Is WinXP Pro ICF enough to stop the 20 minute worms?

Discussion in 'other firewalls' started by Devinco, Aug 20, 2004.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Everyone,

    Todays new malware can kill an unpatched (unprotected) Windows computer in 20 minutes when connected to the internet.
    It has been commonly advised here when performing a new Windows XP install to first physically disconnect (unplug) from the internet. And then set up the Internet Connection Firewall (ICF) so your ports are stealthed. Only then, reconnect and quickly get all the Critical Windows Updates and a better firewall.

    But I have also read that many of the newer worms don't even care about stealthed ports, they try to attack vulnerabilities anyway. Knowing this, is the ICF still enough protection when doing a new install?

    Are certain versions of Windows XP no longer safe for the initial install? (assuming no other hardware/software firewall and just the ICF was activated)

    What about:
    The original Windows XP Pro CD(with no SP)?
    Windows XP Pro (SP1)?
    Windows XP Pro (SP2)? (considering new flaws)
    Windows XP Home?

    Is a new initial install procedure needed? Like requiring a hardware firewall before connecting. Or installing a better software firewall first? With these new malware that don't care about stealth, is it enough?
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    I use a router for incoming but do reinstall offline.
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks ronjor,

    I do to, but I was thinking of what to advise other people should they ask.
    Is a NAT router (without hardware firewall) still adequate for these new buggers? Let's say you are doing a new install but with an old XP Pro CD (no SP).
    Some people are also still on dial up and don't have a router.
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Very good question. Seems dialup would leave you open long enough to get something doesn't it?
     
  5. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    I don't know.
    Let's say dial up, new XP Pro (no SP, not even SP1) install and they activate the ICF.
    They connect to the internet and are happily downloading SP1 (for 10 or so hours) :rolleyes:. They have the ICF blocking the inbound, but the vulnerabilities still exist (before the patches are retrieved) behind the firewall. Since these new worms don't care about stealth, would they infect? Or is the ICF able to not only stealth the ports, but prevent any inbound attack that would exploit these unpatched vulnerabilities?
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Before you take other steps, make sure you have a firewall activated to help protect your computer against infection. If you have a hardware firewall in place for your home or workplace connection, or if you use the firewall included with Windows XP, the Sasser worm is most likely blocked.


    http://www.microsoft.com/security/incident/sasser.mspx


    Most likely are the key words----------- *puppy*
     
  7. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thank you ronjor! :)

    It used to be that the always on static IP of broadband was unsafe and the varying IPs of dial up would protect you. It seems like the balance is shifting (security wise) towards broadband because you can download the patches faster to reduce your exposure.
     
  8. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    One of the major problems in being restricted to dial-up. Those of us in rural areas concerned with security have to burn our Microsoft updates to CD for back-up or ask a friend on cable/broadband to download and burn the updates for us.

    The recently released Microsoft Update CD's are of course essential for dial-up users. Not many of us are going to try and download over 400MB for SP2 on dial-up!
     
  9. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    It only took around 15 hours to download the 266mb SP2 install on dial-up, and the reason I download that was I wanted to slipstream my XP Pro CD to SP2. I have been running a clean install of SP2 for over a week now.
     
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Yes, both ICF (now Windows Firewall) or a NAT router would block all unsolicited inbound packets.

    Regards,

    CrazyM
     
  11. controler

    controler Guest

    Hello

    From what I thought I understood, Microsoft will ship a SP2 CD also?

    Bruce
     
  12. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    That's correct Bruce, the only thing remaining is "when" :rolleyes:

    rgds,
    Martin
     
  13. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thank you Everyone for all the great answers!

    :)
     
  14. xmp

    xmp Guest

    different ways to stop the worms:

    keep patches on CDR
    disable DCOM, LSASS, etc
    ICF
    personal firewall
    NAT router / hardware firewall

    ICF is the safest way.
     
  15. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Microsoft downloaded sp2 today and it was only 82.5MB and on dial up took 4hrs . If I didnt already have a firewall I would activate the windows one and zap up to Look n stop as it only takes 2 mins on dial up to download and use that .
     
  16. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    xmp and solarpowered candle,

    Thank you for the info, that makes sense. :)
    Only 4 hours to download SP2....Even dial up users shouldn't have too much of a problem with that.
     
Thread Status:
Not open for further replies.