XP Firewall question

[BillW]

I know that this question has been addressed before on this forum, but I'd
like to ask it again now that SP2 has been out for awhile. I have a router
with a built-in firewall. I have turned off XP's firewall. Is it necessary
or a good idea to run both firewalls - the router's and XP's?

I don't mind running both - I just don't want to cause any unnecessary
problems. Thank you for your help.

 

[Ron Martell]

I know that this question has been addressed before on this forum, but I'd
like to ask it again now that SP2 has been out for awhile. I have a router
with a built-in firewall. I have turned off XP's firewall. Is it necessary
or a good idea to run both firewalls - the router's and XP's?

I don't mind running both - I just don't want to cause any unnecessary
problems. Thank you for your help.

The NAT protection in the router and the Windows XP firewall
protection are basically duplicating the same function - protecting
your computer from outside intrusions.

You could dispense with the Windows firewall and it would not have an
adverse effect on the security of your computer unless and until you
decide to bypass the router and connect directly to the Internet.

The weakness in your security configuration is that neither the router
nor the XP firewall provide any protection at all against unwanted
outgoing traffic, such as might happen should a trojan or spyware app
find its way onto your computer and proceed to propagate itself from
your machine and/or to "phone home" with information gleaned from your
system.

To protect against these types of possibilities you would need a
two-way software firewall such as Zone Alarm or Sygate.

Good luck


Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm

 

[Steve N.]

I know that this question has been addressed before on this forum, but I'd
like to ask it again now that SP2 has been out for awhile. I have a router
with a built-in firewall. I have turned off XP's firewall. Is it necessary
or a good idea to run both firewalls - the router's and XP's?

I don't mind running both - I just don't want to cause any unnecessary
problems. Thank you for your help.

I agree with Ron.

Steve

 

[Bruce Chambers]

I know that this question has been addressed before on this forum, but I'd
like to ask it again now that SP2 has been out for awhile. I have a router
with a built-in firewall. I have turned off XP's firewall. Is it necessary
or a good idea to run both firewalls - the router's and XP's?

I don't mind running both - I just don't want to cause any unnecessary
problems. Thank you for your help.

No, WinXP's built-in firewall won't provided any added protection.
However.... :

If you use a router with NAT, it's still a very good idea to use a
3rd party software firewall. Like WinXP's built-in firewall,
NAT-capable routers do nothing to protect the user from him/herself
(or any "curious," over-confident teenagers in the home). Again --
and I cannot emphasize this enough -- almost all spyware and many
Trojans and worms are downloaded and installed deliberately (albeit
unknowingly) by the user. So a software firewall, such as Sygate or
ZoneAlarm, that can detect and warn the user of unauthorized out-going
traffic is an important element of protecting one's privacy and
security. (Remember: Most antivirus applications do not even scan for
or protect you from adware/spyware, because, after all, you've
installed them yourself, so you must want them there, right?)

I use both a router with NAT and Sygate Personal Firewall, even
though I generally know better than to install scumware. When it
comes to computer security and protecting my privacy, I prefer the old
"belt and suspenders" approach. In the professional IT community,
this is also known as a "layered defense." Basically, it comes down
to never, ever "putting all of your eggs in one basket."

WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes. What WinXP SP2's firewall does not
do, is protect you from any Trojans or spyware that you (or someone
else using your computer) might download and install inadvertently.
It doesn't monitor out-going traffic at all, other than to check for
IP-spoofing, much less block (or at even ask you about) the bad or the
questionable out-going signals. It assumes that any application you
have on your hard drive is there because you want it there, and
therefore has your "permission" to access the Internet. Further,
because the Windows Firewall is a "stateful" firewall, it will also
assume that any incoming traffic that's a direct response to a
Trojan's or spyware's out-going signal is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even the commercially
available Symantec's Norton Personal Firewall is superior by far,
although it does take a heavier toll of system performance then do
ZoneAlarm or Sygate.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Michael Stevens]

In

I know that this question has been addressed before on this forum,
but I'd like to ask it again now that SP2 has been out for awhile. I
have a router with a built-in firewall. I have turned off XP's
firewall. Is it necessary or a good idea to run both firewalls - the
router's and XP's?
I don't mind running both - I just don't want to cause any unnecessary
problems. Thank you for your help.

