Sign in with
Sign up | Sign in
Your question

xp sp2 built-in firewall

Last response: in Windows XP
Share
Anonymous
March 17, 2005 9:24:54 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I read all posted answers regarding this subjet and some
say that the buil-in firewall is not good enough and some
say it is....really dont know what to do. For my
firewall I use the built-in one, for my anti-virus I use
Norton 2005 Corporate Edition and for anti-spyware I use
Spybot and Ad-Aware SE personal edition, I also use the
built-in popup blocker. Am I protected enough? Thanks

More about : sp2 built firewall

Anonymous
March 17, 2005 12:53:06 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Clo" wrote:

> I read all posted answers regarding this subjet and some
> say that the built-in firewall is not good enough and some
> say it is....really dont know what to do. For my
> firewall I use the built-in one, for my anti-virus I use
> Norton 2005 Corporate Edition and for anti-spyware I use
> Spybot and Ad-Aware SE personal edition, I also use the
> built-in popup blocker. Am I protected enough? Thanks

In my opinion, yes. Although I have experimented with third party
firewalls, I have mostly used the Windows firewall (and its predecessor ICF
firewall in pre-SP2 days) since XP came out and have NEVER had a problem with
it. Conversely, I have had had minor problems with the Norton firewall and
major problems with the Zone Alarm firewall. To be sure, other people have
claimed to have used these products, and others like them, without problems.
Every system is different, and every user is different.

In response to the people who claim that you should get a third party
firewall, I would observe that if you read these newsgroups regularly
enough, you will find that most of the people who are having firewall-related
problems are using third party firewalls, especially as part of so-called
"Internet Security Suites." Very few people have had problems with the
Windows firewall, and invariably the problems that do come up are either
associated with bad installs or uninstalls of third party firewalls or
Internet Security Suites (the most common cause) or are due to unusual or
unique circumstances that don't apply to most users.

The fundamental difference between the Windows firewall and a third party
firewall is even though all firewalls do a more or less equally excellent job
of blocking unauthorized inbound communications to your computer, the third
party firewalls will also block certain programs already on your computer
from communicating with the Internet. Because some of these programs may be
trojans, worms, or spyware, sometimes this is a good thing. Because many
other such programs are perfectly legitimate, sometimes this is a bad thing,
although more an annoyance than an actual problem (these firewalls can be
configured to stop blocking programs that you want to unblock).
Unfortunately, the user isn't always able to tell the difference, and these
programs often do not give the user adequate information or advice on what to
allow and what to block.

In my opinion, the slightly extra security (or, as I see it, bell and
whistle) that comes with blocking crudware from "phoning home" isn't worth
the additional problems or hassles of installing, configuring, and
maintaining a third party firewall. My view is to use other lines of
defenses to keep this crud off my machine in the first place. These other
defenses -- up to date Windows XP with SP2, up to date antivirus software, up
to date antispyware and antiadware software, and -- above all -- knowledge of
how to avoid downloading and installing crudware in the first place, as well
as the knowledge of how to recognize the signs that you have been compromised
-- are more than adequate to do the job. They have worked for me for
years. Going all the way back to 2001, no piece of crudware has ever
darkened my hard drive during the years that I have used, and still use, the
built-in XP firewall.

