link in this "equation" is, most often, the computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer. All
too few people keep their antivirus software current, install patches
in a timely manner, or stop to really think about that cutesy link
they're about to click.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.

To learn more about practicing "safe hex," start with these links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

List of Antivirus Software Vendors
http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

Home PC Firewall Guide
http://www.firewallguide.com/

Scumware.com
http://www.scumware.com/

Thanks again for your input, you guys are a tremendous help!
Vic

You're welcome.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell

 

[Incognitus]

Hi Bruce

Wow, your reply is very informative, and I realize there is a LOT to
know about setting up firewalls.

You asked:



It's XP Home SP2. When you said an APPLICATION doing something funny
could trigger the warning popup it struck a cord. THAT is when I saw
popups. Guess I was under the impression the firewall warned of
unexpected 'visitors' attempting access from the internet!

How can I know if the firewall IS stopping unsolicited inbound attempts?

You could configure Windows Firewall to log dropped packets, then keep an
eye on pfirewall.log

Windows Firewall | Advanced tab | Security Logging | Settings.

Start | Run pfirewall.log.

 

[Guest]

This thread has given me great information. Thanks Vic for your questions
and thanks Bruce for the answers. But, what is NAT on a router?

 

[Vic]

Hi Jorie

This thread has given me great information. Thanks Vic for your questions
and thanks Bruce for the answers. But, what is NAT on a router?

I hope Bruce sees this thread again and answers because he is a fountain
of information!
In the mean time, I did some research after viewing his reply and
good-ol' Google explains NAT:

http://www.google.com/search?num=50&hl=en&lr=lang_en&safe=active&q=defin
e%3Anat

If the address link fails, goto google and type DEFINE:NAT <enter> and
what appears is the acronym "network address translation". Don't ask me
what it does because I only have a vague concept but what you can do (as
I did) is look up your specific modem/router on the web (or your
instruction manual, or tech. rep.) and find out if it has NAT
capability.

I looked up the one here (Siemens Speedstream 6520) and lo, it has NAT!
So Windows firewall is now disconnected. Went to the Symantec link Bruce
gave and we passed the security check with flying colors. I'll keep the
firewall off for a while and monitor closely for intrusions. Don't know
if you'd want to do the same as it is risky today! Lotta' screw-balls
out there but with my low-end PC I take chances and disable a LOT of
'overhead' stuff!

Let us know how you make out investigating NAT on you setup
All the best
Vic
___

 

[Guest]

Thanks for the info, Vic. I'll check it out. I don't think I'll turnoff my
firewall tho. Even tho they may not be perfect, they do catch some stuff and
I guess I'd rather have a slower response than deal with a worm or Trojan.
I've HAD that experience and once is enough!

Since I use Symantec on my machine, and keep my definitions up to date and
scan regularly, I don't know if running the
http://security.symantec.com/ssc/home.asp will help much but I'll try it.
"Coals to Newcastle?"

I'm actually wondering if I've got another bug right now and I don't know
how to do a diagnosis. As well as Symantec I also use a free program called
Spy Sweeper by Webroot. It slows things down a lot as it scans for
malware--stuff that comes in from using the internet freely. I've hoped that
the two protective programs (one for viruses and one for spyware/adware)
would keep me clean but it's hard to tell. Giving up a lot of disk space to
"protection" seems counter-intuitive but, as I've just been reading on this
site, the computer seems to know how to juggle the space around. We need to
teach computer-karate to these machines, for self-protection! Smile!

Thanks again. I hadn't thought of Google for a NAT definition! (Doesn't
"nat" sound a lot like a "bug?" Smile again).