Is the Windows XP firewall enough???

Discussion in 'other firewalls' started by JTA, Apr 15, 2004.

Thread Status:
Not open for further replies.
  1. JTA

    JTA Guest

    I have that running an Zone Alarm and ZA is kinda aggravating.So would it be OK to uninstall ZA and just use the Windows XP firewall?
     
  2. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    It's enough protection from outside, threats, incoming attacks.
    Most of the current firewalls also protect against unwanted outside communication. They check if the program that wants to communicate with the internet, is trusted. It is trusted when you say so. Any new program that want to communicate, will trigger the firewall.
    Also programs that take over your trusted apps, for instance a trojan that will act like ie.exe will be trapped, since the firewall compares a digital 'fingerprint'of the trusted apps.
    The software firewalls also offer logging and alerting.

    If you do not need this kind of functionality, using the XP firewall will be sufficient. BTW: Service Pack 2 of XP will offer some form of outward control too.
     
  3. JTA

    JTA Guest

    Well in one of my magazines,it says that the WinXP firewall is good,but it doesn't do much for out going things like trojans.So to prevent this use a good Anti-Virus program.And I do use a good AV program.I have Norton AV 2004.And believe me,I keep it updated alot.I run Live Update 3-4 times a day and scan my computer 3 times a week.So is the WinXP firewall enough for me?
     
  4. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    XP's ICF is certainly better than nothing. Currently it only protects from inbound port scans. (XP SP 2's ICF has more capablities, I understand.) ZA and other firewalls with outbound monitoring provide more protection in that they normally require user approval for programs that want to access the internet. In some cases such an alert is the first indication some people have that an unfamiliar program that turns out to be a trojan is on their PC.

    It's up to you since it's your PC. With XP's firewall you'd have no idea what on your PC is accessing the internet. Depending on how cafeful you are regarding the sort of things you download and whatever other security measures you may have, that may be sufficient. If not, well....you could be owned and not have a clue.
     
  5. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Norton may not be enough even if you're current with the updates depending on your computing practices. If you're super careful about what you download, etc, it may be fine. But if you do P2P file sharing and/or download "free" apps of questionable origin, get a dedicated antitrojan app.
     
  6. JTA

    JTA Guest

    Yeh,I'm SUPER careful about what I download.I don't let my family download anything without my looking at it first.I check my registry everyday to see if anything is changed.Oh yeh,I don't use any file sharing a apps.As a matter of fact I don't share anything.Oh yeh,I forgot to mention I have been using ZA for about the past 6 months and I never had any thing supiscious come up so I figure its fine.And as for the downloading thing..I even feel shakey donwloading stuff from Microsoft :p
     
  7. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    JTA ... I would not be without a firewall that does not protect me from what is leaving my computer without my knowledge. Zonealarm, free version, I found will allow, example: Hotbar to write itself into Program Control and unless you check Program Control from time to time, Hotbar sends messages to its home. By checking manually, you will be able to determine if something has written itself there that should not be there. It is for this reason I purchased ZAPro where any changes made in the firewall need my password. I use my firewall to also block certain programs from accessing the internet - especially those that I feel have no need for access. I also like the ZAPro MailSafe feature which automatically quarantines attachments which are infected so there is no mistake of opening something that I shouldn't have. By nature, I am cautious and never download from sites I am not familiar with or without reading their privacy policies, etc.
     
  8. JTA

    JTA Guest

    so I've read that Microsoft advises people to turn off ICF if you are running another firewall.Well about 6 months ago,I got a browser Hijack when I was using only ZA.I didn't have the WinXP firewall enabled.So I enbaled the WinXP firewall and I haven't had any problems.Is it really bad if I have the WinXP firewall and ZA runningo_OI figure its more protection.
     
  9. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Browser hijacking has nothing to do with your firewalls and certainly ICF provides no protection against them. It happens when your browser settings are too lax---and the default settings are too lax. Typically it's a result of ActiveX being enabled in the Internet Zone. Set it to prompt so you can be really choosy about which sites you trust enough to run ActiveX on (some might need it to function) or disable it all together. Also disable download on demand. That feature aids in the installation of crud at the demand of others, not yourself, so your ability to download is not impaired when you disable that option.

    For more info on better securing against spyware either through downloads (where it might be bundled with other stuff) or "drive bys" through the browser, see this thread: https://www.wilderssecurity.com/showthread.php?t=27971

    I personally think running ICF and ZA is unnecessarily duplicative and doesn't have much benefit in terms of additional security. Although I've seen people report that they had no problems with the ICF/ZA combo. ICF in its current state is farily basic. (And as mentioned above, that will change somewhat with XP SP2.)

    Rather than the current ICF I'd consider getting a cheap router (I got a D-Link on sale for $20.) and hooking it up even if your PC is a stand alone and not part of a LAN. (Routers, like ICF, can block unsolicited inbound connections when configured to do so. Mine was configured to do that by default which was nice.) If you do this, run port scans to check it out at GRC.com shields up or PCFlank.com and the Sygate site has a port scanner too. That way if you had a router and ZA you'd have two layers of protective defenses, hardware and software. And ZA still would provide the outbound monitoring for application control. Just another option to consider. ;)

    BTW, I did run XP's ICF only for about 8 months when I first got my new PC without a problem. No router, no ZA. So it can be done without ill effects but it depends on the user's practices and other defenses. Since that varies from person to person, I usually don't recommend only using ICF as a blanket guideline for others, since online security is not a one size fits all situation. The user's expertise and computing practices are the most critical factors that determines what kinds/level of security will suit their needs. But I eventually got around to loading ZA Plus on my PC, having used it on my W98 box. ZA+ with component control also provided an education as to how chatty XP wants to be on the net on outbound and the various components involved.

    So the deal is to figure out what risks are out there and how your knowledge of them and your use of your PC fits in with that to determine what sorts of security measures are appropriate for you.
     
    Last edited: Apr 15, 2004
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    So far the only application control the Windows Firewall in XP SP2 RC1 is offering is for those that need to act as a server - allow unsolicited inbound connections. They can be added to an exception list where services/ports and IP's can be defined. All outbound is still allowed.

    Regards,

    CrazyM
     
Loading...
Thread Status:
Not open for further replies.