Ken
Anonymous
March 17, 2005 1:33:42 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thank you Ken, I will then leave everything as it is.
>-----Original Message-----
>"Clo" wrote:
>
>> I read all posted answers regarding this subjet and
some
>> say that the built-in firewall is not good enough and
some
>> say it is....really dont know what to do. For my
>> firewall I use the built-in one, for my anti-virus I
use
>> Norton 2005 Corporate Edition and for anti-spyware I
use
>> Spybot and Ad-Aware SE personal edition, I also use
the
>> built-in popup blocker. Am I protected enough? Thanks
>
>In my opinion, yes. Although I have experimented with
third party
>firewalls, I have mostly used the Windows firewall (and
its predecessor ICF
>firewall in pre-SP2 days) since XP came out and have
NEVER had a problem with
>it. Conversely, I have had had minor problems with the
Norton firewall and
>major problems with the Zone Alarm firewall. To be
sure, other people have
>claimed to have used these products, and others like
them, without problems.
>Every system is different, and every user is different.
>
>In response to the people who claim that you should get
a third party
>firewall, I would observe that if you read these
newsgroups regularly
>enough, you will find that most of the people who are
having firewall-related
>problems are using third party firewalls, especially as
part of so-called
>"Internet Security Suites." Very few people have had
problems with the
>Windows firewall, and invariably the problems that do
come up are either
>associated with bad installs or uninstalls of third
party firewalls or
>Internet Security Suites (the most common cause) or are
due to unusual or
>unique circumstances that don't apply to most users.
>
>The fundamental difference between the Windows firewall
and a third party
>firewall is even though all firewalls do a more or less
equally excellent job
>of blocking unauthorized inbound communications to your
computer, the third
>party firewalls will also block certain programs already
on your computer
>from communicating with the Internet. Because some of
these programs may be
>trojans, worms, or spyware, sometimes this is a good
thing. Because many
>other such programs are perfectly legitimate, sometimes
this is a bad thing,
>although more an annoyance than an actual problem (these
firewalls can be
>configured to stop blocking programs that you want to
unblock).
>Unfortunately, the user isn't always able to tell the
difference, and these
>programs often do not give the user adequate information
or advice on what to
>allow and what to block.
>
>In my opinion, the slightly extra security (or, as I see
it, bell and
>whistle) that comes with blocking crudware from "phoning
home" isn't worth
>the additional problems or hassles of installing,
configuring, and
>maintaining a third party firewall. My view is to use
other lines of
>defenses to keep this crud off my machine in the first
place. These other
>defenses -- up to date Windows XP with SP2, up to date
antivirus software, up
>to date antispyware and antiadware software, and --
above all -- knowledge of
>how to avoid downloading and installing crudware in the
first place, as well
>as the knowledge of how to recognize the signs that you
have been compromised
> -- are more than adequate to do the job. They have
worked for me for
>years. Going all the way back to 2001, no piece of
crudware has ever
>darkened my hard drive during the years that I have
used, and still use, the
>built-in XP firewall.
>
>Ken
>.
>
Related resources
March 17, 2005 2:18:00 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In news:142901c52afd$16845170$a601280a@phx.gbl,
Clo <anonymous@discussions.microsoft.com> had this to say:

My reply is at the bottom of your sent message:

> I read all posted answers regarding this subjet and some
> say that the buil-in firewall is not good enough and some
> say it is....really dont know what to do. For my
> firewall I use the built-in one, for my anti-virus I use
> Norton 2005 Corporate Edition and for anti-spyware I use
> Spybot and Ad-Aware SE personal edition, I also use the
> built-in popup blocker. Am I protected enough? Thanks

The firewall with XP is fairly decent at preventing you from inbound attacks
but does little to nothing for outbound protection. A properly configured
software firewall is a good start towards protecting your data and keeping
your computer running in decent shape.

Try some of these if you'd like:

Firewalls:
www.agnitum.com - Outpost Personal Firewall
http://smb.sygate.com/products/spf_standard.htm - Sygate Personal Firewall
www.kerio.com/us/kpf_download.html - Kerio Personal Firewall

All of these companies offer free versions.

Galen
--
Signature changed for a moment of silence.
Rest well Alex and we'll see you on the other side.
Anonymous
March 17, 2005 2:18:05 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Clo

The benefit of using a third party software firewall is that you will be
alerted to unauthorised outgoing and incoming events.. SP2 firewall does a
good job stopping unauthorised incoming events only..

