xp sp2 built-in firewall

[Clo]

I read all posted answers regarding this subjet and some
say that the buil-in firewall is not good enough and some
say it is....really dont know what to do. For my
firewall I use the built-in one, for my anti-virus I use
Norton 2005 Corporate Edition and for anti-spyware I use
Spybot and Ad-Aware SE personal edition, I also use the
built-in popup blocker. Am I protected enough? Thanks

 

[Meena]

Additionally, make it a point to regularly download critical/security
updates from Windows updates.

 

[Galen]

In Clo <[email protected]> had this to say:

My reply is at the bottom of your sent message:

I read all posted answers regarding this subjet and some
say that the buil-in firewall is not good enough and some
say it is....really dont know what to do. For my
firewall I use the built-in one, for my anti-virus I use
Norton 2005 Corporate Edition and for anti-spyware I use
Spybot and Ad-Aware SE personal edition, I also use the
built-in popup blocker. Am I protected enough? Thanks

The firewall with XP is fairly decent at preventing you from inbound attacks
but does little to nothing for outbound protection. A properly configured
software firewall is a good start towards protecting your data and keeping
your computer running in decent shape.

Try some of these if you'd like:

Firewalls:
www.agnitum.com - Outpost Personal Firewall
http://smb.sygate.com/products/spf_standard.htm - Sygate Personal Firewall
www.kerio.com/us/kpf_download.html - Kerio Personal Firewall

All of these companies offer free versions.

Galen

 

[Mike Hall \(MS-MVP\)]

Clo

The benefit of using a third party software firewall is that you will be
alerted to unauthorised outgoing and incoming events.. SP2 firewall does a
good job stopping unauthorised incoming events only..

 

[Guest]

I read all posted answers regarding this subjet and some
say that the built-in firewall is not good enough and some
say it is....really dont know what to do. For my
firewall I use the built-in one, for my anti-virus I use
Norton 2005 Corporate Edition and for anti-spyware I use
Spybot and Ad-Aware SE personal edition, I also use the
built-in popup blocker. Am I protected enough? Thanks

In my opinion, yes. Although I have experimented with third party
firewalls, I have mostly used the Windows firewall (and its predecessor ICF
firewall in pre-SP2 days) since XP came out and have NEVER had a problem with
it. Conversely, I have had had minor problems with the Norton firewall and
major problems with the Zone Alarm firewall. To be sure, other people have
claimed to have used these products, and others like them, without problems.
Every system is different, and every user is different.

In response to the people who claim that you should get a third party
firewall, I would observe that if you read these newsgroups regularly
enough, you will find that most of the people who are having firewall-related
problems are using third party firewalls, especially as part of so-called
"Internet Security Suites." Very few people have had problems with the
Windows firewall, and invariably the problems that do come up are either
associated with bad installs or uninstalls of third party firewalls or
Internet Security Suites (the most common cause) or are due to unusual or
unique circumstances that don't apply to most users.

The fundamental difference between the Windows firewall and a third party
firewall is even though all firewalls do a more or less equally excellent job
of blocking unauthorized inbound communications to your computer, the third
party firewalls will also block certain programs already on your computer
from communicating with the Internet. Because some of these programs may be
trojans, worms, or spyware, sometimes this is a good thing. Because many
other such programs are perfectly legitimate, sometimes this is a bad thing,
although more an annoyance than an actual problem (these firewalls can be
configured to stop blocking programs that you want to unblock).
Unfortunately, the user isn't always able to tell the difference, and these
programs often do not give the user adequate information or advice on what to
allow and what to block.

In my opinion, the slightly extra security (or, as I see it, bell and
whistle) that comes with blocking crudware from "phoning home" isn't worth
the additional problems or hassles of installing, configuring, and
maintaining a third party firewall. My view is to use other lines of
defenses to keep this crud off my machine in the first place. These other
defenses -- up to date Windows XP with SP2, up to date antivirus software, up
to date antispyware and antiadware software, and -- above all -- knowledge of
how to avoid downloading and installing crudware in the first place, as well
as the knowledge of how to recognize the signs that you have been compromised
-- are more than adequate to do the job. They have worked for me for
years. Going all the way back to 2001, no piece of crudware has ever
darkened my hard drive during the years that I have used, and still use, the
built-in XP firewall.

Ken

 

[Clo]

Thank you Ken, I will then leave everything as it is.

 

[Guest]

My pleasure. Let me add a few things.

