Should I also use Winows XP firewall when using McAfee firewall?

I currently have a firewall enabled through McAfee. Is there any reason to use the WindowsXp built in firewall as a second source?. If I use it do I only need to check the box?

 

I see no reason to use the built in firewall with another one running. It's an incoming only firewall anyway. Yes, checking or unchecking is all that's needed to enable/disable.

 

The XP SP2 release will have a vastly improved firewall and one of the main new features I like about it is the fact that it will try to detect 3rd party firewalls and if one is found, will suggest using the 3rd party app and not enabling the XP firewall.

 

Doesn't that just gladden your heart? Software that admits defeat!

Not a good idea to run two firewalls. Apart from the unnecessary load, they can conflict and produce unpredictable results, for example one blocking a packet and the other simultaneously releasing it to Windows. It'll depend which order they get to the packet as to what happens to it.

 

I'd almost agree with you Arie - better than SOME third-party firewalls. I couldn't resist the little joke. In fact I've often advised XP users to enable the XP firewall, whether new or old version, until they can get something better. Even the old version would likely protect against 99% of intrusions. After all, what we're really trying to protect ourselves against is virus and trojan attack. Chances of a home user getting hacked by a human agent rather than a very clever bit of software is pretty slim.

I'd even argue that for non-technical home users, a simple firewall is actually better protection than a "good" one that's difficult to set up, where the user is forced to seriously reduce protection so they can use their PCs online. Clearly what MS intended for XP is just that, a simple but effective firewall.

A (half) decent firewall, and a GOOD antivirus is sufficient for most home users, even on broadband. Naughty hackers aren't much interested in we mere home users, they're after bigger corporate fry. A simple home firewall won't protect against a DOS attack that crashes Windows, but I don't consider that a security exposure, just a gross inconvenience.

At the other extreme, it seems to me that a lot of security "freaks" are out to protect their PC's from any kind of intrusion or attack at ANY cost. So much so I doubt they use their PC's for anything else, in which case, just what are they protecting?

 

Arie do you know when will SP2 be available?

 

In a similar vein, eTrust's excellent EZ antivirus usually gets a low overall rating in 'net and paper magazine reviews, because although it gets top ratings for other features, it doesn't scan outbound emails.

EXCUSE ME??? (to quote your golden prose) - it scanned the things on the way IN, didn't it?

Many people seem to think their firewall & antivirus will protect them fully, so they happily carry on blindly clicking links on iffy websites, download and run everything they can lay their hands on, and open attachments on unsolicited email. Do they cross the road without looking both ways as well?

 

Well Ladies and Gentlemen, there is the rub. How much protection is enough? How confusing can it be?

I bought and paid for Zone Alarm Pro. It caused me so many problems with configuration and settings. Then ask me if I want so and so MSFT windows application to access the web. Well, I just did not know the answers. And when I said no, trying for an inpenetrable machine, some function of Windows was disabled. So then I got to go into Zone Alarm and figure out which setting with the red x I needed to enable to get Windows to work.

It also gave me fits trying to keep my home network working, so I ended up uninstalling it.

I went back to the free version, similar problems, uninstalled it.

Installed Kerio Personal Firerwall and also had similar problems. Uninstalled it.

Maybe I'm just a *******, but I put a lot of time and effort into trying to understand what needed access and what did not and finally just gave up.

So, now, running behind my DSL router and Windows firewall plus Norton AV with script blocking enabled.

I might add, with Zone Alarm and Norton both running, AV up to date, no attachments opened, still got Blaster Worm. So all that so called protection did not help anyway.

And after reading this post I am about to diable outbound scanning by Norton, if it don't catch it coming in, well.........

Martin

 

I set up my home network last year, when I installed DSL broadband, and chose Sygate Personal Firewall for 'net protection. It took weeks to get Sygate "tuned" to both block unwanted incoming/outgoing, and allow normal traffic to/from network clients. I had to research 'net protocols, TCP port usage, Windows services, and log normal network traffic, settiing up 16 advanced rules in the process. I learned a great deal in those first few weeks.

I'm as well protected as I'm ever likely to be, though I'm aware there are (necessarily) "holes" in my setup. Am I worried? No, I'm not. If I wanted to be fully protected, I'd have to unplug the DSL modem and give up surfing completely.

Please don't anyone say "you need a good router with a firewall ". I've seen too many posts from people using such kit struggling to open ports for FTP etc., or conversely close ports to plug "holes" revealed by tests on port-scanning websites.

"Hardware firewalls are much better than software firewalls" - are they? While there are some advantages, I'd remind anyone who thinks that hardware firewalls are infallible, that they still use software (firmware) to control them. Who wrote this software? Some superior being? Nope, just some lowly human like you or I, and who, like you or I, unwittingly introduces bugs into every piece of software he writes.