--
Mike Hall
MVP - Windows Shell/user

http://dts-l.org/goodpost.htm





"Clo" <anonymous@discussions.microsoft.com> wrote in message
news:142901c52afd$16845170$a601280a@phx.gbl...
>I read all posted answers regarding this subjet and some
> say that the buil-in firewall is not good enough and some
> say it is....really dont know what to do. For my
> firewall I use the built-in one, for my anti-virus I use
> Norton 2005 Corporate Edition and for anti-spyware I use
> Spybot and Ad-Aware SE personal edition, I also use the
> built-in popup blocker. Am I protected enough? Thanks
Anonymous
March 17, 2005 3:11:01 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

My pleasure. Let me add a few things.

First, when people say that the Windows firewall is "not good enough," what
they really mean is that it doesn't block outgoing communications -- not that
it doesn't do an excellent job of what it is actually supposed to do: block
unauthorized incoming communications and hide your computer from hackers on
the Internet. Whether this is actually good or bad depends on what your
security needs actually are. If you really need the additional capability to
block outgoing communications with a firewall (e.g. you are a security
novice, or you have teenagers who use the computer with Administrator
privileges -- trust me, they know how to find Kazaa), then they are right: by
this standard, the Windows firewall is not good enough. But if you don't
need this additional capability because you already do everything else you
need to do in order to secure your computer from crudware, then at best it
is the functional equivalent of adding additional home security alarms to
Fort Knox.

Second, no one has ever explained why a third party firewall that blocks
outgoing communications will make a computer more secure than a computer
running Windows firewall. A third party firewall does not prevent a computer
from becoming compromised, but only helps limit the damage and even then only
with respect to crudware that attempts to "phone home" over the Internet
(which is only a subset of crudware). This isn't my idea of a "more secure"
computer at all.

Third, you also need to back up your important data just in case the
unthinkable happens regardless of how careful you are. It has never happened
to me, but there is always potentially a first time. If it happened to me, a
reinstall of XP, applications, and data, followed by research of what exactly
went wrong, is a matter of 3 or 4 hours at most. Besides, would you trust a
computer that has been compromised by crudware, but was apparently blocked
from "phoning home" by a third party firewall? I wouldn't. And that's
assuming the user even knows that the program is crudware and therefore
elects to block it.

Ken

"Clo" wrote:

> Thank you Ken, I will then leave everything as it is.
> >-----Original Message-----
> >"Clo" wrote:
> >
> >> I read all posted answers regarding this subjet and
> some
> >> say that the built-in firewall is not good enough and
> some
> >> say it is....really dont know what to do. For my
> >> firewall I use the built-in one, for my anti-virus I
> use
> >> Norton 2005 Corporate Edition and for anti-spyware I
> use
> >> Spybot and Ad-Aware SE personal edition, I also use
> the
> >> built-in popup blocker. Am I protected enough? Thanks
> >
> >In my opinion, yes. Although I have experimented with
> third party
> >firewalls, I have mostly used the Windows firewall (and
> its predecessor ICF
> >firewall in pre-SP2 days) since XP came out and have
> NEVER had a problem with
> >it. Conversely, I have had had minor problems with the
> Norton firewall and
> >major problems with the Zone Alarm firewall. To be
> sure, other people have
> >claimed to have used these products, and others like
> them, without problems.
> >Every system is different, and every user is different.
> >
> >In response to the people who claim that you should get
> a third party
> >firewall, I would observe that if you read these
> newsgroups regularly
> >enough, you will find that most of the people who are
> having firewall-related
> >problems are using third party firewalls, especially as
> part of so-called
> >"Internet Security Suites." Very few people have had
> problems with the
> >Windows firewall, and invariably the problems that do
> come up are either
> >associated with bad installs or uninstalls of third
> party firewalls or
> >Internet Security Suites (the most common cause) or are
> due to unusual or
> >unique circumstances that don't apply to most users.
> >
> >The fundamental difference between the Windows firewall
> and a third party
> >firewall is even though all firewalls do a more or less
> equally excellent job
> >of blocking unauthorized inbound communications to your
> computer, the third
> >party firewalls will also block certain programs already
> on your computer
> >from communicating with the Internet. Because some of
> these programs may be
> >trojans, worms, or spyware, sometimes this is a good
> thing. Because many
> >other such programs are perfectly legitimate, sometimes
> this is a bad thing,
> >although more an annoyance than an actual problem (these
> firewalls can be
> >configured to stop blocking programs that you want to
> unblock).
> >Unfortunately, the user isn't always able to tell the
> difference, and these
> >programs often do not give the user adequate information
> or advice on what to
> >allow and what to block.
> >
> >In my opinion, the slightly extra security (or, as I see
> it, bell and
> >whistle) that comes with blocking crudware from "phoning
> home" isn't worth
> >the additional problems or hassles of installing,
> configuring, and
> >maintaining a third party firewall. My view is to use
> other lines of
> >defenses to keep this crud off my machine in the first
> place. These other
> >defenses -- up to date Windows XP with SP2, up to date
> antivirus software, up
> >to date antispyware and antiadware software, and --
> above all -- knowledge of
> >how to avoid downloading and installing crudware in the
> first place, as well
> >as the knowledge of how to recognize the signs that you
> have been compromised
> > -- are more than adequate to do the job. They have
> worked for me for
> >years. Going all the way back to 2001, no piece of
> crudware has ever
> >darkened my hard drive during the years that I have
> used, and still use, the
> >built-in XP firewall.
> >
> >Ken
> >.
> >
>
Anonymous
March 17, 2005 7:53:40 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Ken

