Windows Firewall

  • Thread starter Thread starter Monty
  • Start date Start date
M

Monty

Hi all, does Windows Firewall offer enough protection. I have EZ Firewall
now but a friend says all they use is the Windows Firewall and they have
zero problems. BTW, the EZ Firewall is free from my IP and is not saving any
permissions. Thanks, Monty
 
Windows Firewall only offers inbound protection; outbound stuff is not
watched.

According to "PC Magazine" the 'best' firewall available for now is Zone
Alarm - and they do have a free version. www.zonelabs.com
 
Monty said:
Hi all, does Windows Firewall offer enough protection. I have EZ
Firewall now but a friend says all they use is the Windows Firewall
and they have zero problems. BTW, the EZ Firewall is free from my IP
and is not saving any permissions. Thanks, Monty
Click to expand...


I know nothing about EZ firewall in particular, but read my standard reply
to this qustion, below:

The XP firewall monitors incoming traffic, but does nothing to stop spyware
programs trying to call home. It also is much less configurable than other
choices (although it's much improved in SP2).

For those reasons I recommend the free version of ZoneAlarm (or almost any
third-party firewall) instead.
 
Dunno. How much protection is "enough protection" for you? If shielding your
computer from the internet is what you're looking for, Windows Firewall is
perfect for you. If you want more features than that, you need a third party
firewall.

If I were you I would read about the differences between Windows firewall
and some of the third party firewalls. You'll find reams of information on
the internet.
 
This question is quite subjective ,however here is my opinion
..Remember it is mine and everyone else can have different . :)

I personally use and recommend everyone use the intergrate Windows Firewall
in SP2 of Windows XP.It has only incoming traffic protection but is very
good.Ask rarely and works automatically and if you click "Don't allow
exceptions" you have maximum protection.


Aslo ,you may *just may* buy a router with integrated hardware firewall so
you'll have double protection and you need anything else for hacker/intruder
protection.


( I don't use router with firewall but I use an intruder protection system
as a second layer of protection that stays behind Win Firewall )


Never forget that the incoming protection is the most important so Win
Firewall is enough .


The other software firewalls(such as your ) have incoming as well as
outgoing protection
..Depening on what protection you need ,choose the one firewall that best meet
your needs.
Sygate's free firewall was very very good but it is now paid as far as I
know because Symantec recently bought Sygate company.Other good is Zone
Alarm free.


But I would aslo say that if you keep ALL your security softwares up-to-date
and they work ,you will not need the outgoing protection because the security
softwares will(should) catch the infection ! :)


Do not hesitate to contact the Community again !!! :)


Panda_man
 
Panda_man said:
Never forget that the incoming protection is the most important so
Win Firewall is enough .
Click to expand...


I certainly agree with the first part of that sentence: "incoming protection
is the most important." But it does not follow from that that the Windows
firewall is enough.

If your anti-spyware protection does a perfect job, there won't be any such
programs trying to call home, and outbound protection won't be needed.
However I am never willing to make the assumption that any protection is
perfect, so I prefer the belt *and* suspenders approach of a firewall that
monitors traffic in both directions.
 
Thanks all for your replies, I was using the free version of Zone Alarm for
many year without any problems. EZ Firewall is a modified program of Zone
alarm from C.A. It is always asking permission to access the internet
although permission was granted. That is something I will address with tech
support from C.A. Monty
 
Ken ,please read these key words in my post again :

Panda_man :
This question is *quite subjective* ,however here is *my opinion*

I *personally use and recommend everyone *use the intergrate Windows Firewall

I *use an intruder protection system
as a second layer of protection* that stays behind Win Firewall

if you keep ALL your security softwares up-to-date
and they work

--
I do trust my security suit and softwares.

Thank you !


Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://pandaman.hit.bg
 
Monty said:
Hi all, does Windows Firewall offer enough protection. I have EZ Firewall
now but a friend says all they use is the Windows Firewall and they have
zero problems. BTW, the EZ Firewall is free from my IP and is not saving any
permissions. Thanks, Monty
Click to expand...



WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes. What WinXP SP2's firewall does not
do, is provide an important additional layer of protection by informing
you about any Trojans or spyware that you (or someone else using your
computer) might download and install inadvertently. It doesn't monitor
out-going network traffic at all, other than to check for IP-spoofing,
much less block (or at even ask you about) the bad or the questionable
out-going signals. It assumes that any application you have on your
hard drive is there because you want it there, and therefore has your
"permission" to access the Internet. Further, because the Windows
Firewall is a "stateful" firewall, it will also assume that any incoming
traffic that's a direct response to a Trojan's or spyware's out-going
signal is also authorized.

