Windows XP firewall

Running Win XP Home Edition
How successful is Win XP fire wall at keeping hackers out? Can I rely on this alone to protect my system or should I have an additional firewall. How can I view a log of WinXP fire wall's activities?

 

Can't answer myself, have never seen any specific references to ICF being hacked.

The main reason to have an additional firewall is for outbound protection - if an application wants to access the internet, you would have a say, ICF lets everything out w/o asking. This goes for any "baddie" which may give you an indication that malware is present on your system.

MS SP2 comming soon - will upgrade XP's filewall to have permission/denial capabilities of 3d party firewalls. How effective it will be remains to be seen.

A third party firewall will also, depending on which, enable you to block specific IP addresses and ports.

*How can I view a log of WinXP fire wall's activities?*

ICF does not create an activity log by default. If you want to see a record of what your firewall is doing, follow these steps:

On the Advanced tab of the connection’s properties dialog box, click Settings.

In the Advanced Settings dialog box, click the Security Logging tab

Select the check boxes for the kinds of events you want to log-dropped packets, successful connections, or both.

Specify a file name.

To keep a log from getting too large, specify a maximum file size.
Click OK.

Regards - Charles

 

The ICF, as it is now, is not adequate protection, IMO. There are many good third party firewalls available, and you should not be online without one of them installed and running.

One problem w/ the ICF is the inability to configure it, and the other is its one way attributes. You can pick up a worm or trojan on a live internet connection in seconds, and it will take you hours to clean it up. Prevention is always easier than the cure!

Johanna

 

Hi Johanna,

I agree, I wouldn't be on the internet with just ICF either. However, if by this *You can pick up a worm or trojan on a live internet connection in seconds* with ICF running, that I don't agree with. There is no evidence for this. There is a great deal of evidence for ICF blocking those worm - trojan waves of last year, eg, sasser - blaster.

Regards - Charles

 

Sorry for the confusion, Charles, I meant that you should not be online without a firewall, even if it is only ICF. I personally would not depend on the ICF alone, but there are some that do, and, I suppose, it is better than nothing.

Johanna

 

Thanks for the feedback. I personally am running Zone Alarm.

 

Firewall

Personally, I think Zone Alarm is a pain in the butt. The constant interruptions will drive you mad. I prefer a hardware firewall such as one employed in a router. Since I have installed mine and a couple more on some friend's systems there have been no problems.

 

I'm quite happy with Zone Alarm. I have it set so it's not intrusive after it recognizes the programs I use routinely.

 

Interesting regarding firewalls,
I have NEVER bothered with a 3rd party firewall, but do use the *basic* one included in XP/W2K3. Never had a problem! Perhaps that is not quite the right attitude, but is interesting that I have never had a problem. Admittedly I still use dialup, so when I go to ADSL I may have to rethink? With regular backups and a Ghost image or two, in my case it perhaps is not as critical if I do come unstuck, and my computer is not used for mission critical applications or data. In a business environment or where all your eggs, (or many of them) are in one basket then yes use the enhanced security of an up to date firewall.

I do run AV (AVG 6.0 Free) and update it every other day.

To be quite honest I don't want to know who is sniffing at my connection. There are plenty of other things in this world to make me paranoid without adding another reason.

 

Paul,
Because you are on Dial Up, many "smart" nasties immediately exclude your computer from being "worthy" of an infection. You would feel silly, though, if a Nasty decided to use your comp for nefarious purposes, for example, generating hundreds of infected email messages, or participating in a Denial of Service Attack, and you will be more vulnerable once you upgrade to dsl, so why not get a firewall and get used to it, now? You are only thinking of the safety of your own computer (and you admit there isn't anything you're too worried about losing) rather than thinking about your comp's link in the chain on the internet.

I can set Norton IS to inform me of every internet activity, more important internet activity, or to work silently in the background. Not wanting to be interrupted by "Alerts" as Raccoon Dad stated, is not a reason for not using a firewall, just means the firewall information needs reset to the user's wishes.

Johanna

 

Johanna - as to the 'one way' firewall (blocks inbound only), I notice you don't like them much and that's fine.

But having a firewall tracking outbound traffic, while nice for your privacy since you can see what on your system is trying to 'call home' without your permission, will only let you know you've been infected after the fact. Anything trying to call out is already inside and on your system. I can't think of any way it safeguards you against getting infected in the first place.

Granted, the present ICF is pretty basic and you can't configure it to any great extent. But if it has a port closed, nothing is getting in thru that port unless a baddie already on your system sneaks it open.

 

I agree with Newt's basic point. Once, out of curiousity, I shut down Sygate and with ICF alone went to various firewall testing sites, GRC - PCFlank - and others (I have bunch of them and all my ports were not only closed, but they were stealted.

However, I would still like to know if malware, which mostly comes thru the Browser, made it thru those defenses, and I would like to have control over what legit apps/processes can call out. So I do run a 3rd party firewall for those reasons.

Regards - Charles

EDIT: I strongly agree w/Johanna about clueless users that allow themselves to get infected and then visit their ignorance on the rest of us, by either infecting others or being hapless participants in DDOS attacks.

