XP Firewall question

I ran the online Symantec security check and it tells me I have a hacker vulnerability in two areas (below) that would be cured with a firewall. (It says I’m safe in all other ways) I'm using the built in Windows XP firewall and I've checked that IS turned on, with exceptions only for the AOL IM, the Crazy Browser, CallWave and remote assistance. (I'm updated with Service Pack 2) Excerpt from the Symantec report below.
...............................
An open port responds to port probes and acknowledges the port's availability. Open ports are dangerous because they're an easy and attractive means of entry for hackers.

ICMP Ping Ping. Ping is a network troubleshooting utility. It asks your computer to acknowledge its existence. If your computer responds positively to a ping, hackers are more likely to target your computer.

21 FTP (File Transfer Protocol). FTP is used to transfer files between your computer and other computers. Port 21 should be open only if you're running an FTP server.
..............................
Whatever that even MEANS… I have Symantec’s Norton personal firewall as part of their Internet Security package, but it gave me SO much trouble when I had it on my previous old computer that I didn't install it, but only installed only the AV on this new computer. I’m sure it was only operator error, but the thing is so durn complex! And it’s WAY compounded when you have accounts for four different family members on one computer! Sheesh!

Thanks.

Ed

 

Ed M--It sounds like Windows Firewall is doing what it is capable of doing. That is monitoring incoming traffic. What it is not doing (because it does not have the capability) is monitor outgoing traffic. That is why Symantec is (correctly) telling you you have outgoing traffic vulnerabilities. And of course they are trying to convince you to use their product. But if you were not comfortable configuring NIS to allow the specific outgoing needs you mention, then probably best to just to continue using Windows Firewall.

 

Thanks, Jim. How does the free Sygate firewall (http://www.sygate.com/products/sygate-personal-firewall-pro.htm ) compare with the XP firewall? Or the NIS firwall for that matter?

Also, should I consider myself fairly safe with the XP firewall, regardless that there are a couple of holes? Thanks.

Ed

 

Hello Ed,

The 3rd party firewalls that you mention have outbound process blocking. That's the biggest difference. Sygate combines application blocking with advanced rule making ability. Not familiar with NIS.

Also, should I consider myself fairly safe with the XP firewall, regardless that there are a couple of holes?

As far as inbound blocking, IMO, XP's WF is as good as any commercial firewall and would consider myself safe in that regard.

Regards - Charles

 

You could try running multiple firewalls. In my experience, ZoneAlarm (free version) works & plays well w/both the pre & post sp2 Windows Firewalls. (I'm actually running 3 software firewalls, & have a friend who's running 5 w/out conflict!) I formerly used Sygate's "NetDefense" along w/ZA & Windows, but eventually ran into a problem. Since I've never seen any conflict between ZA & the Windows Firewall(s), I'ld suggest you try ZoneAlarm - it's user friendly & works very well @ controlling both incoming & outgoing traffic (highly recommended).

 

Hello -User-,

I do that with Sygate, every time I mention that, I get the predictable reponses

You're right about ZA and ICF at least, haven't tried with WF.

Regards - Charles

 

When I first installed SP2 I was running a version of ZA that the security center couldn't see. As a result, it turned on windows firewall (as it should). I got no notification of this and never thought about it so for several days I was running both without realizing it. Windows never missed a beat. The two seemed to get along just fine. Once I realized windows firewall was running I turned it off. Seems to me that it's kind of redundant to have both it and ZA running. So.....

 

The thing is that sometimes 1 firewall will catch what another misses! (& if they are compatible, what's the harm?)

 

Hi -user-,

The thing is that sometimes 1 firewall will catch what another misses!

That's going too far and there is no evidence for that. What does happen, ICF or WF front ends Sygate or ZA making them "quieter ". Unless advanced rules were added to either Sygate or ZAP (pro), that's about all that happens.

Regards - Charles

 

In my experience, I've found that ZA (for instance) will notice things that ICF/WF lets slide, & I have the WF partially blocking some programs while still maintaining their full functionality (RealPlayer, Winamp, & my AV eMail Server, for example), something that isn't possible w/ZA(free) or my 3rd FW.
In any case, like I said, "What's the harm? "

 

There is no harm. But everything you have running uses ram and taxes the system more. Why have more than one straining the system when it's not necessary. A firewall isn't like an antivirus program. Any packets sent to you that weren't asked for get thrown away. Simple as that. All firewalls do the same thing. Some may block outgoing traffic while others don't but they all block incoming traffic. Traffic coming into your computer isn't the same as a virus. There's only two types of incoming traffic. Traffic you asked for and traffic you didn't and all firewalls know the difference.