windows xp firewall

[yawnmoth]

The Windows XP SP2 firewall is oft derided as being ineffective,
however, I'm not so convinced. Is it ineffective or are those claiming
that it is just spouting off anti-microsoft zealotry?

And if it is ineffective, what's ineffective about it? If it lets
traffic through on all ports above 32,000, then I'd be more concerned
about that than I would be if it let connections from Microsoft go
through without any problems or if it didn't block out-bound traffic.

Anyway, the reason I'm asking is to figure out whether or not I should
install another firewall (if I should, which one should I do?)

 

[Will Denny]

Hi

The XP Firewall doesn't monitor outgoing access to the Internet - so you
won't if a program is ''phoning home' or not. You will need a 3rd party
Firewall for dual monitoring.

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups

 

[Ken Blake, MVP]

The Windows XP SP2 firewall is oft derided as being ineffective,
however, I'm not so convinced. Is it ineffective or are those
claiming that it is just spouting off anti-microsoft zealotry?

The latter.

And if it is ineffective, what's ineffective about it? If it lets
traffic through on all ports above 32,000, then I'd be more concerned
about that than I would be if it let connections from Microsoft go
through without any problems or if it didn't block out-bound traffic.

That's exactly the issue. The Windows firewall monitors incoming traffic
only. Almost any third-party firewall will also monitor outbound traffic,
stopping rogue programs trying to call home, and is a better choice. However
the Windows firewall works and is far from ineffective.

Anyway, the reason I'm asking is to figure out whether or not I should
install another firewall (if I should, which one should I do?)

Personally, I use and recommend a third-pary firewall (the free ZoneAlarm,
in my case, but others are also good), because I believe it increases my
level of security. Although I don't think that it's absolutely necessary for
everyone to do, at the price, I use it.

 

[Frank]

Too many people spout this nonsense.
When you have unauthorized out going traffic means that your
anti virus solution is not up to par.

 

[Guest]

The Windows Firewall is effective as the others have stated. It is true
that, if something slips past your protection, it is then free to "call home".

This is similar to the protection from a hardware firewall on a router,
which has been touted as an effective part of a security package. A lot of
folks only have 1 computer in their house and can't see why they should have
a router when they can just plug into the modem to connect. So, IMO, the
Windows firewall serves this function if a router isn't in the mix.

From a practical side, I protected my wife's office computer with the
Windows Firewall, AVG and Windows Defender (and automatic updates) and
haven't had the least problem with anything phoning home. But I do keep an
eye on it to ensure that nothing sneaks in.

At one point I added a software firewall (Zone Alarm Pro) but it caused so
many problems with the client management software that they use (it's a
veterinary office) that I stopped using it.

- John

 

[Rock]

The Windows XP SP2 firewall is oft derided as being ineffective,
however, I'm not so convinced. Is it ineffective or are those claiming
that it is just spouting off anti-microsoft zealotry?

And if it is ineffective, what's ineffective about it? If it lets
traffic through on all ports above 32,000, then I'd be more concerned
about that than I would be if it let connections from Microsoft go
through without any problems or if it didn't block out-bound traffic.

Anyway, the reason I'm asking is to figure out whether or not I should
install another firewall (if I should, which one should I do?)

The windows firewall is effective for incoming traffic but does not monitor
outbound. There are some good alternatives including zone alarm (free and
paid) and Sunbelt's Kerio Personal Firewall (low cost, this is what I use).

 

[Dan]

The Windows XP SP2 firewall is oft derided as being ineffective,
however, I'm not so convinced. Is it ineffective or are those claiming
that it is just spouting off anti-microsoft zealotry?

And if it is ineffective, what's ineffective about it? If it lets
traffic through on all ports above 32,000, then I'd be more concerned
about that than I would be if it let connections from Microsoft go
through without any problems or if it didn't block out-bound traffic.

Anyway, the reason I'm asking is to figure out whether or not I should
install another firewall (if I should, which one should I do?)

A third party firewall like ZoneAlarm that warns the user is more
effective than the Windows Firewall. I would suggest first and foremost
a good hardware firewall that is built into the router. This has
eliminated many hack attempts on my computer since the attacks are
blocked at the hardware level. I only sometimes now have my computer
light up that a port scan and/or hack was blocked by my firewall that
had managed to slip through the hardware firewall.

 

[q_q_anonymous]

Too many people spout this nonsense.
When you have unauthorized out going traffic means that your
anti virus solution is not up to par.

the MVP is right. The windows firewall cannot block outgoing. It is
part of the functionality of most firewalls to block outgoing.

