Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
On Tue, 01 Feb 2005 15:55:18 -0800, Steve Clark [MSFT] wrote:
> It is generally recommended to protect individual hosts with a firewall (the
> Windows firewall does just fine; if you never get infected in the first
> place, outbound connections are irrelevant...) and place those protected
> hosts behind a firewall or router with packet filtering.
The only people suggesting that the SP2 firewall is adequate for
protection are the non-security professionals in the group.
As a network designer and having never had a compromised network, I would
never trust any firewall product from MS to protect my networks or my
computers.
I have yet to see a third party (credible) resource that states with
certainty that the Sp2 firewall is actually capable of defending clients
workstations.
With all the people that don't have a clue about what to allow, what not
to click on when on the web, all of the compromised systems, all of the
people with File/Printer sharing enabled on a single PC networks, can you
really expect that a personal firewall app that is controlled by the
ignorant is going to protect them? NO!
A router that provides NAT is NOT a firewall, it's a router that does NAT.
NAT is not a firewall method, but a routing function. Firewalls do not
have to use NAT to protect networks. At the same time, NAT does make a
very nice first layer of defense for many networks, but, again, it's not a
firewall.
All home users that get internet access via Cable or DSL should have NAT
enabled on their ISP's modem or purchase a third-party router like the
Linksys BEFSR41. The router with NAT will do a better job protecting the
computer than the SP2 firewall.
--
spam999free@rrohio.com
remove 999 in order to email me