xp sp2 built-in firewall

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I read all posted answers regarding this subjet and some
say that the buil-in firewall is not good enough and some
say it is....really dont know what to do. For my
firewall I use the built-in one, for my anti-virus I use
Norton 2005 Corporate Edition and for anti-spyware I use
Spybot and Ad-Aware SE personal edition, I also use the
built-in popup blocker. Am I protected enough? Thanks
8 answers Last reply
More about built firewall
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Clo" wrote:

    > I read all posted answers regarding this subjet and some
    > say that the built-in firewall is not good enough and some
    > say it is....really dont know what to do. For my
    > firewall I use the built-in one, for my anti-virus I use
    > Norton 2005 Corporate Edition and for anti-spyware I use
    > Spybot and Ad-Aware SE personal edition, I also use the
    > built-in popup blocker. Am I protected enough? Thanks

    In my opinion, yes. Although I have experimented with third party
    firewalls, I have mostly used the Windows firewall (and its predecessor ICF
    firewall in pre-SP2 days) since XP came out and have NEVER had a problem with
    it. Conversely, I have had had minor problems with the Norton firewall and
    major problems with the Zone Alarm firewall. To be sure, other people have
    claimed to have used these products, and others like them, without problems.
    Every system is different, and every user is different.

    In response to the people who claim that you should get a third party
    firewall, I would observe that if you read these newsgroups regularly
    enough, you will find that most of the people who are having firewall-related
    problems are using third party firewalls, especially as part of so-called
    "Internet Security Suites." Very few people have had problems with the
    Windows firewall, and invariably the problems that do come up are either
    associated with bad installs or uninstalls of third party firewalls or
    Internet Security Suites (the most common cause) or are due to unusual or
    unique circumstances that don't apply to most users.

    The fundamental difference between the Windows firewall and a third party
    firewall is even though all firewalls do a more or less equally excellent job
    of blocking unauthorized inbound communications to your computer, the third
    party firewalls will also block certain programs already on your computer
    from communicating with the Internet. Because some of these programs may be
    trojans, worms, or spyware, sometimes this is a good thing. Because many
    other such programs are perfectly legitimate, sometimes this is a bad thing,
    although more an annoyance than an actual problem (these firewalls can be
    configured to stop blocking programs that you want to unblock).
    Unfortunately, the user isn't always able to tell the difference, and these
    programs often do not give the user adequate information or advice on what to
    allow and what to block.

    In my opinion, the slightly extra security (or, as I see it, bell and
    whistle) that comes with blocking crudware from "phoning home" isn't worth
    the additional problems or hassles of installing, configuring, and
    maintaining a third party firewall. My view is to use other lines of
    defenses to keep this crud off my machine in the first place. These other
    defenses -- up to date Windows XP with SP2, up to date antivirus software, up
    to date antispyware and antiadware software, and -- above all -- knowledge of
    how to avoid downloading and installing crudware in the first place, as well
    as the knowledge of how to recognize the signs that you have been compromised
    -- are more than adequate to do the job. They have worked for me for
    years. Going all the way back to 2001, no piece of crudware has ever
    darkened my hard drive during the years that I have used, and still use, the
    built-in XP firewall.