It is you that spouts nonsense.

A malicious program making an outgoing connection need not be a virus.
Malware removal programs may not pick it up.

 

[Bruce Chambers]

The Windows XP SP2 firewall is oft derided as being ineffective,
however, I'm not so convinced. Is it ineffective or are those claiming
that it is just spouting off anti-microsoft zealotry?

And if it is ineffective, what's ineffective about it? If it lets
traffic through on all ports above 32,000, then I'd be more concerned
about that than I would be if it let connections from Microsoft go
through without any problems or if it didn't block out-bound traffic.

Anyway, the reason I'm asking is to figure out whether or not I should
install another firewall (if I should, which one should I do?)

WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes. What WinXP SP2's firewall does not
do, is provide an important additional layer of protection by informing
you about any Trojans or spyware that you (or someone else using your
computer) might download and install inadvertently. It doesn't monitor
out-going network traffic at all, other than to check for IP-spoofing,
much less block (or at even ask you about) the bad or the questionable
out-going signals. It assumes that any application you have on your
hard drive is there because you want it there, and therefore has your
"permission" to access the Internet. Further, because the Windows
Firewall is a "stateful" firewall, it will also assume that any incoming
traffic that's a direct response to a Trojan's or spyware's out-going
signal is also authorized.

ZoneAlarm or Kerio are much better than WinXP's built-in firewall,
in that they do provide that extra layer of protection, are much more
easily configured, and have free versions readily available for
downloading. Even the commercially available Symantec's Norton Personal
Firewall provides superior protection, although it does take a heavier
toll of system performance then do ZoneAlarm or Kerio.

Having said that, it's important to remember that firewalls and
anti-virus applications, which should always be used and should always
be running, while important components of "safe hex," cannot, and should
not be expected to, protect the computer user from him/herself.
Ultimately, it is incumbent upon each and every computer user to learn
how to secure his/her own computer.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell

 

[Bruce Chambers]

Too many people spout this nonsense.
When you have unauthorized out going traffic means that your
anti virus solution is not up to par.

Utter nonsense. Not all applications that "phone home" are viruses. A
very great many are spyware and adware that the user has voluntarily
installed without understanding the consequences. Anti-virus
applications are not designed to detect most such programs.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell

 

[Rock]

A third party firewall like ZoneAlarm that warns the user is more
effective than the Windows Firewall. I would suggest first and foremost a
good hardware firewall that is built into the router. This has eliminated
many hack attempts on my computer since the attacks are blocked at the
hardware level. I only sometimes now have my computer light up that a
port scan and/or hack was blocked by my firewall that had managed to slip
through the hardware firewall.

Does the router have a firewall, not common in home systems, or NAT which
helps keep out threats but is not a firewall, though commonly confused by
users as one?

 

[Dan]

Does the router have a firewall, not common in home systems, or NAT
which helps keep out threats but is not a firewall, though commonly
confused by users as one?

It must be the NAT since this is a home user system. Can you explain
the difference to me, Rock and thank you for your help.

 

[Paul Johnson]

The Windows XP SP2 firewall is oft derided as being ineffective,
however, I'm not so convinced. Is it ineffective or are those claiming
that it is just spouting off anti-microsoft zealotry?

Often people who like interacting with something that screams the sky is
falling tends to find Windows Firewall to be on the nonverbose side, but
these people are insane (and from a tech support/abuse desk perspective,
truly obnoxious idiots of a higher level). Normal people would tend to
find it's relatively silent operation to be a good thing.

It's not a bad firewall. It's fine for most people.

 

[Paul Johnson]

A third party firewall like ZoneAlarm that warns the user is more
effective than the Windows Firewall.

Snake oil. Here's what SANS thinks about them. I think the SANS Institute
(http://www.sans.org/) pretty much trumps anything found in ZA's marketing
material.

http://lists.sans.org/pipermail/list/2002-July/004700.html
http://www.samspade.org/d/firewalls.html

General consensus is you're better off with nothing if your choice is
nothing or a personal firewall. Windows firewall is plenty. All it's
gotta do is not allow access to ports that shouldn't be listening at the
kernel level. That's pretty much what Windows firewall does.

I would suggest first and foremost
a good hardware firewall that is built into the router. This has
eliminated many hack attempts on my computer since the attacks are
blocked at the hardware level.