Extracts from your post are in parentheses..

"If you really need the additional capability to block outgoing
communications with a firewall (e.g. you are a security novice, or you have
teenagers who use the computer with Administrator privileges -- trust me,
they know how to find Kazaa), then they are right: by this standard, the
Windows firewall is not good enough."

Most users would benefit from a firewall that warns of outgoing events, or
be made aware of programs that will try to phone home.. it saves having to
watch every single step that you make..

Crudware can be imported on the back of innocuous programs and files, and
then do its work from inside.. the classic 'inside job'.. a third party
firewall can stop this..


" Second, no one has ever explained why a third party firewall that blocks
outgoing communications will make a computer more secure than a computer
running Windows firewall."

This is an easy one.. a third party software firewall will warn the user
that unauthorised events are about to happen, and the user can say NO.. this
action will prevent any information being sent out.. an example.. in a
clothes store, you see gates at the entrance/exit that warn of unauthorised
exits of stock..


"A third party firewall does not prevent a computer from becoming
compromised, but only helps limit the damage ...... "

How can you say this on the basis that a third party software firewall
blocks incoming, as per Windows firewall, and outgoing too?.. of course, we
all know that software firewalls of any type can be breached, but it takes a
determined effort.. you can just type 'Open Sesame'


"Besides, would you trust a computer that has been compromised by crudware,
but was apparently blocked from "phoning home" by a third party firewall? I
wouldn't. And that's assuming the user even knows that the program is
crudware and therefore elects to block it."

This assumes that third party firewalls only stop outgoing events, a
statement that you know to be patently untrue..

All of the people that I support use McAfee Suite 8 firewall and anti-virus
(not spam killer or privacy service).. none of them have had problems
setting up or using the suite.. in fact, many forget it is even there, which
is how it should be..

And what's with the 'security novice' jive?.. companies may not use a third
party software firewall like Zonealarm, but the firewalls that they do use
are configurable re. stopping access outbound.. do you think that a company
like IBM just protects against incoming stuff?..

Microsoft don't have a full software firewall and anti-virus programs
included in their OSes as protection against lawsuits, and come the day that
they are allowed so to do, your words here are going to look a little
stupid..