    Ken
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Thank you Ken, I will then leave everything as it is.
    >-----Original Message-----
    >"Clo" wrote:
    >
    >> I read all posted answers regarding this subjet and
    some
    >> say that the built-in firewall is not good enough and
    some
    >> say it is....really dont know what to do. For my
    >> firewall I use the built-in one, for my anti-virus I
    use
    >> Norton 2005 Corporate Edition and for anti-spyware I
    use
    >> Spybot and Ad-Aware SE personal edition, I also use
    the
    >> built-in popup blocker. Am I protected enough? Thanks
    >
    >In my opinion, yes. Although I have experimented with
    third party
    >firewalls, I have mostly used the Windows firewall (and
    its predecessor ICF
    >firewall in pre-SP2 days) since XP came out and have
    NEVER had a problem with
    >it. Conversely, I have had had minor problems with the
    Norton firewall and
    >major problems with the Zone Alarm firewall. To be
    sure, other people have
    >claimed to have used these products, and others like
    them, without problems.
    >Every system is different, and every user is different.
    >
    >In response to the people who claim that you should get
    a third party
    >firewall, I would observe that if you read these
    newsgroups regularly
    >enough, you will find that most of the people who are
    having firewall-related
    >problems are using third party firewalls, especially as
    part of so-called
    >"Internet Security Suites." Very few people have had
    problems with the
    >Windows firewall, and invariably the problems that do
    come up are either
    >associated with bad installs or uninstalls of third
    party firewalls or
    >Internet Security Suites (the most common cause) or are
    due to unusual or
    >unique circumstances that don't apply to most users.
    >
    >The fundamental difference between the Windows firewall
    and a third party
    >firewall is even though all firewalls do a more or less
    equally excellent job
    >of blocking unauthorized inbound communications to your
    computer, the third
    >party firewalls will also block certain programs already
    on your computer
    >from communicating with the Internet. Because some of
    these programs may be
    >trojans, worms, or spyware, sometimes this is a good
    thing. Because many
    >other such programs are perfectly legitimate, sometimes
    this is a bad thing,
    >although more an annoyance than an actual problem (these
    firewalls can be
    >configured to stop blocking programs that you want to
    unblock).
    >Unfortunately, the user isn't always able to tell the
    difference, and these
    >programs often do not give the user adequate information
    or advice on what to
    >allow and what to block.
    >
    >In my opinion, the slightly extra security (or, as I see
    it, bell and
    >whistle) that comes with blocking crudware from "phoning
    home" isn't worth
    >the additional problems or hassles of installing,
    configuring, and
    >maintaining a third party firewall. My view is to use
    other lines of
    >defenses to keep this crud off my machine in the first
    place. These other
    >defenses -- up to date Windows XP with SP2, up to date
    antivirus software, up
    >to date antispyware and antiadware software, and --
    above all -- knowledge of
    >how to avoid downloading and installing crudware in the
    first place, as well
    >as the knowledge of how to recognize the signs that you
    have been compromised
    > -- are more than adequate to do the job. They have
    worked for me for
    >years. Going all the way back to 2001, no piece of
    crudware has ever
    >darkened my hard drive during the years that I have
    used, and still use, the
    >built-in XP firewall.
    >
    >Ken
    >.
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In news:142901c52afd$16845170$a601280a@phx.gbl,
    Clo <anonymous@discussions.microsoft.com> had this to say:

    My reply is at the bottom of your sent message:

    > I read all posted answers regarding this subjet and some
    > say that the buil-in firewall is not good enough and some
    > say it is....really dont know what to do. For my
    > firewall I use the built-in one, for my anti-virus I use
    > Norton 2005 Corporate Edition and for anti-spyware I use
    > Spybot and Ad-Aware SE personal edition, I also use the
    > built-in popup blocker. Am I protected enough? Thanks

    The firewall with XP is fairly decent at preventing you from inbound attacks
    but does little to nothing for outbound protection. A properly configured
    software firewall is a good start towards protecting your data and keeping
    your computer running in decent shape.

    Try some of these if you'd like:

    Firewalls:
    www.agnitum.com - Outpost Personal Firewall
    http://smb.sygate.com/products/spf_standard.htm - Sygate Personal Firewall
    www.kerio.com/us/kpf_download.html - Kerio Personal Firewall

    All of these companies offer free versions.

    Galen
    --
    Signature changed for a moment of silence.
    Rest well Alex and we'll see you on the other side.
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Clo

    The benefit of using a third party software firewall is that you will be
    alerted to unauthorised outgoing and incoming events.. SP2 firewall does a
    good job stopping unauthorised incoming events only..

    --
    Mike Hall
    MVP - Windows Shell/user

    http://dts-l.org/goodpost.htm


    "Clo" <anonymous@discussions.microsoft.com> wrote in message
    news:142901c52afd$16845170$a601280a@phx.gbl...
    >I read all posted answers regarding this subjet and some
    > say that the buil-in firewall is not good enough and some
    > say it is....really dont know what to do. For my
    > firewall I use the built-in one, for my anti-virus I use
    > Norton 2005 Corporate Edition and for anti-spyware I use
    > Spybot and Ad-Aware SE personal edition, I also use the
    > built-in popup blocker. Am I protected enough? Thanks
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    My pleasure. Let me add a few things.

