XP Fire wall

[Cracker Jacks]

Could someone tell me If I should use external fire wall software or is the
on built in to XP good enough? I know this may be a fairly open question.
But for the average home user how does it fair against say Zone Alarm Pro?

 

[Mike Bright MSP]

This is a very interesting question and one which you
will get a lot of different view's about. From a
personal stand point, I use the Windows Firewall. But it
does really depend on what you are wanting to do.

For example if we take Windows Firewall at the moment you
can't allow access to all ports on your machine for one
specific IP address (without adding each port). This is
a feature which taking you example Zone Alarm does have.

Each different Firewall has different features, but at
the end of the day it comes down to what you do with your
machine.

If for example you are a stand-alone home user who has no
network and don't share your connection. Then the XP
Firewall would probably be sufice. However if you were
using different network configurations and different
speicifc rules for different applications then maybe a
more advanced firewall which is needed.

Anyway that's my ten cent's worth

Mike Bright MCP, MSP

e:[email protected]

 

[Robert Moir]

Could someone tell me If I should use external fire wall software or
is the on built in to XP good enough? I know this may be a fairly
open question. But for the average home user how does it fair against
say Zone Alarm Pro?

The Windows XP firewall is very good at what it does, as good at that job as
Zone Alarm if not better, but Zone Alarm does more things.

But then any "software" firewall is a sick joke compared to a seperate
"hardware" firewall so... *shrug*

 

[Mike]

The XP firewall covers all incoming very well.. it does not cover all exits
at all well.. this will undoubtedly change when the final release of SP2
becomes available..

In the meantime, it is not a bad idea to use a third party firewall as they
control incoming and outgoing..

Hardware firewalls are useful on home networks, and are part of router/hub
setups by default..

 

[worried]

So Robert,
what you are trying to say,is I with my stand alone
XP Home,with XP Firewall,not doing anything
outrageous,don't need Zone Alarm?

 

[Testy]

As long as you stay off porn sites, don't use kazza or download tons of
"free" software you should be fine with the XP firewall and a good
anti-virus program.

Testy

 

[worried]

Thank you Testy,
I don't do all of the below,and have Norton,
so since Zoney and I do not see eye to eye,
I will say goodbye to it..Thanks for the info.

 

[Robert Moir]

So Robert,
what you are trying to say,is I with my stand alone
XP Home,with XP Firewall,not doing anything
outrageous,don't need Zone Alarm?

XP's Firewall, with the versions up to SP1a, is very good at blocking
incoming traffic from your computer. It's every bit as good at this as any
other software firewall.

Other software firewalls however also block outgoing traffic, which can be
useful for catching viruses, spyware & other similar junk in the act. This
is important to people who wallow in spyware either because they don't know
how to avoid it or because they keep doing dumb things.

If you don't intend to get into that position and you keep spyware and
viruses off your system with decent scanners then you don't need the extra
stuff.

XP SP2, when that is finally with us, contains some very big improvements to
the firewall which are well worth having, including adding blocks to
outgoing traffic because the amount of people who are *still* infected with
blaster is proof that lots of people don't know how to avoid bad situations.

I think the XP firewall is perfectly adequate for most needs, and for those
people who do need more, they should consider a hardware firewall of some
kind.

Hope that helps,
Rob

--
--
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html

Kazaa - Software update services for your Viruses and Spyware.

 

[worried]

Thank you all,
for the useful info.

worried<

 

[Bruce Chambers]

Greetings --

WinXP's built-in firewall is _adequate_ at stopping incoming
attacks, and hiding your ports from probes. It doesn't give you any
alarms, or any other kind of indication, to tell you that it is
working, though. Nor is it very easily configurable. What WinXP also
does not do, is protect you from any Trojans or spyware that you (or
someone else using your computer) might download and install
inadvertently. It doesn't monitor out-going traffic at all, other
than to check for IP-spoofing, much less block (or at even ask you
about) the bad or the questionable out-going signals. It assumes that
any application you have on your hard drive is there because you want
it there, and therefore has your "permission" to access the Internet.
Further, because the ICF is a "stateful" firewall, it will also assume
that any incoming traffic that's a direct response to a Trojan's or
spyware's out-going signal is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even the commercially
available Symantec's Norton Personal Firewall is superior by far,
although it does take a heavier toll of system performance then do
ZoneAlarm or Sygate.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH

 

[Juergen Heinzl]

Could someone tell me If I should use external fire wall software or is the
on built in to XP good enough? I know this may be a fairly open question.
But for the average home user how does it fair against say Zone Alarm

Pro?
[-]
All other answers aside -- that it does not allow to block outgoing
traffic is not that much of a problem. Or rather the problem here is
that malware may quite well use known applications to do what it wants.
Say it's rather rare to see a message like "I_AM_A_WORM.EXE wishes to
make a connection to ...".

Aside from that a third party FW solution again means adding more
software bugs to your system and Brainware v1.0 + XP's internal firewall
should be good enough for now despite not coming with all sorts of bells
& whistles.

Of course an external firewall solution, say a second machine or some
sort of "black box" is better, yet it's going to cost you not just money
but time, too as even those aren't going to do it all automagically and
used a./o. configured wrong you may end up feeling more secure than you
are.

Adhering to the KISS principle often works best,
Juergen