I have done some reading of threads here concerning DSA and Private Firewall. From that effort, I conclude the following: 1. DSA contains the basic Private Firewall engine, and provides inbound SPI protection for TCP, UDP, & ICMP protocols. 2. Private firewall does not provide protection at boot, per Stem's testing. 3. DSA provides basic outbound network access control. 4. DSA is supposed to work without conflict with other firewalls. If the above four points are correct, is there any reason NOT to run the Windows SP2 Firewall along with DSA to cover the shortcoming listed in point 2 above? I am not interested in comments offering other solutions, as my present security set-up has kept me clean for years. As a veteran user of both KPF 2.1.5 & CHX-I, I understand that a DSA/SP2FW combo would limit configuration options. Thanks for your time.
Hi FadeAway: No, if you believe that running what amounts to two firewalls is OK. I know privacyware says there is no conflict, but I wonder about a performance hit. I used DSA for a long time and liked the program, but I was behind a router/FW and had the SP2 firewall turned off. I think DSA is most valuable for that kind of set-up. Oops.
Hi folks & thanks for the replies. The reason for the comment about not seeking other solutions, was that the DSA/SP2FW combo was not under consideraton for myself. Recently I reinstalled XP on a neighbor's computer. They are a middle-aged couple, kids grown and gone. Their machine was a mess, even behind a router. Too click-happy. One of the two would like to learn some, so as to avoid that situation in the future. I trialed DSA on my machine and it appeared fairly easy for a novice to learn with some guidance. Just did not want to get into a discussion on that subject. I do not use DSA, but the security set-up here would be too confusing for them. The concern of my question was strictly a technical one about providing good, simple firewall/HIPS coverage without any conflicts. To be sure, there are many other combinations, but I am focusing on DSA for them, with SP2FW to cover boot time, and block servers. It seems like any performance hit would be minimal on their machine, but that is the kind of input I appreciate here. Thanks again.