I need opinion on Windows Firewall with MS Antispyware real time monitor

[c0ltran3]

Could you give me your opinion about Windows Firewall?
In particular I'd like to know if I could erases Windows Firewall's weakness using it together with MS Antispyware real time monitor.
Thanks in advance.

[Syncman9]

To be honest, I would start by saying ditch windows firewall altogether.

It's not a very good firewall, and only blocks incoming connections and not very well at that.

I would recommend get something like the free version of zone alarm or sygate or kerio.

[richrf]

Concur. Free version of any the aboved mentioned is highly desirable (I have paid version of ZA in order to keep my firewall current).

MS Anti-spyware provides some protection - but it is really hit or miss. I would start with a top-rated anti-virus that has excellent anti-virus/anti-spyware protection (I use Kaspersky). If you are concerned about keyloggers, then either use a progam like Snoopfree (free version available) or even better look at ProcessGuard and RegDefend which will stop spyware (e.g. rootkits and keyloggers) from installing in the first place. I would personally place a good anti-malware product like Ewido ahead of MS AS. Some good anti-spyware that is available for free is Ad-aware and Spybot.

Rich

[marceli7]

Quote:

Originally Posted by Syncman9

It's not a very good firewall, and only blocks incoming connections and not very well at that.

AFAIK it blocks incoming very well. Am I wrong?

[Syncman9]

If you consider how flawed MS Windows is in the first place, would you really want to rely on it's firewall?

Actually it's a very poor firewall, it's very basic, and can be easily bypassed.

Zone alarm has a good free version, with far better controls and it's much more secure, so what have you got to lose? it's free

[Kerodo]

Quote:

Originally Posted by Syncman9

Zone alarm has a good free version, with far better controls and it's much more secure, so what have you got to lose? it's free

I would agree, and it gives you that outbound control. ZA would be better.

[marceli7]

Syncman9! Have U any information about

Quote:

only blocks incoming connections and not very well at that

I found your opinion rather strange. AFAIK it blocks incoming. Period.
Again... Am I wrong?

[Syncman9]

marceli7,

The windows XP firewall is a very poor excuse for a firewall, and your argument that it blocks incoming connections well, is also not correct.

For example, if you enable file and print sharing, it makes this service avaliable for all to see. It means the ports are visable to the internet, and any traffic inbound or outbound can access these ports. A good firewall would prevent any traffic which is not within the network subnet.

This is but one of many flaws.

This thread asked for opinions on the windows firewall, and I've given mine.

[CrazyM]

Quote:

Originally Posted by marceli7

AFAIK it blocks incoming very well. Am I wrong?

No you are not wrong, the Windows Firewalls does a good job of blocking unsolicited inbound packets.

Regards,

CrazyM

[CrazyM]

Quote:

Originally Posted by Syncman9

The windows XP firewall is a very poor excuse for a firewall, and your argument that it blocks incoming connections well, is also not correct.

For example, if you enable file and print sharing, it makes this service avaliable for all to see. It means the ports are visable to the internet, and any traffic inbound or outbound can access these ports. A good firewall would prevent any traffic which is not within the network subnet.

If you permit the default exceptions for file and print sharing on a LAN system the scope is limited to the subnet. How does that expose the shares to the Internet? Not to mention that such a system would be behind a router or ICS system and these shares would not be visible to the Internet to begin with.

If you are saying the Windows Firewall could be misconfigured, then yes it could, as could any firewall.

Quote:

This is but one of many flaws.

General comments like this do not help discussions. Perhaps you could be more specific.

Regards,

CrazyM

[RejZoR]

Windows XP SP2 firewall is certanly not flawed. It does its job and it does it very well when it comes to inbound. It never failed a single incoming test on any testing site like GRC. On the other hand,Kerio failed me several times without any logical reason. I agree, it has a limited outbound protection,limited to server like apps only. It should stop any Blaster like malware and backdoors with server like activity. Biggest pro is a very small memory usage.
If you know the security stuff,Windows XP SP2 firewall can serve you very well.
Especially if you love to use your eMule

[AvianFlux]

Quote:

Originally Posted by c0ltran3

Could you give me your opinion about Windows Firewall?
In particular I'd like to know if I could erases Windows Firewall's weakness using it together with MS Antispyware real time monitor.
Thanks in advance.

If MS Antispyware stops the spyware from installing and sending outbound packets - yes.

I use Windows SP2 firewall, with ALL permissions denied except for a couple of apps I trust. No real time spyware monitors are activated, relying instead on preventative spyware killers, and a HOSTS file. No anti-virus app either. All unnecessary services are disabled or set to manual per Black Viper's XP Service Guide.

[Syncman9]

Quote:

Originally Posted by CrazyM

If you permit the default exceptions for file and print sharing on a LAN system the scope is limited to the subnet. How does that expose the shares to the Internet? Not to mention that such a system would be behind a router or ICS system and these shares would not be visible to the Internet to begin with.

Crazy M, from what I understand the fault is much more serious, it doesn't limit the connections to just the subnet, it allows anything though and allow the file and print sharing services to be fully visable to the internet.

Yes, if your behind a router then it would be a different matter, but then if your behind a good router which probably has decent firewall, then you'd probably want to control outbound connections and use some decent application control software.

I kinda of feel I've touched a nerve, and that was never my intention, so sorry for that.

[CrazyM]

Quote:

Originally Posted by Syncman9

Crazy M, from what I understand the fault is much more serious, it doesn't limit the connections to just the subnet, it allows anything though and allow the file and print sharing services to be fully visable to the internet.

There was an issue with dial-up adapters and file/printer shares, but that has since been patched. Unless you are aware of something else you could point us to.

Quote:

I kinda of feel I've touched a nerve, and that was never my intention, so sorry for that.

Nerves are fine, just looking for clarification on your comments

Regards,

CrazyM

[marceli7]

Quote:

Originally Posted by CrazyM

Nerves are fine, just looking for clarification on your comments

Thank U CrazyM!