I see in the NIPS (Network Intrusion Detection and Prevention System) logs that my ISP (220.127.116.11) is blocked as an attack source, with this description: BAD-TRAFFIC IP Proto 103 (PIM) with priority "medium".
I don't know what it means and I'm wondering if I should allow it (allowing all the intrusions of "medium" class), because recently I have many disconnections from my dial-up, it seems I can't keep the connection alive for more than a few minutes.
Unfortunately, it's not possible to secure that a software program, which is already running inside, cannot communicate with computers "outside".
This is because of existance of tunneling.
The "Personal Firewalls" all just "secure" one single way to do this - it's the usual way to open a connection "outside".
So the "Personal Firewalls" all are controlling the programs only, which allow to be controlled.
Because this would be the only advantage I see to want to have a "Personal Firewall" and not the Windows-Firewall, and because of the fact that this advantage isn't really one, I'd prefer the Windows- irewall to any "Personal Firewall" I know. Don't forget:
"Personal Firewalls" have much disadvantages compared to the Windows- Firewall, i.e. many of them have system services, which open windows (which is a security design flaw), have functionality to filter PINs out of traffic (which is based on the complete lack of understanding of data security) and lead into publizising this data.
Because of these facts, that any "Personal Firewall" will not secure your system compared to securing it with the Windows-Firewall, but many of them open a broad range of additional security problems, I'd prefer the Windows-Firewall.
Kerio, or to be specific, Kerio Personal Firewall 4.1.2 was the least bad software in our test (I'd not call it the best one, because also Kerio had no real advantages over the Windows-Firewall). Even Tiny is worse.
Kerio only has small design flaws like the fact that it is opening sockets with listen() on 0.0.0.0 itself, and filtering away afterwards, Kerio is easy to switch off from a malware in the standard configuration and Kerio installs extra code onto your system, so theoretically the system has more code which could be object of an unseen attack vector.
The Witty worm was a real-world example, how sometimes such theoretical flaws cause practical problems:
So Kerio is the only firewall in our test, which I would judge with: "does not lower security considerably compared to the Windows-Firewall".
I've been trying to educate myself on firewalls ect... I'm running XP PRO and was running ZA but had too many email problems so removed that thru control panel - and was told to install Kerio - but after reading some of the messages on this thread - maybe I don't even NEED a firewall other than my xp pro which is already activated? Is that what you are saying?
If that's true...then do I need anything to stop virus ect?? what should I be using?
thanks so much -
frustrated, tired and not getting emails again .... in OE 6 from my domain emails...just my earthlink acct addresses..........Pam
It's a good idea to use a virus scanner. Virus scanners are one of the most overestimated software types, though.
A virus scanner cannot find every virus. But a virus scanner can find the viruses it knows already, and those are usually many.
The best virus scanner is your brain ;-) If you don't use software out of dubious sources, if you cannot be folled by mail worms, because you're thinking before opening a mail (and not using a MUA which opens the mail for you like older Outlook Express releases), and you don't use Internet Explorer, which has lists of unfixed bugs, but any other browser and keeping also this software up to date like your system software (use Windows-Update!), then you should be safe even if you have no virus scanner.
A virus scanner can help, though. Especially, if you're not using it as "online-access-scanner", but rebooting from another media from time to time, and scanning your hard disk frequently. Also it is a good idea to scan files, which you're downloading or receiving as mail attachement, before you're using them the very first time.
"Pam" wrote in news:ehHQe.1957$ email@example.com:
Since you're having so much trouble, I would just go with XP's FW. I don't think it is any worst than the others.
Maybe, you should go to the XP O/S itself and tighten up things a bit like disabling MS File and Printer Sharing service if the computer is not on a LAN and shutdown other services not needed when doing a direct connection to the Internet. Also you could enable IPsec to supplement the XP FW.
If you implement the AnalogX registry setup for IPsec and enable it, it will give solid protection supplementing XP's FW.
IPsec will block file downloads on high ports so you disable IPsec and do the download and enable it again. But you can also configure to open the ports, since you want to learn about FW(s). IPsec will stop inbound and outbound traffic by port, protocol and IP and is a good learning tool when reviewing the rules configured by AnalogX.