 

Hi Rambler: Hey, I'm not lazy, as I said, I put a lot of time and effort into configurations and settings with the firewalls I tried to use, and got nothing but frustration and the Blaster Worm.

And, I think I may be a small step above the average user, having built 5 machines from scratch myself, installed 4 different versions of Windows, have three home networked machines currently, one running dual boot. This machine is running happily with 8 drives installed, 5 HDDs and 3 optical. So I'm not some ignoramus as far as computers are concerned.

I have had an above average (just seach my posts) number of configuration problems with Windows and networking, crashes and BSODs, always have stuck it out and with the help of this board, been able to overcome them all.

I had forgotten when I wrote my last post that I had purchased Sygate Personal Firewall and their networking manager. I would be happy to send you the two page email from their tech support explaining how to get it to work on this machine when it refused to to do so after it was installed. They suggested the uninstall/ reinstall cure, plus a considerable number of registry hacks in between, a task which I was unwilling to undertake.

When I had Zone Alarm running over several months, behind the DSL router, it never once logged an intrusion attempt. It did fail to stop the Blaster Worm as did Norton AV.

One of the 5 HDDs installed on this machine is a dedicated drive that holds nothing but an automated, twice a week, middle of the night, up- to-date complete system backup.

I find it expediant and more reliable to do regularly scheduled drive images. If this machine gets infected with anything, I will overwrite it just like I did with the Blaster worm.

I'm happy for you that you were able to get your firewall working flawlessly, something I was unable to do.

Martin

 

I didn't say you were. Where did you get that idea?

I'm happy with Sygate firewall, I can do all I want with it, and think it's an excellent piece of software. I can't say the same for their Home Network. I failed dismally to get it to work, and settled for ICS instead. That gave me some new problems, as with ICS, the firewall sees network traffic as coming from several Windows services.

I assume ZoneAlarm isn't reporting any blocked intrusions because your DSL router has a built-in firewall, and is forwarding ports?

That's some machine you've got there - with all that hardware installed, the PSU must be pretty beefy! Do you have a 1-inch thick mains cable and a 3-phase wallsocket maybe?

I gave up reinstalling O/S years ago. Installing, yes - but I figure I'd rather try to debug any problems and learn in the process. My first O/S after Windows 3.11 was NT4 back in '96 - a REAL O/S, not just a GUI for DOS. That involved a rather steep learning curve, I can tell you!

 

I gave up reinstalling O/S years ago. Installing, yes - but I figure I'd rather try to debug any problems and learn in the process.

ROF - rambler, you should read some of the hoops martinr121 has jumped thru to rehab an XP system that I would have given up on long ago.

On the firewall front, I'm really looking forward to folks getting the SP2 firewall release installed. Easy to allow an application to use ports it needs but closes the ports when the app isn't running. Easy to tell it what other PCs you might have on a SOHO LAN and allow them to talk.

After playing with the RC1 version for a while now, I am almost positive I will go with it and do away with a 3rd party one that has more 'features'.

 

Hey Newt, thanks, sounds like really good news. A firewall you don't need a software engineering degree to get it to work would be a real blessing.

Martin

 

I installed a couple of different firewalls 2 years ago and took them right back out after seeing it would take me days to figure them out. I installed eTrust EZ Armor a while back which uses a version of Zone Alarm and it was very easy to set up and configure. I have not had one problem with networked PC's, accessing what I want to or anything, and I still don't know much more about setting up a firewall than I did before. And I can see by the logs that it is doing what it's supposed to.

 

I've read martinr121's posts, newt, and have to admit I'd have given up on it too. Perhaps I should have said "I gave up routinely reinstalling O/S years ago ". I have an old but trusted W95 setup on my original PC that was installed in 1996 believe it or not.

I must say I'm impressed with the eTrust package of ZoneAlarm clone and antivirus. I've installed it on my W98SE dual-boot with minimal configuration and tested the firewall. Passed a few online firewall tests with flying colours. I've installed it on a friend's PC - she was running Norton Internet Security on 98SE. NIS/NAV had more tasks than XP has services (or so it seemed!), and consumed a massive 48Mb RAM, and nearly 200Mb disk space. eTrust occupies 22Mb space, uses about 12Mb RAM, and has knocked 2 mins off her bootup time.

A basic W98 install can take around the same space as NIS - what on earth does it need that amount of code for? More code=more bugs in my experience. Small (and simple) is beautiful.

 

Simple: it needs all that code for registry entries that you spend hours getting rid of if you ever uninstall it.

Martin