Crack attempts, or packets that you just don't understand? Not all
unexpected packets are crack attempts, with about a billion and a half
people on the internet worldwide, someone's bound to typo trying to connect
to a different machine. Unless you're willing to take the time to do
you're homework and learn the nitty gritty about TCP/IP and network
security, follow BugTraq, etc, you simply are not qualified to make the
distinction. Just saying, "But der zone alarm told me!" just makes you
another IWF.

BTW, you might want to realise your usage of hack is a little bit misguided.
Hackers are proficient programmers. Crackers are people who try to break
into other people's systems, write viruses, etc. There's a major ethical
distinction there.

http://ursine.ca/hacker
http://ursine.ca/cracker

 

[Paul Johnson]

Does the router have a firewall, not common in home systems, or NAT which
helps keep out threats but is not a firewall, though commonly confused by
users as one?

Are you clear what a firewall is? http://ursine.ca/Firewall_machine

 

[Paul Johnson]

The windows firewall is effective for incoming traffic but does not
monitor
outbound. There are some good alternatives including zone alarm (free and
paid) and Sunbelt's Kerio Personal Firewall (low cost, this is what I
use).

Actually, Windows Firewall will ask if you want to block or not block
programs from making connections. Check the Windows Firewall control panel
for details. A better strategy, however, would be to not install or use
software that you don't trust to make a connection to begin with.

 

[Paul Johnson]

Please post in conversational order for clarity.
http://ursine.ca/Top_Posting

Too many people spout this nonsense.
When you have unauthorized out going traffic means that your
anti virus solution is not up to par.

That's not necessarily the case. Many trojan horses, such as your typical
spyware, are often invited in by the user. Other times, it's because
someone has managed to hijack the machine. This is one thing that free
software is good for: Peer review of the source code. Many eyes make bugs
and security holes shallow and software safer. Good repositories of peer
reviewed free software would be Sourceforge (http://www.sourceforge.net/)
and Freshmeat (http://www.freshmeat.net/).

You should only install or use software that you trust, and avoid software
that tends to be more readily exploited, such as Internet Explorer, if you
can do so.

 

[Dan]

Snake oil. Here's what SANS thinks about them. I think the SANS Institute
(http://www.sans.org/) pretty much trumps anything found in ZA's marketing
material.

http://lists.sans.org/pipermail/list/2002-July/004700.html
http://www.samspade.org/d/firewalls.html

General consensus is you're better off with nothing if your choice is
nothing or a personal firewall. Windows firewall is plenty. All it's
gotta do is not allow access to ports that shouldn't be listening at the
kernel level. That's pretty much what Windows firewall does.


Crack attempts, or packets that you just don't understand? Not all
unexpected packets are crack attempts, with about a billion and a half
people on the internet worldwide, someone's bound to typo trying to connect
to a different machine. Unless you're willing to take the time to do
you're homework and learn the nitty gritty about TCP/IP and network
security, follow BugTraq, etc, you simply are not qualified to make the
distinction. Just saying, "But der zone alarm told me!" just makes you
another IWF.

BTW, you might want to realise your usage of hack is a little bit misguided.
Hackers are proficient programmers. Crackers are people who try to break
into other people's systems, write viruses, etc. There's a major ethical
distinction there.

http://ursine.ca/hacker
http://ursine.ca/cracker

Thanks for the correction. I have had Windows XP SP2 broken into when I
was testing security with the Windows Firewall enabled. My computer had
been connected to a wired Ethernet router and I was talking to Microsoft
about the break-in. Nothing valuable was lost since I was seeing how
secure the operating system was and how effective the Windows Firewall
with a wired router was. So far, I have not had a similar break-in with
Zone Alarm Professional but everyone can keep going on about how Windows
Firewall in XP SP2 is just as secure as ZA Pro. or more secure if they
like but in reality it is not that way to me.

 

[Dan]

Often people who like interacting with something that screams the sky is
falling tends to find Windows Firewall to be on the nonverbose side, but
these people are insane (and from a tech support/abuse desk perspective,
truly obnoxious idiots of a higher level). Normal people would tend to
find it's relatively silent operation to be a good thing.

It's not a bad firewall. It's fine for most people.

Wrong! The Windows Firewall is not fine for most people. The firewall
is being strengthened by Microsoft for Windows Vista. I will be testing
Release Candidate One for security.

 

[Paul Johnson]

Wrong! The Windows Firewall is not fine for most people. The firewall
is being strengthened by Microsoft for Windows Vista. I will be testing
Release Candidate One for security.

While all software can always use some improvements, that doesn't mean it's
not good for most people. You offer no substantial argument to counter
mine: Either present the basis for your argument or sit back down...