    First, when people say that the Windows firewall is "not good enough," what
    they really mean is that it doesn't block outgoing communications -- not that
    it doesn't do an excellent job of what it is actually supposed to do: block
    unauthorized incoming communications and hide your computer from hackers on
    the Internet. Whether this is actually good or bad depends on what your
    security needs actually are. If you really need the additional capability to
    block outgoing communications with a firewall (e.g. you are a security
    novice, or you have teenagers who use the computer with Administrator
    privileges -- trust me, they know how to find Kazaa), then they are right: by
    this standard, the Windows firewall is not good enough. But if you don't
    need this additional capability because you already do everything else you
    need to do in order to secure your computer from crudware, then at best it
    is the functional equivalent of adding additional home security alarms to
    Fort Knox.

    Second, no one has ever explained why a third party firewall that blocks
    outgoing communications will make a computer more secure than a computer
    running Windows firewall. A third party firewall does not prevent a computer
    from becoming compromised, but only helps limit the damage and even then only
    with respect to crudware that attempts to "phone home" over the Internet
    (which is only a subset of crudware). This isn't my idea of a "more secure"
    computer at all.

    Third, you also need to back up your important data just in case the
    unthinkable happens regardless of how careful you are. It has never happened
    to me, but there is always potentially a first time. If it happened to me, a
    reinstall of XP, applications, and data, followed by research of what exactly
    went wrong, is a matter of 3 or 4 hours at most. Besides, would you trust a
    computer that has been compromised by crudware, but was apparently blocked
    from "phoning home" by a third party firewall? I wouldn't. And that's
    assuming the user even knows that the program is crudware and therefore
    elects to block it.

    Ken

    "Clo" wrote:

    > Thank you Ken, I will then leave everything as it is.
    > >-----Original Message-----
    > >"Clo" wrote:
    > >
    > >> I read all posted answers regarding this subjet and
    > some
    > >> say that the built-in firewall is not good enough and
    > some
    > >> say it is....really dont know what to do. For my
    > >> firewall I use the built-in one, for my anti-virus I
    > use
    > >> Norton 2005 Corporate Edition and for anti-spyware I
    > use
    > >> Spybot and Ad-Aware SE personal edition, I also use
    > the
    > >> built-in popup blocker. Am I protected enough? Thanks
    > >
    > >In my opinion, yes. Although I have experimented with
    > third party
    > >firewalls, I have mostly used the Windows firewall (and
    > its predecessor ICF
    > >firewall in pre-SP2 days) since XP came out and have
    > NEVER had a problem with
    > >it. Conversely, I have had had minor problems with the
    > Norton firewall and
    > >major problems with the Zone Alarm firewall. To be
    > sure, other people have
    > >claimed to have used these products, and others like
    > them, without problems.
    > >Every system is different, and every user is different.
    > >
    > >In response to the people who claim that you should get
    > a third party
    > >firewall, I would observe that if you read these
    > newsgroups regularly
    > >enough, you will find that most of the people who are
    > having firewall-related
    > >problems are using third party firewalls, especially as
    > part of so-called
    > >"Internet Security Suites." Very few people have had
    > problems with the
    > >Windows firewall, and invariably the problems that do
    > come up are either
    > >associated with bad installs or uninstalls of third
    > party firewalls or
    > >Internet Security Suites (the most common cause) or are
    > due to unusual or
    > >unique circumstances that don't apply to most users.
    > >
    > >The fundamental difference between the Windows firewall
    > and a third party
    > >firewall is even though all firewalls do a more or less
    > equally excellent job
    > >of blocking unauthorized inbound communications to your
    > computer, the third
    > >party firewalls will also block certain programs already
    > on your computer
    > >from communicating with the Internet. Because some of
    > these programs may be
    > >trojans, worms, or spyware, sometimes this is a good
    > thing. Because many
    > >other such programs are perfectly legitimate, sometimes
    > this is a bad thing,
    > >although more an annoyance than an actual problem (these
    > firewalls can be
    > >configured to stop blocking programs that you want to
    > unblock).
    > >Unfortunately, the user isn't always able to tell the
    > difference, and these
    > >programs often do not give the user adequate information
    > or advice on what to
    > >allow and what to block.
    > >
    > >In my opinion, the slightly extra security (or, as I see
    > it, bell and
    > >whistle) that comes with blocking crudware from "phoning
    > home" isn't worth
    > >the additional problems or hassles of installing,
    > configuring, and
    > >maintaining a third party firewall. My view is to use
    > other lines of
    > >defenses to keep this crud off my machine in the first
    > place. These other
    > >defenses -- up to date Windows XP with SP2, up to date
    > antivirus software, up
    > >to date antispyware and antiadware software, and --
    > above all -- knowledge of
    > >how to avoid downloading and installing crudware in the
    > first place, as well
    > >as the knowledge of how to recognize the signs that you
    > have been compromised
    > > -- are more than adequate to do the job. They have
    > worked for me for
    > >years. Going all the way back to 2001, no piece of
    > crudware has ever
    > >darkened my hard drive during the years that I have
    > used, and still use, the
    > >built-in XP firewall.
    > >
    > >Ken
    > >.
    > >
    >
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Ken

