Is WinXP Pro ICF enough to stop the 20 minute worms?

Hi Everyone,

Todays new malware can kill an unpatched (unprotected) Windows computer in 20 minutes when connected to the internet.
It has been commonly advised here when performing a new Windows XP install to first physically disconnect (unplug) from the internet. And then set up the Internet Connection Firewall (ICF) so your ports are stealthed. Only then, reconnect and quickly get all the Critical Windows Updates and a better firewall.

But I have also read that many of the newer worms don't even care about stealthed ports, they try to attack vulnerabilities anyway. Knowing this, is the ICF still enough protection when doing a new install?

Are certain versions of Windows XP no longer safe for the initial install? (assuming no other hardware/software firewall and just the ICF was activated)

What about:
The original Windows XP Pro CD(with no SP)?
Windows XP Pro (SP1)?
Windows XP Pro (SP2)? (considering new flaws)
Windows XP Home?

Is a new initial install procedure needed? Like requiring a hardware firewall before connecting. Or installing a better software firewall first? With these new malware that don't care about stealth, is it enough?

 

Thanks ronjor,

I do to, but I was thinking of what to advise other people should they ask.
Is a NAT router (without hardware firewall) still adequate for these new buggers? Let's say you are doing a new install but with an old XP Pro CD (no SP).
Some people are also still on dial up and don't have a router.

 

I don't know.
Let's say dial up, new XP Pro (no SP, not even SP1) install and they activate the ICF.
They connect to the internet and are happily downloading SP1 (for 10 or so hours) . They have the ICF blocking the inbound, but the vulnerabilities still exist (before the patches are retrieved) behind the firewall. Since these new worms don't care about stealth, would they infect? Or is the ICF able to not only stealth the ports, but prevent any inbound attack that would exploit these unpatched vulnerabilities?

 

Thank you ronjor!

It used to be that the always on static IP of broadband was unsafe and the varying IPs of dial up would protect you. It seems like the balance is shifting (security wise) towards broadband because you can download the patches faster to reduce your exposure.

 

One of the major problems in being restricted to dial-up. Those of us in rural areas concerned with security have to burn our Microsoft updates to CD for back-up or ask a friend on cable/broadband to download and burn the updates for us.

The recently released Microsoft Update CD's are of course essential for dial-up users. Not many of us are going to try and download over 400MB for SP2 on dial-up!

 

It only took around 15 hours to download the 266mb SP2 install on dial-up, and the reason I download that was I wanted to slipstream my XP Pro CD to SP2. I have been running a clean install of SP2 for over a week now.

 

Yes, both ICF (now Windows Firewall) or a NAT router would block all unsolicited inbound packets.

Regards,

CrazyM

 

Hello

From what I thought I understood, Microsoft will ship a SP2 CD also?

Bruce

 

That's correct Bruce, the only thing remaining is "when"

rgds,
Martin

 

Thank you Everyone for all the great answers!

 

different ways to stop the worms:

keep patches on CDR
disable DCOM, LSASS, etc
ICF
personal firewall
NAT router / hardware firewall

ICF is the safest way.

 

Microsoft downloaded sp2 today and it was only 82.5MB and on dial up took 4hrs . If I didnt already have a firewall I would activate the windows one and zap up to Look n stop as it only takes 2 mins on dial up to download and use that .

 

xmp and solarpowered candle,

Thank you for the info, that makes sense.
Only 4 hours to download SP2....Even dial up users shouldn't have too much of a problem with that.