Why is it that SP2 Firewall has no Outbound Protections?

Discussion in 'other firewalls' started by sweater, Aug 29, 2005.

Thread Status:
Not open for further replies.
  1. Syncman9

    Syncman9 Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    113
    Location:
    UK
    I'd agree with that, and from what I've read from your post and the MS site, it does appear the MS firewall has no outbound protection what so ever. I always thought it used a very basic form of application control, but it doesn't. It's even worse than I previously thought.
     
  2. mem1

    mem1 Guest

    Looks like I removed the reference to the IPSec article but here is another that may be usefull:

    Improving Resiliency with Windows XP Service Pack 2
    "As in ICF, Windows Firewall (WF) permits all outbound traffic. (Unlike other host firewalls, WF performs no outbound blocking because our user testing indicated that the dialogs and general “chattiness” of outbound blocking confused most users.) WF will normally block any inbound traffic unless what’s arriving is a response to some previous outbound request. You can create exceptions in the firewall’s policy to allow unsolicited inbound traffic in two ways:

    By granting an application permission to open whatever ports it needs when the application starts; when the application terminates, WF closes the ports.

    By statically opening a port (the old ICF way)."

    http://www.microsoft.com/technet/security/secnews/articles/itproviewpoint071404.mspx
     
  3. Trekk

    Trekk Registered Member

    Joined:
    Aug 16, 2005
    Posts:
    90
    Location:
    Ohio
    Application control is a product of HIPS. Not generally somthing incorporated into home based firewalls. They figure if they dont let anything in, then why worry about anything getting out?

    Trekk
     
  4. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Hardly.
    Even worse, it blocks far too few leak attacks, the best being about 50% or less.
    So it may be a good idea to install intrusion prevention systems like ProcessGuard, System Safety Monitor, Viguard etc.
    They do very well to block (nearly) all of them.
     
  5. zaizai

    zaizai Guest

    Try Telling steve gibson that :)
     
  6. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    I didn't do any serious test about it.
    But I believe Windows Firewall is light, use little resources.
    So I agree with you.

    I think you should agree that we should use Wins Firewall in (nearly) no situations. Anyway, I still explain for people who don't understan why.

    Although it uses few resources, still it should not be a reason to use Windows Firewall as well. Why do you wish to install Firewall? It is security! Rememberthat although it is light, the firewall is flawed. It is far from a meet-to-standard firewall.

    Actually there are 6 opinions one my choose:
    - use no firewall; no resource/memory is wasted; no security
    - use Wins Firewall; little resource/memory is wasted; very little security

    - use free AND light Firewall; so little resource/memory is wasted; high to very high security depending on what products you use
    - use free AND non-light Firewall; more resource/memory is wasted; same as above

    - use paid AND light Firewall; so little resource/memory is wasted; same as above
    - use paid AND non-light Firewall; more resource/memory is wasted; same as above


    If someone is rational, it is usually unwise to use Win Firewall. Using Win Firewall is nearly equal to no Firewall. Yes, it blocks inbound traffic, but it doesn't do as well as other free firewall. According to nowadays technique, it is not difficult for a hacker to bypass this flawed firewall and intrude your system easily without getting you notice. Nothing seems happen in does not equal to safe. Rather it is just a false sense of security.

    How easy is it? Well, it is diffiuclt to answer since different poeple have different vlaue judgement. But I would say even a beginner hacker can do so if he can reach some free hacker tools, or is willing to search for freely available hacker articles.

    If resource is of great concern, there are light free firewall which you can use. No need to use Win Firewall.

    Is it really improtant to save a jot of resources, but what you get is just very limited, not to say false sense of, security?
     
  7. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    You may consider the fact that they don't really need to ask for your permissions before breaking into your house. :cool:

    Also it doesn't mean you have to get reach to them first (from warez websites etc.) in order to get into trouble. These rascals know how to "knock at your door" and trouble you :p
     
  8. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Indeed Wins Firewall is a misnomer. :D
    Using it is no difference from using a door without lock. :rolleyes:
     
  9. Cyber Surfer

    Cyber Surfer Registered Member

    Joined:
    Aug 26, 2004
    Posts:
    41
    I agree with all your comments, but unfortunately those of us who are running Windows XP Pro X64 do not have an alternative to Windows Firewall.

    I can assure you that the first developer that creates a 64 bit firewall will be overloaded with requests for their software.
     
  10. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Hmm... I have one question.
    Since Windows XP 64-bits is structurally different, will most malware malfunction for the same reason?
     
  11. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,639
    theres tiny firewall 64 and if u have a nforce 4 motherboard u can use the nvidia firewall tho its not that great. also i think windows xp pro x64 does have a windows firewall but im not exactly sure.
    just like anti-malware programs, if they use drivers, services, (and maybe hooks) theyll need to be upgraded to 64-bit. for 32-bit malware the startup folder and registry should still be accessible.
     
  12. 666

    666 Guest

    Because a lot of Windows components (such as media player) phone home and M$ doesn't want you to block that traffic.
     
  13. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,639
    to make it simple and offer a basic amount of protection.
     