    Extracts from your post are in parentheses..

    "If you really need the additional capability to block outgoing
    communications with a firewall (e.g. you are a security novice, or you have
    teenagers who use the computer with Administrator privileges -- trust me,
    they know how to find Kazaa), then they are right: by this standard, the
    Windows firewall is not good enough."

    Most users would benefit from a firewall that warns of outgoing events, or
    be made aware of programs that will try to phone home.. it saves having to
    watch every single step that you make..

    Crudware can be imported on the back of innocuous programs and files, and
    then do its work from inside.. the classic 'inside job'.. a third party
    firewall can stop this..


    " Second, no one has ever explained why a third party firewall that blocks
    outgoing communications will make a computer more secure than a computer
    running Windows firewall."

    This is an easy one.. a third party software firewall will warn the user
    that unauthorised events are about to happen, and the user can say NO.. this
    action will prevent any information being sent out.. an example.. in a
    clothes store, you see gates at the entrance/exit that warn of unauthorised
    exits of stock..


    "A third party firewall does not prevent a computer from becoming
    compromised, but only helps limit the damage ...... "

    How can you say this on the basis that a third party software firewall
    blocks incoming, as per Windows firewall, and outgoing too?.. of course, we
    all know that software firewalls of any type can be breached, but it takes a
    determined effort.. you can just type 'Open Sesame'


    "Besides, would you trust a computer that has been compromised by crudware,
    but was apparently blocked from "phoning home" by a third party firewall? I
    wouldn't. And that's assuming the user even knows that the program is
    crudware and therefore elects to block it."

    This assumes that third party firewalls only stop outgoing events, a
    statement that you know to be patently untrue..

    All of the people that I support use McAfee Suite 8 firewall and anti-virus
    (not spam killer or privacy service).. none of them have had problems
    setting up or using the suite.. in fact, many forget it is even there, which
    is how it should be..

    And what's with the 'security novice' jive?.. companies may not use a third
    party software firewall like Zonealarm, but the firewalls that they do use
    are configurable re. stopping access outbound.. do you think that a company
    like IBM just protects against incoming stuff?..

    Microsoft don't have a full software firewall and anti-virus programs
    included in their OSes as protection against lawsuits, and come the day that
    they are allowed so to do, your words here are going to look a little
    stupid..