ZoneAlarm or Kerio are much better than WinXP's built-in firewall,
in that they do provide that extra layer of protection, are much more
easily configured, and have free versions readily available for
downloading. Even the commercially available Symantec's Norton Personal
Firewall provides superior protection, although it does take a heavier
toll of system performance then do ZoneAlarm or Kerio.



--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Is life so dear or peace so sweet as to be purchased at the price of
chains and slavery? .... I know not what course others may take, but as
for me, give me liberty, or give me death! -Patrick Henry
 
Panda_man said:
Aslo ,you may *just may* buy a router with integrated hardware firewall so
you'll have double protection and you need anything else for hacker/intruder
protection.
Click to expand...


That's not true, at all.

If you use a router with NAT, it's still a very good idea to use a
3rd party software firewall. Like WinXP's built-in firewall,
NAT-capable routers do nothing to protect the user from him/herself (or
any "curious," over-confident teenagers in the home). Again -- and I
cannot emphasize this enough -- almost all spyware and many Trojans and
worms are downloaded and installed deliberately (albeit unknowingly) by
the user. So a software firewall, such as Sygate or ZoneAlarm, that can
detect and warn the user of unauthorized out-going traffic is an
important element of protecting one's privacy and security. (Remember:
Many antivirus applications do not even scan for or protect you from
most adware/spyware, because, after all, you've installed them yourself,
so you must want them there, right?)

I use both a router with NAT and Sygate Personal Firewall, even
though I generally know better than to install scumware. When it comes
to computer security and protecting my privacy, I prefer the old "belt
and suspenders" approach. In the professional IT community, this is
also known as a "layered defense." Basically, it comes down to never,
ever "putting all of your eggs in one basket."


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Is life so dear or peace so sweet as to be purchased at the price of
chains and slavery? .... I know not what course others may take, but as
for me, give me liberty, or give me death! -Patrick Henry
 
Monty said:
Hi all, does Windows Firewall offer enough protection. I have EZ
Firewall now but a friend says all they use is the Windows Firewall
and they have zero problems. BTW, the EZ Firewall is free from my IP
and is not saving any permissions. Thanks, Monty
Click to expand...




From www.spywareinfo.com



I promised myself a while back not to go on another anti-Microsoft rant,
that I would write calmly about any goofs they make. It has been a hard
promise to keep at times. And now, I must break that promise. If I don't
rant about this, I will burst at the seams.

The function of a software firewall is simple. It allows the user to control
the computer's access to other computers. To do that, it blocks attempts to
send unauthorized data out over a network, as well as the attempts of other
computers to send data to the protected computer. A proper firewall allows
data into or out of the computer, only when the user gives the firewall
permission to do so. I think most people will agree that this is an accurate
description of the proper function of a software firewall.

So I am left to wonder if the Microsoft programmers who designed the Windows
Firewall have lost their freakin minds. While the Windows Firewall will
block network access like any other firewall, the settings which determine
whether or not an attempt to access the network is permitted is stored in
the registry. Any piece of software is allowed to edit that part of the
registry and give itself permission to send or receive data over the
network.

There are several viruses, worms and spyware programs that edit the registry
settings for the Windows Firewall. Even if the user discovers a virus
infection and cleans it successfully, that computer can be reinfected at any
time, if the virus edited the firewall settings. Many network worms can
infect a computer if it discovers certain unsecured network ports. It
happened to me once, when I turned off my firewall and forgot to turn it
back on.

Changes to a firewall's settings should be possible only through the
firewall program's interface. Those changes should be saved into an
encrypted file, which cannot be altered by any other program. Those settings
should not EVER be written to the registry, where they can be altered by any
other program running on the PC. It takes only the smallest shred of common
sense to realize this.

Where was the common sense when they were creating the Windows Firewall?
This is like hiring security guards to keep gate crashers away from a party
but allowing the guests to write their own invitations.

But wait, there's more!

Someone discovered recently that the Windows Firewall interface won't even
tell the user about an opened port, if the registry entry granting it
permission has a malformed name. Not only can a malicious programmer give
his evil creation permission to bypass the firewall, he can hide the fact
that he's done it!

It is boneheaded mistakes like this which make it difficult to use Windows
safely. God help us all when Microsoft begins to make its own antivirus
software. The only reason Microsoft's antispyware program works well
probably is because Microsoft didn't write it.
 
Back
Top