First, when people say that the Windows firewall is "not good enough," what
they really mean is that it doesn't block outgoing communications -- not that
it doesn't do an excellent job of what it is actually supposed to do: block
unauthorized incoming communications and hide your computer from hackers on
the Internet. Whether this is actually good or bad depends on what your
security needs actually are. If you really need the additional capability to
block outgoing communications with a firewall (e.g. you are a security
novice, or you have teenagers who use the computer with Administrator
privileges -- trust me, they know how to find Kazaa), then they are right: by
this standard, the Windows firewall is not good enough. But if you don't
need this additional capability because you already do everything else you
need to do in order to secure your computer from crudware, then at best it
is the functional equivalent of adding additional home security alarms to
Fort Knox.

Second, no one has ever explained why a third party firewall that blocks
outgoing communications will make a computer more secure than a computer
running Windows firewall. A third party firewall does not prevent a computer
from becoming compromised, but only helps limit the damage and even then only
with respect to crudware that attempts to "phone home" over the Internet
(which is only a subset of crudware). This isn't my idea of a "more secure"
computer at all.

Third, you also need to back up your important data just in case the
unthinkable happens regardless of how careful you are. It has never happened
to me, but there is always potentially a first time. If it happened to me, a
reinstall of XP, applications, and data, followed by research of what exactly
went wrong, is a matter of 3 or 4 hours at most. Besides, would you trust a
computer that has been compromised by crudware, but was apparently blocked
from "phoning home" by a third party firewall? I wouldn't. And that's
assuming the user even knows that the program is crudware and therefore
elects to block it.

Ken

 

[Mike Hall \(MS-MVP\)]

Ken

Extracts from your post are in parentheses..

"If you really need the additional capability to block outgoing
communications with a firewall (e.g. you are a security novice, or you have
teenagers who use the computer with Administrator privileges -- trust me,
they know how to find Kazaa), then they are right: by this standard, the
Windows firewall is not good enough."

Most users would benefit from a firewall that warns of outgoing events, or
be made aware of programs that will try to phone home.. it saves having to
watch every single step that you make..

Crudware can be imported on the back of innocuous programs and files, and
then do its work from inside.. the classic 'inside job'.. a third party
firewall can stop this..


" Second, no one has ever explained why a third party firewall that blocks
outgoing communications will make a computer more secure than a computer
running Windows firewall."

This is an easy one.. a third party software firewall will warn the user
that unauthorised events are about to happen, and the user can say NO.. this
action will prevent any information being sent out.. an example.. in a
clothes store, you see gates at the entrance/exit that warn of unauthorised
exits of stock..


"A third party firewall does not prevent a computer from becoming
compromised, but only helps limit the damage ...... "

How can you say this on the basis that a third party software firewall
blocks incoming, as per Windows firewall, and outgoing too?.. of course, we
all know that software firewalls of any type can be breached, but it takes a
determined effort.. you can just type 'Open Sesame'


"Besides, would you trust a computer that has been compromised by crudware,
but was apparently blocked from "phoning home" by a third party firewall? I
wouldn't. And that's assuming the user even knows that the program is
crudware and therefore elects to block it."

This assumes that third party firewalls only stop outgoing events, a
statement that you know to be patently untrue..

All of the people that I support use McAfee Suite 8 firewall and anti-virus
(not spam killer or privacy service).. none of them have had problems
setting up or using the suite.. in fact, many forget it is even there, which
is how it should be..

And what's with the 'security novice' jive?.. companies may not use a third
party software firewall like Zonealarm, but the firewalls that they do use
are configurable re. stopping access outbound.. do you think that a company
like IBM just protects against incoming stuff?..

Microsoft don't have a full software firewall and anti-virus programs
included in their OSes as protection against lawsuits, and come the day that
they are allowed so to do, your words here are going to look a little
stupid..


--
Mike Hall
MVP - Windows Shell/user

 

[Guest]

"If you really need the additional capability to block outgoing
communications with a firewall (e.g. you are a security novice, or you have
teenagers who use the computer with Administrator privileges -- trust me,
they know how to find Kazaa), then they are right: by this standard, the
Windows firewall is not good enough."

Most users would benefit from a firewall that warns of outgoing events, or
be made aware of programs that will try to phone home.. it saves having to
watch every single step that you make..

I don't dispute that a third party firewall is effective in preventing
crudware from phoning home. I do dispute that this capability, as a
practical matter, is much of a security benefit, because it means that the
user's machine has already been compromised -- otherwise, the crudware
wouldn't be there in the first place. At best, this feature makes an
insecure computer slightly less insecure, but they don't help an already
secure computer be any more secure than it already is with the Windows
firewall.