--
Mike Hall
MVP - Windows Shell/user

http://dts-l.org/goodpost.htm





"Ken Gardner" <KenGardner@discussions.microsoft.com> wrote in message
news:3459BD83-9DEC-44A2-8E04-2E4004E5FEC1@microsoft.com...
> My pleasure. Let me add a few things.
>
> First, when people say that the Windows firewall is "not good enough,"
> what
> they really mean is that it doesn't block outgoing communications -- not
> that
> it doesn't do an excellent job of what it is actually supposed to do:
> block
> unauthorized incoming communications and hide your computer from hackers
> on
> the Internet. Whether this is actually good or bad depends on what your
> security needs actually are. If you really need the additional capability
> to
> block outgoing communications with a firewall (e.g. you are a security
> novice, or you have teenagers who use the computer with Administrator
> privileges -- trust me, they know how to find Kazaa), then they are right:
> by
> this standard, the Windows firewall is not good enough. But if you don't
> need this additional capability because you already do everything else you
> need to do in order to secure your computer from crudware, then at best
> it
> is the functional equivalent of adding additional home security alarms to
> Fort Knox.
>
> Second, no one has ever explained why a third party firewall that blocks
> outgoing communications will make a computer more secure than a computer
> running Windows firewall. A third party firewall does not prevent a
> computer
> from becoming compromised, but only helps limit the damage and even then
> only
> with respect to crudware that attempts to "phone home" over the Internet
> (which is only a subset of crudware). This isn't my idea of a "more
> secure"
> computer at all.
>
> Third, you also need to back up your important data just in case the
> unthinkable happens regardless of how careful you are. It has never
> happened
> to me, but there is always potentially a first time. If it happened to
> me, a
> reinstall of XP, applications, and data, followed by research of what
> exactly
> went wrong, is a matter of 3 or 4 hours at most. Besides, would you trust
> a
> computer that has been compromised by crudware, but was apparently blocked
> from "phoning home" by a third party firewall? I wouldn't. And that's
> assuming the user even knows that the program is crudware and therefore
> elects to block it.
>
Anonymous
March 17, 2005 7:53:41 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Mike Hall (MS-MVP)" wrote:

> "If you really need the additional capability to block outgoing
> communications with a firewall (e.g. you are a security novice, or you have
> teenagers who use the computer with Administrator privileges -- trust me,
> they know how to find Kazaa), then they are right: by this standard, the
> Windows firewall is not good enough."

> Most users would benefit from a firewall that warns of outgoing events, or
> be made aware of programs that will try to phone home.. it saves having to
> watch every single step that you make..

I don't dispute that a third party firewall is effective in preventing
crudware from phoning home. I do dispute that this capability, as a
practical matter, is much of a security benefit, because it means that the
user's machine has already been compromised -- otherwise, the crudware
wouldn't be there in the first place. At best, this feature makes an
insecure computer slightly less insecure, but they don't help an already
secure computer be any more secure than it already is with the Windows
firewall.

Moreover, third party firewalls are harder to configure properly. A user
who doesn't even know enough to prevent his computer from being compromised
isn't going to know how to configure the firewall, either. See, e.g., my
brother. :)  Speaking of my brother -- and he doesn't even rise to the
security novice level, "total security dumbass" best describes him -- he has
been problem free since the day months ago when I wiped the crud off his hard
drive, installed SP2 and the Microsoft beta antispyware program, showed him
how to use Ad Aware, and -- most important -- set up his teenage daughter on
a limited account. I shudder to think what would happen to him if, e.g., he
ran into the same types of problems that I used to have with Zone Alarm.

> Crudware can be imported on the back of innocuous programs and files, and
> then do its work from inside.. the classic 'inside job'.. a third party
> firewall can stop this..

Right, but so can an up-to-date Windows XP with SP2 set to the default
settings, an effective and up to date antivirus program, an effective and up
to date antispyware program, an effective and up to date anti-adware program,
and just a decent modicum of common sense and good judgment in downloading
files and opening attachments. The difference is that if the user does all
of these other things, his machine won't be compromised in the first place.
>
> " Second, no one has ever explained why a third party firewall that blocks
> outgoing communications will make a computer more secure than a computer
> running Windows firewall."

