New XP user seeks Firewall advice

"Windows XP: Surviving the First Day", although it's getting a bit old, is short and clear

You can also download the available patches for XP from Microsoft. It's a good idea to use a local copy instead of connecting a un-patched Windows to the Internet.

paul wrote in news:MPG.1dd64299997fcef09897a5@news- text.blueyonder.co.uk:

Nothing if you have that XP FW enabled.

Your starter link is waiting.

Duane :)

The firewall that is built into Win XP does not provide enough protection. Put in a better firewall, and turn the Windows firewall off - they usually interfere with each other. Instead of free software, look for a good rebate. You can often find Symantec products for sale with rebates adding up to the purchase price.

Cool, you and Volker can duke it out now. :-)

-Russ.

"Somebody." wrote in news:tE7bf.1960$ snipped-for-privacy@nnrp.ca.mci.com!nnrp1.uunet.ca:

LOL -- However, I'll have to agree with Volker. That XP FW is no worst than the other offerings. Using the XP FW supplemented by IPsec that's on the O/S that can stop inbound or outbound traffic by port, protocol or IP with XP's FW or any PFW solution is rock solid protection.

Duane :)

This is wrong. Please explain, why do you think so.

I don't know one product of Symantec I could recommend for that purpose.

Yours, VB.

No, thanks, it's getting too boring.

I never heard good arguments for this sight, and I doubt that there are any.

People are just parroting, what advertizing tells them.

Yours, VB.

Klaas wrote in news: snipped-for-privacy@4ax.com:

There is more to it than XP's FW for a machine that has a direct connection to the Internet -- no router between the modem and the PC,

It doesn't stop with the XP FW, AV, spyware software and some ISP doing a little spyware email checking.

It stops at the O/S and you should try to configure it for secuirty or harden the XP O/S to attack.

Duane :)

Well, I switched off the my Zone Alarm Pro, activated the firewall of XP and most important, closed all ports. And I have still a clean pc. I check my pc with an anti-virus and and anti-spyware software regurlaly. Naturly I check, what software is installed on the pc. I have a large e-mail provider, who does malware tests for incoming mails on his server (for some Euro per month), so infected mails can't reach my pc.

Internet sites like Shields up or PC Flank show my ports not as stealth but closed. I followed the discussions in this news group and finally I followed the advice of Volker due to his arguments.

The problem with Zonealarm is not, that its packet filter would not work. It does work.

The problem is, everything else is doubtable.

Yours, VB.

Thank you for this link. I already have implemented several of these recommandations, but not all. But it's a lot of stuff to read and to understand. We'll see.

XP does not have a firewall. To call the blocking of a handful of ports in one direction only a firewall is at the very best deceiptfull and more likely criminally so.

After looking at XP firewalls we found there was not one single product on the market that did not contain a backdoor trapdoor deliberate security breach accidental security breach or plainly lied about what it was doing.

The simple truth is there is no reliable firewall in existence for Windows-XP. And microsoft certainly doesn't allow there to be by design of the operating system itself.

If you want to keep script kiddies out they are all probably fine.

If you want to keep out someone who knows what they are doing then you must ditch XP and use an OS that can be protected.

(Linux Unix-BSD etc Posix Earlier versions of Windows before ME Beos OS/2 can all be protected for example).

XP cannot by design.

No doubt you'll all whine about that till your fingers get sore. Feel free but don't say no one warned you.

on 11/5/2005 11:42 AM Duane Arnold said the following:

Where can I read up on IPSec??

John Hyde wrote in news: snipped-for-privacy@corp.supernews.com:

You rang?

You can learn how to set/create rules by using the AnalogX rules. I implemented the AnalogX rules on my laptop here on the road behind BlackIce and made my adjustments, like disabling the IPsec rules for Windows Networking. I have not heard BI bark from the moment IPsec was enabled on the system, which I did back in Sept. 2005.

You want to allow something like HTTP, NNTP, SMTP which I had to change the SMTP port from 25 to 587 because of EarthLink dial-up, you enable the Client-side rules on AnalogX implementation of IPsec rules.

Duane :)

Ohhh, Boy. Reading to do! Thanks.

Is Blackice similar to ZoneAlarm? I'm using the free version of ZA currently but have some dissatisfactions with it. I considered spending money on the "Pro" Would implementing IPSec as you suggest make a software firewall surplus?

JH

John Hyde wrote in news: snipped-for-privacy@corp.supernews.com:

BlackIce is an IDS/FW application kind of like ZA in some manner of it being a personal FW solution running on the Windows workstation. There is a server edition of BI too. Supposedly I hear that BI can stop outbound traffic in some limited fashion and I have seen it do it a couple of times just on GP. But BI cannot stop outbound from the machine by setting rules like IPsec can do it. So, I use IPsec to supplement BI on the laptop.

I also think that IPsec is just that a supplemental tool setting on a machine behind a NAT router and most routers cannot stop outbound traffic and too supplement a computer that has a direct connection to the Internet with a PFW running in case the PFW is taken down by malware with IPsec being another barrier that would protect the machine.

No, I would not use IPsec as a standalone FW solution as it's a solution with limited FW like abilities that is solid in a supplemental role. I have been using BI for years and I am pleased with it as it doesn't have bloat ware in it.

Duane :)

Amusing view. So you're calling the IETF the Mafia? ;-) See RFC 2979.

BTW: I'm using a different definition of the term "firewall".

Yours, VB.