Is Windows Firewall sp2 enough?

Discussion in 'other firewalls' started by Ailric, Oct 1, 2004.

Thread Status:
Not open for further replies.
  1. Ailric

    Ailric Guest

    I need some advice. I'm on dialup and was wondering if Windows Firewall sp2 is enough?

    I am pretty much a firewall newbie and don't want to make complex rules for rule based firewalls. I have tried most mentioned here like ZA, Sygate, Kerio 2.15, LnS, Outpost Pro, etc.

    What would you recommend?
  2. BlitzenZeus

    BlitzenZeus Security Expert

    Feb 11, 2002
    Oregon, USA
    There is an serious issue with the XP SP2 firewall, by writing to the registry on an admin account, which most people run as, a program can give itself permission to act as a server without the user knowing at all. It also has no outbound protection other than icmp.

    With limited knowledge, I suggest you stick to programs like Zone Alarm, or even SyGate. However any firewall which gives you control will be a learning expeirence, and rule based firewalls have a learning curve most people are not patient enough to put up with, at least when they are first learning how to use them.
  3. bigc73542

    bigc73542 Retired Moderator

    Sep 21, 2003
    SW. Oklahoma
    The windows firewall does not block out going request's or packets. In my opion the best thing you can do with windowsfirewall is turn it off but get another software firewall before turning it off. About the easiest firewall to use is ZA 4.5 you can get ZA4.5 here
  4. Peaches4U

    Peaches4U Registered Member

    Nov 22, 2002
    At my computer
    XP having merely a one way firewall, it's one way protection is so inept that someone has figured out a way to get around it. One method used by hackers to acquire an army of "zombies" is to send a trojan by spam email like a infected in-line jpg image which opens and displays automatically in an HTML email. The trojan once established on a victim's PC opens a port ,e.g., port 3476, and listens for orders from the hacker. The Microsoft XP firewall on the victim's PC will not prevent this (ZoneAlarm or other two way firewalls would ask the PC's user for permission to allow this. As long as the user denies permission, the trojan is blocked.)

    The hacker doesn't know the IP Address of systems he has been successful in
    'trojanizing', so he uses a program that rapidly scans a wide range of IP
    Addresses for systems that have an open port 3476. The program produces a
    list of IP Addresses being used by infected PCs, i.e., their PCs are
    listening on port 3476.

    Using this list, the hacker can then establish a connection with an infected
    PC and issue orders. XP systems using the Microsoft firewall would block
    these orders. However, if the infected PC was infected with a trojan that
    can make the firewall accept the orders, the PC is now a member of the
    hacker's zombie fleet. PCs with other firewall software would be invisible
    to the hacker's scanner even if the trojan happened to be installed as long
    as the user did not allow it to open the port (i.e. give it server rights).
  5. Chuck57

    Chuck57 Registered Member

    Sep 2, 2002
    New Mexico, USA

    Visnetic is a great firewall although a bit expensive for a lot of people at $49.95US. The latest version is 2.2 which includes tarpit technology.
  6. Kerodo

    Kerodo Guest

    I'm trying VisNetic now too, and I find it very nice. Seems to be a good solid stateful rule based firewall with very few bugs. It's a little different from the usual approach due to the lack of app control, but I don't mind that. I'm not in the habit of running rogue apps anyway... However, some people might not like the fact that it doesn't watch individual apps. Only ports and IPs. Has some nice features though...
  7. Alec

    Alec Registered Member

    Jun 8, 2004
    Dallas, TX
    Peaches, you may know the following and so it's not necessarily directed at you, rather I just didn't want to leave a misleading impression in the minds of others that may have read your comments. I believe that a couple of points need to be made. First, I wouldn't really call the XP firewall "inept". It is actually quite good for doing what it was consciously designed to do; i.e., be a basic, in-bound only firewall. Moreover, it is certainly better than "nothing" which is where many consumers were at prior to the Microsoft supplied firewall. There are numerous reasons why Microsoft chose base-level ingress-only firewalling functionality, not the least of which are probably the very "antitrust"/"bundling" legal arguments that competitors have been so quick to toss around over the past few years.

    Second, Zone Alarm and other personal firewalls that block outbound connection requests and/or block "listening"/"server" rights are helpful against trojans, but are not necessarily a panacea. Trojans can disable firewall processes, they can "inject" their malware code into processes which are quite likely to have already been authorized for such connections, or perhaps they could even be coded at such a low-level in networking terms that they bypass checking mechanisms that are centered around the Windows Sockets paradigm. Basically, when unknown/untrusted code has executed on your machine you should never make assumptions, almost anything is possible given the proper hacker determination and guile. Therefore, I think it is a bit strong to characterize the XP firewall as excessively flawed in the face of a trojan. Rather, I just think that outbound sensitive firewalls are designed to give a little more protection, but they are not absolutely foolproof against trojans either. There are very few absolutes in the world of security.
  8. evtabasuares

    evtabasuares Registered Member

    Oct 2, 2004

    I found the Windows Firewall SP2 inadequate.

    Instead, I use ZA 5.1.0 and have found it more than adequate for monitoring inbound & outbound packets. Too, it integrates seamlessly with a personal IDS, Visual Zone 5.7, . Both are free apps. One can download Visual Zone from: :rolleyes:
  9. CrazyM

    CrazyM Firewall Expert

    Feb 9, 2002
    BC, Canada
    Hi evtabasuares

    ... and welcome to Wilders :)

    Visual Zone is a good log analysis utility for ZA. I usually equate IDS with Intrusion Detection System which is something entirely different, ie. Snort.


  10. nadirah

    nadirah Registered Member

    Oct 14, 2003
    I suggest you turn Windows Firewall off, and get another better firewall. There are so many firewalls available anyway.
Thread Status:
Not open for further replies.