    --
    Mike Hall
    MVP - Windows Shell/user

    http://dts-l.org/goodpost.htm


    "Ken Gardner" <KenGardner@discussions.microsoft.com> wrote in message
    news:3459BD83-9DEC-44A2-8E04-2E4004E5FEC1@microsoft.com...
    > My pleasure. Let me add a few things.
    >
    > First, when people say that the Windows firewall is "not good enough,"
    > what
    > they really mean is that it doesn't block outgoing communications -- not
    > that
    > it doesn't do an excellent job of what it is actually supposed to do:
    > block
    > unauthorized incoming communications and hide your computer from hackers
    > on
    > the Internet. Whether this is actually good or bad depends on what your
    > security needs actually are. If you really need the additional capability
    > to
    > block outgoing communications with a firewall (e.g. you are a security
    > novice, or you have teenagers who use the computer with Administrator
    > privileges -- trust me, they know how to find Kazaa), then they are right:
    > by
    > this standard, the Windows firewall is not good enough. But if you don't
    > need this additional capability because you already do everything else you
    > need to do in order to secure your computer from crudware, then at best
    > it
    > is the functional equivalent of adding additional home security alarms to
    > Fort Knox.
    >
    > Second, no one has ever explained why a third party firewall that blocks
    > outgoing communications will make a computer more secure than a computer
    > running Windows firewall. A third party firewall does not prevent a
    > computer
    > from becoming compromised, but only helps limit the damage and even then
    > only
    > with respect to crudware that attempts to "phone home" over the Internet
    > (which is only a subset of crudware). This isn't my idea of a "more
    > secure"
    > computer at all.
    >
    > Third, you also need to back up your important data just in case the
    > unthinkable happens regardless of how careful you are. It has never
    > happened
    > to me, but there is always potentially a first time. If it happened to
    > me, a
    > reinstall of XP, applications, and data, followed by research of what
    > exactly
    > went wrong, is a matter of 3 or 4 hours at most. Besides, would you trust
    > a
    > computer that has been compromised by crudware, but was apparently blocked
    > from "phoning home" by a third party firewall? I wouldn't. And that's
    > assuming the user even knows that the program is crudware and therefore
    > elects to block it.
    >
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Mike Hall (MS-MVP)" wrote:

    > "If you really need the additional capability to block outgoing
    > communications with a firewall (e.g. you are a security novice, or you have
    > teenagers who use the computer with Administrator privileges -- trust me,
    > they know how to find Kazaa), then they are right: by this standard, the
    > Windows firewall is not good enough."

    > Most users would benefit from a firewall that warns of outgoing events, or
    > be made aware of programs that will try to phone home.. it saves having to
    > watch every single step that you make..

    I don't dispute that a third party firewall is effective in preventing
    crudware from phoning home. I do dispute that this capability, as a
    practical matter, is much of a security benefit, because it means that the
    user's machine has already been compromised -- otherwise, the crudware
    wouldn't be there in the first place. At best, this feature makes an
    insecure computer slightly less insecure, but they don't help an already
    secure computer be any more secure than it already is with the Windows
    firewall.

    Moreover, third party firewalls are harder to configure properly. A user
    who doesn't even know enough to prevent his computer from being compromised
    isn't going to know how to configure the firewall, either. See, e.g., my
    brother. :) Speaking of my brother -- and he doesn't even rise to the
    security novice level, "total security dumbass" best describes him -- he has
    been problem free since the day months ago when I wiped the crud off his hard
    drive, installed SP2 and the Microsoft beta antispyware program, showed him
    how to use Ad Aware, and -- most important -- set up his teenage daughter on
    a limited account. I shudder to think what would happen to him if, e.g., he
    ran into the same types of problems that I used to have with Zone Alarm.

    > Crudware can be imported on the back of innocuous programs and files, and
    > then do its work from inside.. the classic 'inside job'.. a third party
    > firewall can stop this..

    Right, but so can an up-to-date Windows XP with SP2 set to the default
    settings, an effective and up to date antivirus program, an effective and up
    to date antispyware program, an effective and up to date anti-adware program,
    and just a decent modicum of common sense and good judgment in downloading
    files and opening attachments. The difference is that if the user does all
    of these other things, his machine won't be compromised in the first place.
    >
    > " Second, no one has ever explained why a third party firewall that blocks
    > outgoing communications will make a computer more secure than a computer
    > running Windows firewall."

    > This is an easy one.. a third party software firewall will warn the user
    > that unauthorised events are about to happen, and the user can say NO.. this
    > action will prevent any information being sent out.. an example.. in a
    > clothes store, you see gates at the entrance/exit that warn of unauthorised
    > exits of stock..

