Sign-in / Sign-up
Your question

XP SP2 Firewall or ZA Free?

Tags:
  • Firewalls
  • Security
  • Windows XP
  • Networking
Last response: in Networking
Anonymous
a b 8 Security
June 23, 2004 7:46:44 PM

Archived from groups: comp.security.firewalls (More info?)

I have been using ZA Free and just downloaded the SP2 for XP.
Should I use both? Just one?
Help greatly appreciated.

Thanks,

Jack Barrett
My Web Site: http://windsurf_2.tripod.com
RSG Roll Call: http://rec-sport-golf.com?rc=jack

More about : sp2 firewall free

Anonymous
a b 8 Security
June 23, 2004 7:46:45 PM

Archived from groups: comp.security.firewalls (More info?)

Jack Barrett said in news:EBhCc.7$Ev6.2@news01.roc.ny:
> I have been using ZA Free and just downloaded the SP2 for XP.
> Should I use both? Just one?
> Help greatly appreciated.
>
> Thanks,
>
> Jack Barrett
> My Web Site: http://windsurf_2.tripod.com
> RSG Roll Call: http://rec-sport-golf.com?rc=jack

Since SP2 is still just a release *candidate* (i.e., beta), do you want
to trust a beta product to protect your system?

From what I see at
http://www.microsoft.com/technet/community/columns/cabl...,
it appears the "Windows Firewall" (which used to be called ICF) will
include outbound blocking (ICF did not).

I've only seen ZA Free on other user's systems but am not familiar with
configuring or using it. It is possible it has additional features not
available in the Windows Firewall (in SP2). I currently use Norton's
Internet Security (NIS) which integrates their Norton AntiVirus and it
has intrusion detection (algorithms to detect the methods used for
hacking in) that the Windows Firewall doesn't have. NIS also lets you
define what you block to specific web sites. While Referrer gets
blocked globally, you can permit it on a site basis where it is needed
(i.e., the site requires Referrer because they only let you navigate to
their other pages from their own web pages and won't permit outside
links into those buried web pages). Windows Firewall doesn't have that.
NIS includes ad blocking. Not Windows Firewall. You can use the
Parental Control feature (but it consumes LOTS of memory, like 115MB on
my system, to load the entire site category lookup table) to regulate
what type of sites you or your kids can visit. I used it to provide URL
filtering (where I can use wildcards or just the domains rather than
having to use a fully qualified domain name as is required in the
'hosts' file) but eventually wanted my memory back so I reinstalled
without the Parental Control feature.

I paid for NIS. ZA Free is free but I don't know what is its feature
set. I suspect ZA Free still has features not present in SP2's Windows
Firewall. You can use the link above to compare Windows Firewall
against the ZA Free that you are using now.

--
____________________________________________________________
*** Post replies to newsgroup. Share with others.
*** Email domain = ".com" *AND* append "=NEWS=" to Subject.
____________________________________________________________
June 23, 2004 9:50:01 PM

Archived from groups: comp.security.firewalls (More info?)

Vanguard wrote:

> Jack Barrett wrote:
>> I have been using ZA Free and just downloaded the SP2 for XP.
>> Should I use both? Just one?
>
> Since SP2 is still just a release *candidate* (i.e., beta), do you
> want to trust a beta product to protect your system?
>
> From what I see at
>
http://www.microsoft.com/technet/community/columns/cabl...,
> it appears the "Windows Firewall" (which used to be called ICF) will
> include outbound blocking (ICF did not).

The Windows Firewall debuting with SP-2 does not include outbound
blocking. What you are seeing in that article is the ability to control
which applications are allowed to receive unsolicited inbound
connections.
Related resources
Anonymous
a b 8 Security
June 23, 2004 10:05:14 PM

Archived from groups: comp.security.firewalls (More info?)

