Is Windows Firewall sp2 enough?

I need some advice. I'm on dialup and was wondering if Windows Firewall sp2 is enough?

I am pretty much a firewall newbie and don't want to make complex rules for rule based firewalls. I have tried most mentioned here like ZA, Sygate, Kerio 2.15, LnS, Outpost Pro, etc.

What would you recommend?

 

There is an serious issue with the XP SP2 firewall, by writing to the registry on an admin account, which most people run as, a program can give itself permission to act as a server without the user knowing at all. It also has no outbound protection other than icmp.

With limited knowledge, I suggest you stick to programs like Zone Alarm, or even SyGate. However any firewall which gives you control will be a learning expeirence, and rule based firewalls have a learning curve most people are not patient enough to put up with, at least when they are first learning how to use them.

 

The windows firewall does not block out going request's or packets. In my opion the best thing you can do with windowsfirewall is turn it off but get another software firewall before turning it off. About the easiest firewall to use is ZA 4.5 you can get ZA4.5 here

 

XP having merely a one way firewall, it's one way protection is so inept that someone has figured out a way to get around it. One method used by hackers to acquire an army of "zombies" is to send a trojan by spam email like a infected in-line jpg image which opens and displays automatically in an HTML email. The trojan once established on a victim's PC opens a port ,e.g., port 3476, and listens for orders from the hacker. The Microsoft XP firewall on the victim's PC will not prevent this (ZoneAlarm or other two way firewalls would ask the PC's user for permission to allow this. As long as the user denies permission, the trojan is blocked.)

The hacker doesn't know the IP Address of systems he has been successful in
'trojanizing', so he uses a program that rapidly scans a wide range of IP
Addresses for systems that have an open port 3476. The program produces a
list of IP Addresses being used by infected PCs, i.e., their PCs are
listening on port 3476.

Using this list, the hacker can then establish a connection with an infected
PC and issue orders. XP systems using the Microsoft firewall would block
these orders. However, if the infected PC was infected with a trojan that
can make the firewall accept the orders, the PC is now a member of the
hacker's zombie fleet. PCs with other firewall software would be invisible
to the hacker's scanner even if the trojan happened to be installed as long
as the user did not allow it to open the port (i.e. give it server rights).

 

Visnetic is a great firewall http://www.visnetic.com/products/ although a bit expensive for a lot of people at $49.95US. The latest version is 2.2 which includes tarpit technology.

 

I'm trying VisNetic now too, and I find it very nice. Seems to be a good solid stateful rule based firewall with very few bugs. It's a little different from the usual approach due to the lack of app control, but I don't mind that. I'm not in the habit of running rogue apps anyway... However, some people might not like the fact that it doesn't watch individual apps. Only ports and IPs. Has some nice features though...

 

Peaches, you may know the following and so it's not necessarily directed at you, rather I just didn't want to leave a misleading impression in the minds of others that may have read your comments. I believe that a couple of points need to be made. First, I wouldn't really call the XP firewall "inept". It is actually quite good for doing what it was consciously designed to do; i.e., be a basic, in-bound only firewall. Moreover, it is certainly better than "nothing" which is where many consumers were at prior to the Microsoft supplied firewall. There are numerous reasons why Microsoft chose base-level ingress-only firewalling functionality, not the least of which are probably the very "antitrust"/"bundling" legal arguments that competitors have been so quick to toss around over the past few years.

Second, Zone Alarm and other personal firewalls that block outbound connection requests and/or block "listening"/"server" rights are helpful against trojans, but are not necessarily a panacea. Trojans can disable firewall processes, they can "inject" their malware code into processes which are quite likely to have already been authorized for such connections, or perhaps they could even be coded at such a low-level in networking terms that they bypass checking mechanisms that are centered around the Windows Sockets paradigm. Basically, when unknown/untrusted code has executed on your machine you should never make assumptions, almost anything is possible given the proper hacker determination and guile. Therefore, I think it is a bit strong to characterize the XP firewall as excessively flawed in the face of a trojan. Rather, I just think that outbound sensitive firewalls are designed to give a little more protection, but they are not absolutely foolproof against trojans either. There are very few absolutes in the world of security.

 

Hi!

I found the Windows Firewall SP2 inadequate.

Instead, I use ZA 5.1.0 and have found it more than adequate for monitoring inbound & outbound packets. Too, it integrates seamlessly with a personal IDS, Visual Zone 5.7, . Both are free apps. One can download Visual Zone from:

http://www.visualizesoftware.com/

 

Hi evtabasuares

... and welcome to Wilders

Visual Zone is a good log analysis utility for ZA. I usually equate IDS with Intrusion Detection System which is something entirely different, ie. Snort.

Regards,

CrazyM

 

I suggest you turn Windows Firewall off, and get another better firewall. There are so many firewalls available anyway.