Not necessary.
--
Michael Stevens MS-MVP XP
(e-mail address removed)
http://www.michaelstevenstech.com
For a better newsgroup experience. Setup a newsreader.
http://www.michaelstevenstech.com/outlookexpressnewreader.htm

 

[Detlev Dreyer]

I'd like to ask it again now that SP2 has been out for awhile. I have
a router with a built-in firewall. I have turned off XP's firewall.
Is it necessary or a good idea to run both firewalls - the router's
and XP's?

You don't need to run both firewalls. A second firewall (WinXP) doesn't
provide additional security.

 

[Alias]

You don't need to run both firewalls. A second firewall (WinXP) doesn't
provide additional security.

Horsepucky. Neither a NAT nor XP's firewall provides complete protection.

Alias

 

[NoNoBadDog!]

Correction...

A second firewall (that is not Windows XP firewall) will provide *OUTBOUND*
protection. While some routers serve the function of a firewall (NAT), they
do not prevent *ANY* outgoing connections or traffic.

Bobby

 

[Detlev Dreyer]

Correction...

A second firewall (that is not Windows XP firewall) will provide
*OUTBOUND* protection.

Wrong approach. As someone else posted today in this group, you have
a severe security issue when you depend on monitoring outgoing traffic.
It's like trying to disconnect your phone when the thief is already in
your house. It's not a firewall's job to detect possible malware. See
the neverending user questions if they should grant internet access
to a file named "iexplore.exe", "rundll32.exe" or "svchost.exe".
Others who don't ask may render their systems useless when blocking
essential Windows functions.

 

[Lou]

I agree with Ron.

Steve

I may be wrong but..

Assuming you have a Lan network behind a router. The router protects
all the computers on the Lan from attacks from the outside world.
Assume one computer on the Lan downloads malware of some kind.
Without a firewall, I think the other computers on the Lan without a
firewall could be infected by the infected home computer. I don't
think the router would protect computers on the Lan from each other.
Again, I may be wrong.

Someone may wish to rebut or confirm my suspicion.

Lou

 

[NobodyMan]

Wrong approach. As someone else posted today in this group, you have
a severe security issue when you depend on monitoring outgoing traffic.
It's like trying to disconnect your phone when the thief is already in
your house. It's not a firewall's job to detect possible malware. See
the neverending user questions if they should grant internet access
to a file named "iexplore.exe", "rundll32.exe" or "svchost.exe".
Others who don't ask may render their systems useless when blocking
essential Windows functions.

Save me from bad analogies. What does disconnecting a phone after a
thief is in the house mean? Do you mean activating the alarm system
after the thief is in the house? You are mixing two different
scenarios in one analogy, creating a statement that makes sense in
neither scenario!

 

[Detlev Dreyer]

Do you mean activating the alarm system after the thief
is in the house?

Nope.

 

[Steve Winograd [MVP]]

I know that this question has been addressed before on this forum, but I'd
like to ask it again now that SP2 has been out for awhile. I have a router
with a built-in firewall. I have turned off XP's firewall. Is it necessary
or a good idea to run both firewalls - the router's and XP's?

I don't mind running both - I just don't want to cause any unnecessary
problems. Thank you for your help.

Yes, it's a good idea to run the router's firewall and XP's Windows
Firewall, and it won't cause any problems.

If one computer on a local area network becomes infected with
something like the Blaster worm, the Windows Firewall will prevent it
from spreading to other computers. The router's firewall can't do
that.

Don't run two software firewalls (e.g. Windows Firewall and ZoneAlarm)
on the same computer.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Steve N.]

I may be wrong but..

Assuming you have a Lan network behind a router. The router protects
all the computers on the Lan from attacks from the outside world.
Assume one computer on the Lan downloads malware of some kind.
Without a firewall, I think the other computers on the Lan without a
firewall could be infected by the infected home computer. I don't
think the router would protect computers on the Lan from each other.
Again, I may be wrong.

Someone may wish to rebut or confirm my suspicion.

Lou

You are correct.

Steve