· said in news:D pjCc.246327$hY.236491@twister.nyroc.rr.com:
>
> The Windows Firewall debuting with SP-2 does not include outbound
> blocking. What you are seeing in that article is the ability to
> control which applications are allowed to receive unsolicited inbound
> connections.

You sure? In AV products that I've seen, an application rules list
means you are defining what port and protocol an application can use to
punch *out* from your network. Articles like
http://www.eweek.com/article2/0,1759,1416130,00.asp which state:

"There will be a new ICF Permissions List to which an administrator may
add a trusted application. When an application on this list needs to
open a port, ICF will open it automatically."

This means the *application* wants to open a port, not that some
unsolicited outside traffic is trying to connect specifically to that
particular application but only through, if it was running. The
application punches out a port to allow traffic in on that port. You
are allowing the application a port through which it can send outbound
communication (with the possibility that inbound traffic could also use
that port if the application responds to it). Most firewalls allow you
to specify the direction of the traffic, whether outbound or inbound or
both, but I didn't see anything in SP2's Windows Firewall that lets you
specify the direction. It just seemed more likely that you were adding
applications to a rules list to let them establish outbound traffic (so
they are usable).

If SP2's Windows Firewall is not monitoring (and blocking non-excepted)
outbound traffic then I don't see the purpose of having an applications
permission list. Why define an outbound exception list for some
applications when ALL of them can making any outbound connection they
want? An inbound exception list doesn't make sense except for server
programs, like a web server. Since the linked article shows an
anti-virus program in the exception list (which makes *outbound*
connections for updates rather than letting the vendor in anytime they
want) and MSCOM Toolbox (obviously something that needs an *outbound*
connection and nothing an outsider would be trying to connect to) then
it sure looks like this applications permission list is the same as an
applications rules list (which is for OUTBOUND connections).

But since SP2 isn't released yet, I won't know for sure until it does
get released and I can check it out. However, in reading review and
news articles about SP2 Windows Firewall, I sure get the impression that
it will have outbound checking. The scary part is the opening a port
for an application in SP2 Windows Firewall seems to allow both inbound
and outbound traffic. You might want the application to only have
outbound traffic and block any *unsolicited* inbound traffic on the same
port (i.e., not initiated by the outbound traffic on that port).

--
____________________________________________________________
*** Post replies to newsgroup. Share with others.
*** Email domain = ".com" *AND* append "=NEWS=" to Subject.
____________________________________________________________
June 24, 2004 4:36:00 AM

Archived from groups: comp.security.firewalls (More info?)

*Vanguard* wrote:

> · said in news:D pjCc.246327$hY.236491@twister.nyroc.rr.com:
>>
>> The Windows Firewall debuting with SP-2 does not include outbound
>> blocking. What you are seeing in that article is the ability to
>> control which applications are allowed to receive unsolicited inbound
>> connections.
>
> You sure? In AV products that I've seen, an application rules list
> means you are defining what port and protocol an application can use
> to punch *out* from your network. Articles like
> http://www.eweek.com/article2/0,1759,1416130,00.asp which state:
>
> If SP2's Windows Firewall is not monitoring (and blocking
> non-excepted) outbound traffic then I don't see the purpose of having
> an applications permission list. Why define an outbound exception
> list for some applications when ALL of them can making any outbound
> connection they want? An inbound exception list doesn't make sense
> except for server programs, like a web server.

I'm sure of what I read. The exception lists there are for server
applications, not for programs making outbound connections. Just read
the text in the screen shot of the dialog with the Exceptions tab
selected: "Windows Firewall is blocking incoming network connections,
except for the programs and services selected below." That says it all.

But you're right, SP-2 isn't final yet. Microsoft probably has teams of
lawyers discussing what the chances are they can get away with screwing
over yet another market niche--this time the personal firewall market.

I wish they would implement outbound protection, and your initial post
got my hopes up. I've had it up to my ass with lousy third-party
software firewalls, and I'd welcome the chance to rid myself of hours
spent endlessly fiddling with damnable, problematic Fisher-Price
firewall controls.