Hi all,

Does anyone has any insight in the performance of the SP2 FW so far like:

Does it block any outbound connections

Does it do a good job at GRC and other FW testing sites.

Is it light on resourses etc.

Any insight would be appreciated.

cheers,
Martin

First of all, it has never failed any of those online FW tests like GRC and PCflank. It conrols also outbound connections and if a program tries to connect out with an uncommon port it pops up a notification and asks what it should do.
It is the lightes possible as resources matter, no slowdown at all. I cann't do anything else than recommend it. It does not have a lot bells and whistles but it does it job reliably.

Thanks Jaska for your input.

cheers,
Martin

-{ Quote: "
Does anyone has any insight in the performance of the SP2 FW so far like:

Does it block any outbound connections" }-
No. It will prompt for applications that want to act as servers and allow you to make exceptions for inbound traffic.

-{ Quote: "Does it do a good job at GRC and other FW testing sites." }-
It will stealth you to unsolicited inbound packets and scans.

-{ Quote: "Is it light on resourses etc." }-
Uses minimal system resources.

-{ Quote: "Any insight would be appreciated." }-
Understanding Windows Firewall (http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx)

Another write up from earlier in the year:
http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx

Regards,

CrazyM

Thanks CrazyM,

I haven't installed SP2 yet, cause the release is due next week, that's why the FW question.

Thanks for the links also.

rgds,
Martin

Hi Martin, this thread should have been started in "Other Firewalls".

-{ Quote: "...Do you recommend the FW in SP2 or should i keep Kerio instead..." }-
I would recommend staying with your favorite (Kerio), as Windows Firewall does not warn or display outgoing traffic.

-{ Quote: "...For if a worm or trojan can phone home without being noticed by SP2 FW i guess iam gonna stick with Kerio..." }-
You have answered your own question ;)

Hope this helps...

Cheers ;D

Thank you Blackspear ;D

I already moved it, so this one can be closed/removed.

rgds,
Martin

The XP SP2 firewall only blocks incoming attacks. Outgoing is not controlled by the XP firewall.
Keep Kerio.

Thanks André.

Much apreciated,
Martin

Actually it checks also the outgoing traffic. This seems to be the hot potato just now in several forums. But if Kerio works fine there is no need to change it.
In my machine many FW applications simly were resource hogs or didn't work adequately with XP's User switching. I use anti-virus products good enough to detect trojans long before they get any change to call out. If your firewall is the thing that detects the malware your system is already severely compromised!

-{ Quote: "First of all, it has never failed any of those online FW tests like GRC and PCflank. It conrols also outbound connections and if a program tries to connect out with an uncommon port it pops up a notification and asks what it should do.
It is the lightes possible as resources matter, no slowdown at all. I cann't do anything else than recommend it. It does not have a lot bells and whistles but it does it job reliably." }-
Jaska, it doesn't prevent outbound traffic, it only monitors it to allow inbound connections to programs which have started connections. ICF in XP SP2 is still inbound only with the exception of icmp controls. The prompts are for inbound connections only, basically allowing a program to act like a server.

One serious issue with Windows firewall is that it can be disabled by other applications. This is intended to allow third party firewalls to be able to shut it down after their installation to avoid any conflicts - but if an application can shut it down then so can any malware. See SP2's firewall is not good enough (http://comment.zdnet.co.uk/0,39020505,39163267-2,00.htm) for more details.

Paranoid 2000,
Interesting article. Several things come to mind:

Zone Labs is now a Checkpoint Company not really nimble any more. :'(

If Microsoft buys a big Security Company the world wide regulators will scream, Microsoft now really will rule the world and the evil empire must be stopped. (this is not what I think but history tells me this is what would happen) :o does not mean they will not try however.

I believe the low percentage of people using a firewall is very low like the article says. I am amazed at the number of people that run no firewall at all. Even after I warn them. They think nothing will happen to them especially the dial-ups, and the not always on folks. :o

-{ Quote: "Zone Labs is now a Checkpoint Company not really nimble any more. :'(" }-Now, now - just because they are big does not mean they can't do great products. :) Look at what Symantec have done with the Norton product range. ;D-{ Quote: "If Microsoft buys a big Security Company the world wide regulators will scream, Microsoft now really will rule the world and the evil empire must be stopped. (this is not what I think but history tells me this is what would happen) :o does not mean they will not try however." }-Well they did buy a little one (http://www.ravantivirus.com/ravnews/shownews.php?i=157) instead. You can make the point that Microsoft are "damned if they do, damned if they don't" but they could try implementing more secure design principles into their products (there are some indications that this is happening, but more in a knee-jerk fashion at the moment - it would take some years to do fully though).-{ Quote: "I believe the low percentage of people using a firewall is very low like the article says. I am amazed at the number of people that run no firewall at all. Even after I warn them. They think nothing will happen to them especially the dial-ups, and the not always on folks. :o" }-Sad but true. What makes this more difficult is that the most visible problems are from browser hijackers and adware, neither of which really fall within the range of problems a firewall can prevent. And even the simplest of firewalls needs some user knowledge ("Hey! Should I be allowing this Iexplore thingy Internet access?").

Paranoid2000,

"Rav" I heard about that. Just did not know who. Thanks for the link.

Good thread and nice speaking with you. See you around. :)

-{ Quote: "Thanks CrazyM,

I haven't installed SP2 yet, cause the release is due next week, that's why the FW question.

Thanks for the links also.

rgds,
Martin" }-

FYI Full Install is out already. Been for about a week.