    But how does this feature make me more secure? It tells me only that some
    program is trying to access the Internet, and purports to give me (usually
    inadequate) information and/or advice about the program. In the very best
    case scenario, it warns me that crudware is trying to phone home -- but this
    goes back to my point that these firewalls make insecure machines less
    insecure, but they do nothing to increase the security of an already secure
    machine. In the worst case scenario, legitimate outbound communications on
    an already secure machine are being blocked, often without my knowledge or
    consent.

    > "A third party firewall does not prevent a computer from becoming
    > compromised, but only helps limit the damage ...... "

    > How can you say this on the basis that a third party software firewall
    > blocks incoming, as per Windows firewall, and outgoing too?.. of course, we
    > all know that software firewalls of any type can be breached, but it takes a
    > determined effort.. you can just type 'Open Sesame'

    To the extent that it blocks incoming communications, well, all firewalls do
    that, and all of them do it well. To the extent that it blocks outgoing
    communications, either the communication is legitimate (in which case it is a
    hindrance) or illegitimate (in which case the machine is already
    compromised). Either way, it doesn't enhance security, although it does
    reduce the level of insecurity of an otherwise insecure machine.

    > "Besides, would you trust a computer that has been compromised by crudware,
    > but was apparently blocked from "phoning home" by a third party firewall? I
    > wouldn't. And that's assuming the user even knows that the program is
    > crudware and therefore elects to block it."

    > This assumes that third party firewalls only stop outgoing events, a
    > statement that you know to be patently untrue..

    Again, I don't deny that they also stop incoming attacks, but so does
    Windows firewall. The issue here is not whether a firewall is better than no
    firewall, but whether, from a security standpoint, users who take a few
    simple steps to secure their machine really need the additional ability of a
    third party firewall to block certain outgoing communications. I haven't
    seen a compelling argument that they do.

    > All of the people that I support use McAfee Suite 8 firewall and anti-virus
    > (not spam killer or privacy service).. none of them have had problems
    > setting up or using the suite.. in fact, many forget it is even there, which
    > is how it should be..

    That may be the case, although I have had enough bad experiences with
    MacAfee in the past never to use it again. The ideal third party firewall
    would be one that required as little user interaction as possible. This
    ideal state of affairs certainly doesn't describe the two third party
    firewalls I am most familiar with: Norton and Zone Alarm.

    > And what's with the 'security novice' jive?.. companies may not use a third
    > party software firewall like Zonealarm, but the firewalls that they do use
    > are configurable re. stopping access outbound.. do you think that a company
    > like IBM just protects against incoming stuff?..

    I'm saying that people who pay little or no attention to computer security
    are much more likely to need a third party firewall. Even then, it is
    possible to set up their machines so that they don't need one -- as I did
    with my brother.

    > Microsoft don't have a full software firewall and anti-virus programs
    > included in their OSes as protection against lawsuits, and come the day that
    > they are allowed so to do, your words here are going to look a little
    > stupid..

    I'm not following you here. Are you saying that Microsoft doesn't use
    outbound blocking in its Windows firewall because it fears litigation? As
    for antivirus, isn't Microsoft preparing to introduce its own antivirus
    software sometime this year or at least in the next version of Windows? I
    read something to that effect a month or so ago (I can probably find the link
    if I need to).

    Ken
  8. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Additionally, make it a point to regularly download critical/security
    updates from Windows updates.

    --
    HTH
    Meena
    "Clo" <anonymous@discussions.microsoft.com> wrote in message
    news:142901c52afd$16845170$a601280a@phx.gbl...
    > I read all posted answers regarding this subjet and some
    > say that the buil-in firewall is not good enough and some
    > say it is....really dont know what to do. For my
    > firewall I use the built-in one, for my anti-virus I use
    > Norton 2005 Corporate Edition and for anti-spyware I use
    > Spybot and Ad-Aware SE personal edition, I also use the
    > built-in popup blocker. Am I protected enough? Thanks
Ask a new question

Read More

Firewalls Windows XP