Windows Firewall Sufficient Enough?

Discussion in 'other firewalls' started by A1SteakSauce, Jul 29, 2006.

Thread Status:
Not open for further replies.
  1. A1SteakSauce

    A1SteakSauce Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    88
    Is the stock Windows Firewall a good enough firewall by itself or should I also get another firewall with it? I have always pondered this question about the firewall... So is it good enough.o_O
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    its good against inbound attacks just like a hardware router. if u want outbound (network) protection, u can use AppDefend.
     
  3. A1SteakSauce

    A1SteakSauce Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    88
    Thanks for your prompt reply. I'll try it out. So would the Windows firewall be the same kind of firewall as ZoneAlarm or Outpost?
     
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    no. zonealarm and outpost offer outbound protection and thus are more complex.
     
  5. betauser2

    betauser2 Guest

    Yes

    betauser2
     
  6. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    It really depends on your surfing habits, and your experience of computers (well, of your own computer, to be more accurate).

    For inbound protection, the WinXP firewall does a reasonable job. What you really need to ask yourself is "Do I need outbound protection and, if yes, would I be able to manage it?".

    The majority of 'average' computer users just don't have the experience or knowledge to be able to respond authoritatively to an outbound firewall's prompts. If you are one of those, it won't be of much benefit to you. Similarly, if you have a good technical understanding of malware threats and you practise safe surfing, outbound protection will not be a big issue for you. Also, the sophistication of much of today's malware (which piggy-backs onto other apps most people routinely grant outbound access) means they are often not blocked by outbound firewalls anyway.

    I used to believe that outbound protection was important, but experience with our many customers suggests that outbound protection offers little benefit to most computer users. This is exactly the position that Microsoft have adopted too (whether that is of relevance to you, I don't know) - while they have bowed to public pressure to add outbound protection to the Windows firewall in Vista, they have made it accessible only to those who go looking for it.

    The main benefit I see of outbound protection is one of education - it helps you to understand more about your computer's applications and how they use the internet, if that is how you are so inclined.
     
  7. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    At one time I used the windows xp firewall with avg free and spybot s&d for quite a while and i never had any security issues. Although with that said there are some decent freeware firewalls you can just as easily use. Zonealarm, Comodo or Sunbelt-Kerio are great free products.
     
  8. ASpace

    ASpace Guest


    Depending on you ... but Windows Firewall is excellent for what it was made for .

    Firewalls are made to establish invisiable barrier between your computer and the ouside world and thus to keep hackers/worms/instruders OUT .

    Windows Firewall provides only incoming protection and it works differently from other firewalls like ZoneAlarm,Jetico,Outpost,etc... It uses intrusion detection system databases and it filters ports activities.Example :
    When you are doing nothing with your computer = no application is using any port = nothing wants to connect outside , Windows Firewall automatically closes and stealth all ports . When an applications wants to connect to the outside world , WF automatically opens that port . Example Internet Explorer which uses port 80 wants to open site wilderssecurity.com and WF opens port 80 only , everything else is closed. This makes WF application independant firewall because it doesn't care which program will use port 80 , no matter if IE , Mozilla or Opera .

    Also Windows Firewall can block applications that tries to act as a server and eliminate the traffic which is going to be used for that. If you set Windows Firewall to "Don't allow exceptions" it works completely automatically and never asks you , it just works protecting you form those nasty hackers.

    From the posts of yours I have seen it seems you are home/average user (sorry if I am wrong) and I would recommend you stay with Windows Firewall because :
    • it will protect
    • it will not ask you
    • it will not confuse you (like other software firewalls confusing people)

    I don't use nor recommend people use outgoing protection . I would recommend you use qualitive antivirus software and antispyware programs. Firewalls are made to keep snoopers out and the antivirus/antispyware is the one that will kill the unsolicated outgoing traffic by eliminating it before it makes something bad to you :thumb:

    Microsoft Windows Firewall:
    http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx

    Protect your PC:
    http://www.microsoft.com/protect


    HiTech_boy
     
  9. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    While it is true that software firewalls will monitor traffic and the ports used by programs, they do not "open" ports in the method described above.

    When you view a website using a browser, your browser will connect to port 80 on the web server itself - it will not use port 80 on your PC but will request (and be allocated) a dynamic port by Windows itself (which will usually be in the range 1024-5000). This dynamic port will not be "open" since the firewall will not allow every other system on the Internet unsolicited access to it but will instead only be allowed to receive incoming responses to the initial request sent out.

    As to the benefits of outbound filtering, they are significant in security and privacy terms but, as Spm notes, they do require a knowledgeable user (at least, someone who knows what software they have installed). Anti-virus software can certainly deal with known malware but this still leaves unwanted "phone home" behaviour by legitimate applications and network activity by undetected malware (most notably if a rootkit manages to get installed). Yes, there are techniques to try to hide such traffic by hijacking "trusted" processes but the top-tier firewalls are generally ahead of the curve in detecting these - and such activities are easier to flag as malicious.

    One particular weakness about Windows firewall however is the ease with which any program can alter its configuration to gain network access or disable the firewall completely (see Windows XP SP2 Firewall - Is It Sufficient To Replace 3rd-party Personal Firewalls?). A decent software firewall should be able to act as a fallback to an anti-virus scanner and Windows firewall is clearly inadequate here.
     
  10. ASpace

    ASpace Guest

    You are right , I tried to explain it easier but it turned out that wasn't so correct , sorry :)

    Won't discuss here , many pros and cons
     
  11. A1SteakSauce

    A1SteakSauce Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    88
    Thank you all for your replies and while I'm here I have another question (sorry). I am getting a new laptop and it is Windows Vista capable... would you recommend that I stay with XP or upgrade to Vista?
     
  12. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    id stay with XP for now. when Vista comes out, then u can decide if u want to upgrade.
     
  13. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Well, the system requirements are actually very conservative for Windows Vista, so all new computers should be Vista 'capable'. Whether or not that means you will have a computer that is able to take advantage of all the new facilities Vista will offer is another matter (esp. its graphics capabilities).

    Vista is not yet a publicly-released operating system - it is still in 'beta test' and unless you have a full understanding of what it would mean to install it, I'd strongly suggest you keep well away.

    Vista will not be released until sometime next year, so be patient and stick with Windows XP.
     
  14. ASpace

    ASpace Guest

    No Vista for my computers until Vista Service Pack 1 is released to fix all those bugs which Microsoft guys have made because some people want it out too early
    BTW - we expect XP Service Pack3 in the second half of 2007
     
  15. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I have been giving vista a try and it is ok. I didn't have any problems with it. The only thing I had to do was upgrade the audio driver to be Vista compatable. That took just a few seconds and then all worked well. But I have uninstalled it after giving it a run and will wait for the final release.
     
Loading...
Thread Status:
Not open for further replies.