Can XP SP2 ICF and IDS effectively protect you?

Discussion in 'other firewalls' started by Creekside Rogue, Sep 9, 2004.

Thread Status:
Not open for further replies.
  1. Creekside Rogue

    Creekside Rogue Registered Member

    Jun 30, 2004
    Cave Spring, Georgia, USA
    Hi folks,
    I've been running different software firewalls for the last couple of years and always end up finding how obnoxious they can be at times while surfing or trying to use other software (Pop up warnings, alerts, and the like).

    While these obviously serve their purpose, they kind of take some of the fun out of using the internet. The most unobtrusive firewall I've found is the one that came with my system, XP ICF.

    My question is this: when I install SP2, do you think that my system can be safely protected when the ICF is used in conjunction with other IDS software like Prevx Home, Process Guard, SSM, File Checker, Port Explorer, and the anti-trojan, anti-virus software I already have installed on my system? (I run McAfee and Avast monitors simultaneously.)

    I've used ZA Pro 4.5, Sygate 5.5, Outpost 2.1, LooknStop and Kerio (can't quite figure out those rulesets yet).
  2. Devinco

    Devinco Registered Member

    Jul 2, 2004
    Hi Creekside Rogue,

    In my opinion, no. There is no substitute for a good firewall that provides outbound program control. Even with all those other programs (which are very good), you do not want to neglect your main gate. ICF does not have outbound program control. Further, I have read that it can be easily deactivated by other programs. I would rather (if I had to choose) have a more formidable first line of defense, then having to depend on the second line once the initial wall has been breached.

    I know how irritating configuring a firewall can be. Especially when you get all those pop ups that ask questions that you have no answer for. This is something that firewall developers will need to address. They should provide MUCH more description about the items trying to connect along with advice on at least the common ones.

    Until then, in another thread, Mcafee firewall was mentioned as more user friendly. Although, I have not tried it.

    While it requires more knowledge to configure, there is no substitute for a good rules based firewall. There are several good ones out there, you've tried some of them already. There are 3 keys to using and setting up a rules based firewall. First, learn the terminology. This article provides a useful analogy for learning the terms. Second, learn what all the processes are used for. Black Viper's website is very helpful here. You can also search for the individual process that wants to connect in Google to find out more about it. Third, read some good tutorials about configuring your choice of firewall and ask knowledgeable members at the respective firewall forum. Is it a pain to properly configure a good rules based firewall? YES. Is it worth it? YES!!

    Just my thoughts.
  3. rerun2

    rerun2 Registered Member

    Aug 27, 2003
    Windows Firewall is mainly so unobtrusive because it doesn't offer any outbound protection. And like you mentioned, it does serve a purpose in preventing unwanted connections to the internet.

    Your computer should be well protected if you use Windows Firewall with those applications you mentioned. BUT if you found the application filterin in firewalls to be obtrusive. You will find all these other programs to be much more obtrusive. Specifically PrevX, ProcessGuard, and SSM. All 3 of these programs offer very good defense for the areas of the system they monitor and protect, but by doing so they will inevitably warn you about changes being made and in the case of ProcessGuard and SSM the execution of certain files. The protection of PrevX and ProcessGuard can be easily disabled if needed (to install new programs or update windows etc). SSM should be quite easy too but i have not tried the latest version.

    You should not need FileChecker if you plan to use ProcessGuard.

    Between SSM, Prevx, and ProcessGuard I would probably only choose 2 out of the 3 at the most.

    Port Explorer makes a nice addition as well, so that one can easily check if their are any hidden unwanted sockets. But you should read up on it on their site to see if you really want to purchase it. I think it is a great tool but I must admit that I do not use it that much myself. But when I do need it Im glad it is there. And will probably use more when i learn more about its functions :)

    Anti trojan and Anti virus software is a great plus. But do you need to have 2 AV monitors running simultaneously. This does not provide more (if any) greater protection. In fact on most systems it will cause instability. This is not recommended. But having AV/AT running in the background should be fine.

    Rule-sets can be quite intimidating. But for LnS you can just load up the enhanced rule set. This will offer quite good protection by default, with rarely any need to configure it later. Other options in LnS can be activated by simply checking the box and enabling it, much like other software firewalls. As far as allowing certain applications to the internet this might make time. But if an application is trusted like your browser and updaters for your security software, you can pretty much always allow it. If any changes are made to these allowed programs the firewall should notify you. But before allowing it again you should make sure the changes to these programs were authorized by you, for example if you just upgraded the programs.
Thread Status:
Not open for further replies.