Firewall protection with XP

start\\settings\\control panel\\security center\\

Pen hath wroth:

Start -> Settings -> Control Panel -> Windoze Firewall Check the box "Enable firewall".

Then go to the Exceptions tab and make sure that Windoze File and Print Sharing are NOT checked as an exception. There may be some other services of dubious value that don't need to be accepting incoming connections. If you're not sure, check the box "Don't allow exceptions" on the first page where you enabled the firewall.

Or, mo-betta IMHO, go to

and install. Comodo firewall is 2-way (incoming/outgoing), and can be readily instructed on the fly as to what to block/pass.

Of course, if using Comodo's, disable Windows firewall. And be fussy as to what to allow. Sometimes, just getting notice of what process is trying to send outgoing traffic is very informative.

It does help to understand what the significance of ports is.

J

snipped-for-privacy@sme-online.com hath wroth:

There isn't a single 3rd party firewall product that doesn't claim to be better than the Windoze firewall. Everyone starts with the features of the Windoze firewall and then adds value (features, functions, support, glitch, etc). The Windoze firewall does have the limitation in that it only inspects incoming traffic, which was all it was ever intended to do. There are other firewall products that will also inspect outgoing traffic.

The problem with the stock Windoze firewall is that most users don't know how to configure, troubleshoot, or add/delete ports and services.

Microsoft didn't make it very easy, and if done wrong, it's a PITA to find and fix. Various programs that modify the firewall configuration add complexity. For example, the typical AOL installation will have up to 12 almost identical entries in the exceptions list. I don't consider ZoneAlarm, Norton or McAfee firewalls to any easier to deal with. The firewall is also the number one target of virus and worm attacks. Yeah, it can always be done better. Whether better is really necessary depends on what you're trying to accomplish and how much complexity you want to deal with.

After reading an informative essay by a security expert* on why Windows firewall DOES work, I'm now recommending to only use it. Why? because the others have more overhead, cause constant confusion about what to accept, because Windows FW is already there and works with most everything.

Most any software you install will consider that Windows firewall is present. Zone Alarm, Kerio whatever is an additional issue that may have to be dealt with.

I have not had any trouble setting up ports, exceptions etc in Windows. Most programs do it automatically.

*In sum, the "expert" comments the Windows Firewall is mostly derided for being one-way. In fact keeping intruders out is what we NEED and keeping intruders IN is a stop-gap at best. At that point, you are already in trouble. Closing the barn-door and all that.

I do use Win-Patrol as a general system watchdog as well. Keeps you informed on things that are trying to change your system. I find it easier for novices to manage than the firewalls.

Have about a dozen pcs on Window firewall and no problems for years.

Steve

Called "blind luck"? Which I can't rely on for the 9-5 stuff. I've often seen compelling reasons for 2-way firewalls at work, both on individual machines, and (no-brainer here) on gateway router. New attacks take place constantly.

I like to assess my own needs, thanks.

John

John

With all due respect. Wow, that's a first. Are you Bill Gates? Whenever, anyone calls me and says "my network won't communicate" the first answer is "turn off Windows Firewall". When they call and say my messenger service won't work, I say "turn off ......" Need I go on with the list of port dependent services that the firewall blocks. This would be okay if the firewall asked you if this traffic should be allowed, as does Kerio, Zonealarm.....

Norton/McAfee are hogs. I would rather have a virus.

With regards to Winpatrol. You are confusing an outgoing firewall with a program that will monitor modifications to startup directories, registry, changes in services, and a host of other changes of the system. It does not offer any outgoing port protection. Maybe I'm mistaken but after using Winpatrol for the last couple of years, I have yet to have a warning about outgoing packets.

One last point. The "expert" would not like Windows Vista. It has a firewall that monitors both incoming and outgoing. Why would MS change when they already had a system that believed "keeping intruders out is what we NEED". I think that you need to find a new "expert".

Dave H.

