is the xp firewall any good?

Yes, read the security bulletin today about the XP SP2 firewall hole. I It can tell the difference between your local network and the Internet. Fascinating!

Correction:

Yes, read the security bulletin today about the XP SP2 firewall hole. I It can't tell the difference between your local network and the Internet. Fascinating!

Win XP firewall is good at keeping stuff from coming in. But does nothing to stop things from going out. I've used Win XP firewall for about 10 months, which did it's job. I switched over to ZoneAlarm (free version) about a month ago. It really showed me just how much my programs try to access the Internet. You really only use one firewall per computer. So turn off Win XP Firewall and switch to ZoneAlarm.

It depends on what you mean by 'any good'. This depends on what you want it to do, and why you want it to do it.

Well I know many people with a fully patched XP PC connected directly to a broadband modem, with the built in firewall and automatic updates turned on and an up to date self updating virus scanner and either an adware/spyware remover or an alternative to IE. They rarely have any trouble except when the kids start using file sharing software. They should really have an external box between the broadband modem and the PC but in many cases they never bother because if their setup works fine then why change it?

It may be true that a firewall like Zonealarm will frighten the user by making them aware of outbound connections to other things, but the average home user simply does not care about these connections and will have no clue about how to control them. How can you expect anyone (including experienced users) to control outbound connections with a personal firewall if they don't know what information is going to be sent/received and what it will be used for?

I sometimes find people tell me that I should be using something like Zonealarm because it's much better than the built in firewall. If I play dumb and ask them to explain why Zonealarm is better then I usually get something like 'everyone says Zonealarm is better so it must be true'. If pressed for further explanation then I either get the outbound connection argument or a demonstration of cluelessness.

Home users should be drilled in how to keep a virus scanner up to date and how to use it. They should not be bothered with software firewalls that pop up incomprehensible messages about outbound connections. They should be encouraged to use external boxes between the Internet connection and the PC.

You can never be 100% sure that a home user will never get any malware on the system. If you insist that they install a software firewall that they've got no chance of understanding then they will simply get into a mess and be worse off than they were before.

Jason

As a network designer, security manager, and a long time MS user, I never trust a Firewall from the OS vendor. Just yesterday MS release info that stated that some Dial-Up users could have the firewall see their DIAL-UP subnet as being trusted - meaning they are exposed to the world!

Even Zonealarm, Symantec Personal Firewall and all this kind of software firewalls have more problems. There's a very interesting article in the last Phrack magazine that talks about how all this firewall can be fooled easily.

Full ACK, there will be a link to German hackers from the CCC group to show that, there exist some simple proofs of concept to demonstrate that:

Volker Birk wrote in the German spoken firewall group (it's almoust the same you wrote):

| Übrigens: im Test des CCC ERFA Ulm / Chaostreff Bad Waldsee haben kürzlich | alle getesteten "Personal Firewalls" total versagt.

Wolfgang

I just compiled and ran that. After installing ZA pro 5.5.062.004 with program control set to high. I got lots of worthless ZA popups during compilation (Do you want the incremental linker to blah blab blah?). But when I ran the compiled program it made an obvious outbound connection and ZA sat there as though nothing had happened. It is certainly true that Most people need no "personnel Firewall". As the Google translation of the target site says.

Jason