> This is an easy one.. a third party software firewall will warn the user
> that unauthorised events are about to happen, and the user can say NO.. this
> action will prevent any information being sent out.. an example.. in a
> clothes store, you see gates at the entrance/exit that warn of unauthorised
> exits of stock..

But how does this feature make me more secure? It tells me only that some
program is trying to access the Internet, and purports to give me (usually
inadequate) information and/or advice about the program. In the very best
case scenario, it warns me that crudware is trying to phone home -- but this
goes back to my point that these firewalls make insecure machines less
insecure, but they do nothing to increase the security of an already secure
machine. In the worst case scenario, legitimate outbound communications on
an already secure machine are being blocked, often without my knowledge or
consent.

> "A third party firewall does not prevent a computer from becoming
> compromised, but only helps limit the damage ...... "

> How can you say this on the basis that a third party software firewall
> blocks incoming, as per Windows firewall, and outgoing too?.. of course, we
> all know that software firewalls of any type can be breached, but it takes a
> determined effort.. you can just type 'Open Sesame'

To the extent that it blocks incoming communications, well, all firewalls do
that, and all of them do it well. To the extent that it blocks outgoing
communications, either the communication is legitimate (in which case it is a
hindrance) or illegitimate (in which case the machine is already
compromised). Either way, it doesn't enhance security, although it does
reduce the level of insecurity of an otherwise insecure machine.

> "Besides, would you trust a computer that has been compromised by crudware,
> but was apparently blocked from "phoning home" by a third party firewall? I
> wouldn't. And that's assuming the user even knows that the program is
> crudware and therefore elects to block it."

> This assumes that third party firewalls only stop outgoing events, a
> statement that you know to be patently untrue..

Again, I don't deny that they also stop incoming attacks, but so does
Windows firewall. The issue here is not whether a firewall is better than no
firewall, but whether, from a security standpoint, users who take a few
simple steps to secure their machine really need the additional ability of a
third party firewall to block certain outgoing communications. I haven't
seen a compelling argument that they do.

> All of the people that I support use McAfee Suite 8 firewall and anti-virus
> (not spam killer or privacy service).. none of them have had problems
> setting up or using the suite.. in fact, many forget it is even there, which
> is how it should be..

That may be the case, although I have had enough bad experiences with
MacAfee in the past never to use it again. The ideal third party firewall
would be one that required as little user interaction as possible. This
ideal state of affairs certainly doesn't describe the two third party
firewalls I am most familiar with: Norton and Zone Alarm.

> And what's with the 'security novice' jive?.. companies may not use a third
> party software firewall like Zonealarm, but the firewalls that they do use
> are configurable re. stopping access outbound.. do you think that a company
> like IBM just protects against incoming stuff?..

I'm saying that people who pay little or no attention to computer security
are much more likely to need a third party firewall. Even then, it is
possible to set up their machines so that they don't need one -- as I did
with my brother.

> Microsoft don't have a full software firewall and anti-virus programs
> included in their OSes as protection against lawsuits, and come the day that
> they are allowed so to do, your words here are going to look a little
> stupid..

I'm not following you here. Are you saying that Microsoft doesn't use
outbound blocking in its Windows firewall because it fears litigation? As
for antivirus, isn't Microsoft preparing to introduce its own antivirus
software sometime this year or at least in the next version of Windows? I
read something to that effect a month or so ago (I can probably find the link
if I need to).

Ken
Anonymous
March 17, 2005 11:15:17 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Additionally, make it a point to regularly download critical/security
updates from Windows updates.

--
HTH
Meena
"Clo" <anonymous@discussions.microsoft.com> wrote in message
news:142901c52afd$16845170$a601280a@phx.gbl...
> I read all posted answers regarding this subjet and some
> say that the buil-in firewall is not good enough and some
> say it is....really dont know what to do. For my
> firewall I use the built-in one, for my anti-virus I use
> Norton 2005 Corporate Edition and for anti-spyware I use
> Spybot and Ad-Aware SE personal edition, I also use the
> built-in popup blocker. Am I protected enough? Thanks
!