I use Vista's FW and I don't have a problem in using it. It does what it's suppose to do, which stop unsolicited inbound traffic.

Even XP's FW is not as intrusive with a bunch of snake-oil junk in them trying to protect one from them self. All one has to do with some of the other PFW(s) is mis-configure that snake-oil in them and watch things not work anymore that use to work.

I like to supplement the Vista FW with IPsec that runs in conjunction with the Vista FW. I use IPsec to block outbound traffic if I need to stop outbound traffic to a remote IP, which IPsec can stop inbound or outbound traffic by port, protocol, IP and subnet.

I implemented the AnalogX rules and made my adjustments.

This is for a laptop that has a direct connection to the modem and therefore a direct connection to the Internet, nothing such as a router or FW appliance between the modem and the computer, which is running things like IIS and SQL Server, etc, etc, while working programming contracts on the road.

I also use CurrPort to see for myself what's making inbound and outbound connections.

I also use other tools to go look for myself instead of depending upon that snake-oil solutions in 3rd party PFW(s) to tell me what is happening on my machine.

They also have this for Vista, which I don't need it.

When the laptop is on my home network behind the FW appliance ,PFW(s) are disabled on all machines, even the Linux machine.

I guess it's all about who is behind the wheel and driving.

On May 21, 6:09=EF=BF=BDpm, "DH" >> > incoming connections. =A0If you're not sure, check the box "Don't al= low

Winpatrolfor the last couple of years, I have yet to have a warning about

Yup, WinPatrol doesn't act as a firewall to monitor network packets. It's also why WinPatrol is compatible with all versions of Windows and shouldn't slow you down. I would recommend using a firewall of some kind too

Bill Pytlovany BillP Studios

Not to be argumentive, but for learning's sake, could you give some examples of when your system is healthy and needs outgoing?

I should have added that in all cases we are behind a SPI firewall as well. One-way, I believe.

New attacks take place

Take it easy there. Of course you are. I dont' think that by giving an opinion, anyone is suggesting that you are compelled to live by it. I simply have seen too much knee-jerk "you must use Norton and Zone- alarm or you are in danger" Not my experience. I believe I am allowed to share that?

Cheers, Steve

On May 21, 5:09 pm, "DH" Whenever, anyone calls me and

I guess I haven't seen this, but then if it's a possible problem, since XP firewall is common, then usually the software's "read-me" or "installation" tells me specifically to add an exception in windows firewall "like this...".

So perhaps I've always avoided it at the install level without ever noticing. Intead of turning it off, I/they just enter the exception. Windows Firewall> Exceptions> Add

My words exactly. I explain it's like hiring thugs to protect you. It's almost the same thing.

No, I was starting to go off on what I consider an austere security approach and then cut it short before going on to include AVG, Spyware Blaster, etc with occasional multiple anti-spyware scans.

Point being, keeping one's system clean and in one's control seems more critical than locking intruders in. WinPatrol helps you keep an eye on who's inside trying to effect system changes. Many security suites do the same.

New features MAY be proof of their previous necessity or simply more may be better, especially if it's integrated and easy to use. Vista is a different OS as well, see the link at the end of this post.

One of my guiding questions is not "what is absolutely safe?" or "what's the most I can do?", but "how much is a reasonable trade-off of security and usability?" Each person must decide this for themselves in every aspect of life.

So far, my dozen "client's" pcs are doing fine with XP's firewall. I'll change my tune when I see a problem.

Here's one of my references so you can shoot it down directly:

Next to last, before the end of the page.

Quick quote: "Putting protective measures on a compromised asset and asking it not to compromise any other assets simply does not work. Protection belongs on the asset you are trying to protect, not the one you are trying to protect against!

Another one to scoff at: Senior Security Strategist at Microsoft discussing Vista and XP firewall -

Now I know that for many people things are black and white and MS is all bad or wrong and um, the "underdog" or "new guy" is all right or good, so some folks should just ignore any info from the "wrong" messengers and you won't have any cognitive dissonance issues ! Personally, I always consider the messenger's motives but do listen.