Moreover, third party firewalls are harder to configure properly. A user
who doesn't even know enough to prevent his computer from being compromised
isn't going to know how to configure the firewall, either. See, e.g., my
brother. Speaking of my brother -- and he doesn't even rise to the
security novice level, "total security dumbass" best describes him -- he has
been problem free since the day months ago when I wiped the crud off his hard
drive, installed SP2 and the Microsoft beta antispyware program, showed him
how to use Ad Aware, and -- most important -- set up his teenage daughter on
a limited account. I shudder to think what would happen to him if, e.g., he
ran into the same types of problems that I used to have with Zone Alarm.

Crudware can be imported on the back of innocuous programs and files, and
then do its work from inside.. the classic 'inside job'.. a third party
firewall can stop this..

Right, but so can an up-to-date Windows XP with SP2 set to the default
settings, an effective and up to date antivirus program, an effective and up
to date antispyware program, an effective and up to date anti-adware program,
and just a decent modicum of common sense and good judgment in downloading
files and opening attachments. The difference is that if the user does all
of these other things, his machine won't be compromised in the first place.

" Second, no one has ever explained why a third party firewall that blocks
outgoing communications will make a computer more secure than a computer
running Windows firewall."

This is an easy one.. a third party software firewall will warn the user
that unauthorised events are about to happen, and the user can say NO.. this
action will prevent any information being sent out.. an example.. in a
clothes store, you see gates at the entrance/exit that warn of unauthorised
exits of stock..

But how does this feature make me more secure? It tells me only that some
program is trying to access the Internet, and purports to give me (usually
inadequate) information and/or advice about the program. In the very best
case scenario, it warns me that crudware is trying to phone home -- but this
goes back to my point that these firewalls make insecure machines less
insecure, but they do nothing to increase the security of an already secure
machine. In the worst case scenario, legitimate outbound communications on
an already secure machine are being blocked, often without my knowledge or
consent.

"A third party firewall does not prevent a computer from becoming
compromised, but only helps limit the damage ...... "

How can you say this on the basis that a third party software firewall
blocks incoming, as per Windows firewall, and outgoing too?.. of course, we
all know that software firewalls of any type can be breached, but it takes a
determined effort.. you can just type 'Open Sesame'

To the extent that it blocks incoming communications, well, all firewalls do
that, and all of them do it well. To the extent that it blocks outgoing
communications, either the communication is legitimate (in which case it is a
hindrance) or illegitimate (in which case the machine is already
compromised). Either way, it doesn't enhance security, although it does
reduce the level of insecurity of an otherwise insecure machine.

"Besides, would you trust a computer that has been compromised by crudware,
but was apparently blocked from "phoning home" by a third party firewall? I
wouldn't. And that's assuming the user even knows that the program is
crudware and therefore elects to block it."

This assumes that third party firewalls only stop outgoing events, a
statement that you know to be patently untrue..

Again, I don't deny that they also stop incoming attacks, but so does
Windows firewall. The issue here is not whether a firewall is better than no
firewall, but whether, from a security standpoint, users who take a few
simple steps to secure their machine really need the additional ability of a
third party firewall to block certain outgoing communications. I haven't
seen a compelling argument that they do.

All of the people that I support use McAfee Suite 8 firewall and anti-virus
(not spam killer or privacy service).. none of them have had problems
setting up or using the suite.. in fact, many forget it is even there, which
is how it should be..

That may be the case, although I have had enough bad experiences with
MacAfee in the past never to use it again. The ideal third party firewall
would be one that required as little user interaction as possible. This
ideal state of affairs certainly doesn't describe the two third party
firewalls I am most familiar with: Norton and Zone Alarm.

And what's with the 'security novice' jive?.. companies may not use a third
party software firewall like Zonealarm, but the firewalls that they do use
are configurable re. stopping access outbound.. do you think that a company
like IBM just protects against incoming stuff?..

I'm saying that people who pay little or no attention to computer security
are much more likely to need a third party firewall. Even then, it is
possible to set up their machines so that they don't need one -- as I did
with my brother.

Microsoft don't have a full software firewall and anti-virus programs
included in their OSes as protection against lawsuits, and come the day that
they are allowed so to do, your words here are going to look a little
stupid..

I'm not following you here. Are you saying that Microsoft doesn't use
outbound blocking in its Windows firewall because it fears litigation? As
for antivirus, isn't Microsoft preparing to introduce its own antivirus
software sometime this year or at least in the next version of Windows? I
read something to that effect a month or so ago (I can probably find the link
if I need to).

Ken