XP Firewall

Discussion in 'other firewalls' started by stalker, Feb 4, 2004.

Thread Status:
Not open for further replies.
  1. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia
    The simple question - what is XP in-built Firewall, and what it does/should do. I don't see any blocking activity, or anything, exept logging to D:\Documents and Settings\*User Name\firewall.log



    Thanks, and best regards
     

    Attached Files:

  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    It is a very basic firewall that handles inbound connection attempts only (no outbound application controls like most add-on software firewalls). It uses the stealth model for the inbound packets it blocks.

    Some people call it a software NAT running right on your PC because of how it handles inbound connections. Packets that are replies to what your PC sends out are allowed in, but unsolicited packets are dropped.

    It does work. If it had been "enabled" by default on all XP installs then the MS Blast worm may not have been much of anything, at least against XP boxes. If you have no other software firewall or external protective device such as a router, then the built-in XP firewall (ICF) is certainly worth using.

    As for "alerting" and "customizable features", well it is a very lean product. No alerts or popups, which some people would say is a good thing.


    Edit: Oh, by the way, it is best to disable the built-in XP firewall if you are using another installed software firewall on the box, otherwise you will get some odd results - things blocked or not working right even though you think you've enabled them in your other firewall... Such like that.
     
  3. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Hi - This firewall software blocks only INCOMING tentacles of evil. If a virus manages to infiltrate your PC by other means [e.g., from an attachment that you opened in your email] the Windows firewall does nothing to block outgoing mischief.

    The firewall works by blocking all unsolicited data from the Net. If yhou click Settings you can tell the firewall software to permit certain kinds of incoming, unsolicitied queries - a useful feature if your PC hosts a Web site. Example - the settings button in the Advanced tab, meanwhile, lets you turn on logging, which creates a text file that contains a list of every piece of internet traffic the firewall tried to block. If you are a TCP/IP sleuth, this info. could theoretically be usefull starting point for tracking down hackers foolish enough to take you on.

    If you share one internet connection and have several PCs installed, you would want to turn on the XP firewall option only for the first computer - the one that is connected to the internet. Otherwise, the firewall sofware will prevent your own computers from talking to each other. Similarly, leave the firewall software turned off if your computers are connecterd to a router.

    I personally would not rely solely upon this firewall and would use a software that blocks both incoming and outgoing malice. You can purchase one such as NOD32 or Norton or McAfee to name a few or use a freebie such as ZoneAlarm - there are others as well - these are only a few that come to mind instantly.

    Hope I have been helpful. Cheers.
     
  4. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Ooops, sorry LWM ... we posted at the same time - I did it again!! :'(
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    We have to stop meeting like this. :-*

    :D
     
  6. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hey,Guy's

    I would stop that from running & go with
    a firewall you download now if you are
    going to keep the XP firewall then i would

    download TTT3 or SSM this way you know
    what is running out of the puter am sure
    you will have more post on software to help you

    Good luck :D

    Hi,LWM
     
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    The ICF in XP will block incoming and outgoing plus a few more improvements in SP2. I believe it will have application control also.
     
  8. controler

    controler Guest

    Bring up local area connection
    Under general, highlight internet protocol ( TCP/IP )
    Click Properties
    Click Advanced
    Click Options
    TCP/IP Filtering should be highlighted
    Click Properties
    You will now see an option to enable (TCP/IP Filtering ) ALL Adapters

    Here you can permit ALL or Permit only
    TCP UDP & IP Ports that you specify

    con
     
  9. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    I can't wait to see what it will worth with his new design :)
    An application control within the OS, if rightly done, would be better than an application control component in a software firewall, i really can't wait to see how this future new feature will behave against normal internet access and leaktests, should be quite interesting.

    An interesting review :
    http://www.arstechnica.com/wankerdesk/04q1/sp2-beta-1.html
     
  10. Aggressor

    Aggressor Registered Member

    Joined:
    Nov 21, 2003
    Posts:
    28
    Location:
    here

    Yes, knowing you I readily believe you when U say that :D

    Keep us informed of the results!!


    ps. when is your 'leaktest site' due 4 its next update? (some results are still outdated, such as the OPP issue)

    pss. when testing WinXP SP2 fw, beware of potential "cheats" such as .ini files blocking hidden processes etc... ;)
    Newbies like me can fall for such a trap, but you - this is unforgivable :D
     
  11. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Next update is not known as of now, Joseph.V Morris is still correcting grammar mistakes in my upcoming paper, and i have a lot of things to do in my personal life, when i will have time i will update it.

    About next SP2 firewall, i don't think Microsoft cares of leaktests, i think they will write just a firewall which will handle local applications, and due to his "OS-built-in" nature, i am very interested regarding his strenght, may be we will be surprised, may be not ;)
     
  12. Red_Dwarf

    Red_Dwarf Registered Member

    Joined:
    Feb 10, 2004
    Posts:
    20
    Location:
    Earth last time I looked
    Starting next week folks, I shall be testing the SP2 beta and I shall post results found.

    Have a good weekend

    Red Dwarf
     
  13. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Thanks you for that, i admit to not want to take risks with a BETA SP on my personal comp.
    However, all results you will find could only be a preview, since the SP can have some changes and fixes before his final public release, but it will still be interesting at least to have few ideas of what the SP2 firewall is able to do :)
     
  14. Red_Dwarf

    Red_Dwarf Registered Member

    Joined:
    Feb 10, 2004
    Posts:
    20
    Location:
    Earth last time I looked
    Yeah SP2 is now installed on my test system and with all the debug code of course it is a large installation ladies :-O

    Currently I am tesing it on Home edition and then looking at Pro on Sunday

    Think I should start a new thread for this, where shall I post thread folks?
    Answers on a post card please

    Red Dwarf
     
  15. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Red_Dwarf

    Anything to do with the changes to the firewall can stay here. If you wish to discuss other aspects of the service pack, it would probably go in the Software & Services forum.

    Regards,

    CrazyM
     
Loading...
Thread Status:
Not open for further replies.