Cheers, Steve

In many ways it comes down to who is using the machines and their awareness of problems that can occur. I go along with the "Layered Defence" league. Over the years we have had problems with family clicking on "pop-ups" on sites they should not have been on,one IM trojan (the AV didn't autoscan IM's). The AV on some of our machines doesn't auto scan USB flash drives or DVD drives so the family keep getting reminded to scan before using. Most of the family couldn't care about security and just want to do their own thing with the computers and if it goes wrong then it's someone elses problem. For what some of them use computers for I have converted them to a Linux box hard wired to a router and have had no problems for the last few months.

On Mon, 21 May 2007 22:09:14 GMT, in alt.internet.wireless , "DH" Firewall". When they call and say my messenger service won't work, I say

Windows firewall /does/ ask you - but only when you;re logged in as an Admin.

This is as it should be - average users should NOT be able to bypass the firewall. For once, MS got it right and did not give non-admin accounts complete free rein.

Technically this is a weakness since most people just mindlessly click "ok" and let the traffic through, for fear of blocking something important. If I had a quid for every time my mother in law has phoned to ask what rundll.exe whatever is asking for permission to access the internet means. I'd be able to buy the wife an anniversary present. :-)

Setting aside the small fact that to connect to a website you need outgoing on port 80...

Popups seem to be controlled now..

The IM thing is tough for the firewall to catch, I imagine. It's already allowing those ports, right?

You were lucky if you didn't get hit a few years back when spywhere just became nasty. No coolwebsearch variants?

I like the backup "security" approach that some internet shops use: Once the OS, driver and software set is dialed in, I clone the system drive for that PC. I leave it inside the case, but unhooked if it's a desktop. Easy bail-out to any serious or elusive system issues, infections, failed HD.

Old 6,8,10+ gig drives do the job.

Data protection is another issue, not hard but depends on the user more. Some don't have much. Some are hopeless.

Steve

seaweedsteve hath wroth:

There are numerous products that catch IM and P2P sharing in various ways. For example:

Some work with the firewall, some install on the clients, some install on the server, some impliment a filter on a bastion host, and some just sniff the traffic looking for violations. Your over-choice.

Popups seem to be controlled now..

The IM thing is tough for the firewall to catch, I imagine. It's already allowing those ports, right?

You were lucky if you didn't get hit a few years back when spywhere just became nasty. No coolwebsearch variants?

I like the backup "security" approach that some internet shops use: Once the OS, driver and software set is dialed in, I clone the system drive for that PC. I leave it inside the case, but unhooked if it's a desktop. Easy bail-out to any serious or elusive system issues, infections, failed HD.

Old 6,8,10+ gig drives do the job.

Data protection is another issue, not hard but depends on the user more. Some don't have much. Some are hopeless.

Steve

Mark, I don't get it. Maybe the question is not clear:

(should add)...inspection by a 2-way software firewall in order to protect the pc?

So, I'm asking for "compelling reasons for 2-way firewalls" in order to protect the computer they are on. Again, I believe there are reasonable examples, but I don't see that "port 80" is a "reason" Obviously there is outgoing traffic.

Still fairly dependant on the user, most of the family machines are not under my control, and there are a couple of the family who are always curious as to what pop-up is being blocked.

Yes, the ports were allowed and the problem was resolved by changing the AV for one that autoscanned IM's.

The family mainly got adware and a small amount of spyware which were easy to identify and clean up. Perhaps I should have added somewhere that one of the many things that annoys the family is the amount of time that is "spent" by their computers in carrying security updates for all their "normal" programs and then updates for their "security" programs followed by having scans done and this really leads to disinterest as they are not getting to do what they want.

Cloning does seem to be very popular. One of my cousins is also experimenting with the "MS Shared Computer Toolkit" on a computer used by his grandchildren.