  14. Cyber Surfer

    Cyber Surfer Registered Member

    Joined:
    Aug 26, 2004
    Posts:
    41
    So far, I have been lucky! My D-Link NAT Router and the 64 bit version of Windows Firewall have protected me. I would feel a lot safer if Look N Stop or ZoneAlarm would release a 64 bit firewall. Time is of the essence, and whoever releases the first trustworthy 64 bit firewall will make a mint, with over a million Windows X64 users who are anxiously awaiting a superior product. Are you listening Marcos?
     
  15. zaizai

    zaizai Guest

    Those who can do that, will do that no matter what brand of firewall you use.
     
  16. controler

    controler Guest

    Hello

    Can someone tell me if this MS app works to control a programs access to the internet ect?

    Thank You

    controler
     

    Attached Files:

  17. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,639
    thats just to select which programs will be the default. for example u can select Firefox over IE or AIM over Messenger.
     
  18. controler

    controler Guest

    Ok yes but I was refering to the poster that said he wanted to use some other apps but didn't want them connecting to the internet :)

    controler
     
  19. OptixPro

    OptixPro Guest

    Quote

    XP2 firewall has no outbound filtering, obviously it can't handle leak test lol.

    Yes, I agree with this, it can't handle leak test..WF cant block an outbound connection but wait a minute, lets say my machine is compromised and has been planted with a trojan, e.g. a server program thats accept connection from the LAN or Internet, the client program used by an attacker will initiate an inbound connection to the server program on my PC, does this means WF fireall cant handle it? If can't then WF is a lousy firewall then....
     
  20. klister

    klister Guest

    Hi OptixPro..

    What if not a backdoor software? Just only a malicious code thats running in the background and its hidden, sends out personal information from your PC to the programmer of the malicious code?

    Do you think WF can block it? Certainly not... tsk.. tsk..
     
  21. SPYBOT_SD

    SPYBOT_SD Guest

    Originally quote by SWEATER

    **Unlike the MS Antispyware Beta it is "complete" and probably one of the best anti-spyware at present. Is it more expensive to make outbound protections?**

    I dont think its one of the "best", you know why? I downloaded a BETA 4 months ago, it cannot detect spyware but SPYBOT's Search & destroy can detects spyware on my PC. I hope they updated their detection engine at this time...

    Ok, back to the main topic, why you bother using software FIREWALL if you can use an alternative? Just configure a linux box, harden it and configure to ack as your firewall.. or if you have enough budget, use fortigate firewall.. its better than the other hardware firewall i think....

    Anyway, my advice is, even if you have the best firewall, be it software or hardware, make sure you have complete control not your vendor who has complete control especially on hardware firewalls. What I know on software firewall vendor is, they have control to their software...be it ZA, SYGATE, NIS, MCAFFEE, etc..
     
  22. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,381
    Location:
    West Yorkshire, UK
    Application filtering CAN have it uses, but is it better not to prevent the junk being installed/downloaded in the first place, by securing the operating system (limited user accounts, locked down IE setting) and better prevent the junk getting on your machine in the first place, eg with virus/malware scanners ?

    This is something that happens in a coperate enviroment (or I have seen), secure permissions policies (eg to prevent the junk being able to install/run from ie) and virus scanners being the main things.
    This is where MS makes most of its $ and why IMHO it does'nt bother with application filtering. Yes I am well aware that MS Market win XP for Home, but its a minor part of their sales market and therefore interest to satisfy.

    Home users, are far more experimental, installing, trying different things, and very few have the resources or knowledge, to maximise security (how many home users know about risks of admin accounts for example or lock down IE setting ?), by locked down policies (im talking your average curious web surfer here), or have test machines to try new software without risk to the rest of their network (or internet).
    This is where I can see application filtering and sandbox apps being useful, but again they are only of use if can be configured and used correctly (by the average home user).
     
  23. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    It is possible that WF can not block that inbound connection.
    The malware (eg trojan, backdoor etc.) can "infect" the WF in many ways to nullify/bypass/terminate WF.
    As you know, WF doesn't really has a small icon on the system tray, os even if it is deactivated, you will not notice. [#1]
    that's alos why I say WF, although it has inbound protection, do not work as effective as other third-party inbound protection.

    Reference:
    New MyDoom knocks through Windows weak firewall
    http://www.pcpro.co.uk/news/63211/n...rewall firewall

    Critical hole found in Windows XP SP2 firewall
    http://www.pcpro.co.uk/news/67270/c...rewall firewall

    Windows Firewall Has A Backdoor
    http://habaneronetworks.com/viewArticle.php?ID=144

    ------------
    1: In fact, even if there is a firewall icon in the system tray ANd it shows the firewall is woking, it may be fake. It is possible for a hacker to deactivate/nullify/terminate a firewall AND at the same time, sending fake info to the GUI that the firewall is working.
     
  24. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    I really dont know what you are after wai waio_O??

    It seems you dont know nothing, but want to write on these forums?
    What it is upto you?

    Bashing win SP2 firewall that is really good for a basic user o_O

    Sure we use other firewalls, but what is the point of your posts?
     
  25. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    o_O?
    I am just telling him that it is possible to bypass WF, and some proofs about it.
    Surely I could be wrong since I am not an expert.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.