 

Wow, the mix of opinions presented certainly does mirror the current state of safe computing in the MS world!

I'll throw in my own thoughts, please remember they are just opinions:

Hardware firewalls (the common kind you pick up at the local store) are usually simple NAT router-boxes, most don't do a true "stateful packet inspection" or any other kind of network hardening.

Software firewalls are either too simple (XP built-in) or too confusing for an inexperienced user (Zone Alarm, though it's not too bad once you know a little bit about how it works), or potentially buggy (ZoneAlarm, again, after it's ownership changed hands recently).

Both have strengths. The benefits outweigh the negatives. The freeware version of ZoneAlarm can be a true godsend to broadband users, especially those who use AOL or CompuServe (which open a tunnel through NAT routers!)

Since I use AOL for it's Parental Controls, and therefore log in to view the reports of what my kids are doing, I use ZoneAlarm. I might not use ZoneAlarm at all but for that one security hole AOL introduces, as I have a simple NAT box as described above (Linksys WRT54G with Sveasoft firmware).

I think Eleanor316 made the right choice.

 

and he is right- the outgoing firewall does very little but alert you that you already HAVE a problem, especially if you were depending on the ICF ONLY. No firewall can be "perfect ", and someone has to catch the "nasty" before the major companies can even respond with prevention and removal tools. And, AFAIK, the XP ICF doesn't update automatically to adjust to changing security situations. But, with the exception of the ICF, the major security software vendors incorporate regular updates that block INCOMING traffic just as well, if not better than, the ICF, thereby lessening the chances for an infection in the first place. So, IMHO, I think a two way firewall will at least contain a problem, and confine it to the affected (infected) machine. Maybe my security policy is too strict for some users, but I spend a lot of time cleaning up other people's messes, and I don't want one on my own machine.

Johanna

 

Johanna,
Precisely one of the reasons I don't operate an address book on my PC's. That way email addresses can't be hijacked from me. Don't worry I think of other users everytime I send something across the internet. I just have never had any problems other than infected attachments sent to me and detected by AV. They're from unknown nasties so I wouldn't open them anyway.

With ADSL I'll look at better options.

I'm also not convinced that the newer XP firewall will be a lame duck as so many people automatically presume. Of course that will partially depend on whether MS provide occasional updates for it. I haven't heard ya or nay regarding that yet? I'd like to think that they will take it a little more seriously now. Of course there is the other problem of 3rd party firewall vendors accusing MS of stepping on there territory as well. Oh dear!

 

First of all, I use Zone Alarm. I use it pretty much for all the reasons Johanna stated. That said, I have to agree with Newt (I think anyway). There's nothing wrong with XP's ICF. It does what it's supposed to. As Newt said, a third party firewall will alert you to the fact that you've got some sort of software wanting to get out but it did little to prevent it in the first place. For those things that can infect your puter simply by coming to the door and saying let me in, ICF is more than capable of keeping them out. Anybody ever heard of the Blaster worm????? If ICF is enabled without any other firewall running it's not going to get in. Most of the stuff that gets in can be prevented, either by the firewall or just plain old common sense. When your promted to install the xyz gadget to improve your internet speed or whatever, simply say no. I've been on the internet for a bunch of years and have never had a problem. Even before the days of firewalls. Sooner or later I may get bitten but my point is, use some common sense.

I would agree that a third party firewall is a better thing but this is only because of the outbound connection monitoring. I would never begin to call XP's ICF a lame duck. As I said, it does what it's supposed to do.

As for MS having updates for it now and then, I would imagine if somebody found a hole in it and it became known, there would be a patch waiting at windows update. After all, MS patches all of the other holes that are found in the OS; what makes anybody think they wouldn't fix a hole in ICF if it became known? The fact that there hasn't been any updates for ICF would seem to indicate to me that MS did a pretty good job with it and that it's still doing just what it's supposed to do.

Having said all of this, once again, in the end I have to say that I would agree that the third party firewall is the better way to go just in case (because of outgoing connections) but it's not going to keep you from getting spyware, etc. or any other nasty bug that XP's ICF won't prevent. For those types of things, it takes a bit of user common sense.

 

I'll be sure to let you all know if I do get bitten. Then you can say "told you so" But like you Zander, I use a fair bit of common sense and I'm very impressed with AVG 6.0 free. It alerted me to 4 spam emails with "virus found" just a while ago, not to mention Spybot and Ad-aware doing there work keeping/clearing out uninvited junk.

Regarding ICF, good to hear some positive remarks about it.

 

I myself do not run a software firewall. Not even XPs.

I do have a Linksys BEFSR41 Router. I have tried using the testing program from my ISP. ( I am on cable ). The test will not work because they can not even find my machine. It says so very clearly.

When we play Golf on Tuesday evening I can not act as Host because the software in Canada can not find me. He has to be Host. Now I know that I could be the Host IF I would take the time to open up certain ports. ( in other words by-pass the Router. )

Now unless I am thinking 100% wrong ( which is possible ) ANYTHING that gets into one of my machines has to come in via something that I have let out one way or another. And even the best of Firewalls will not stop that.

BillyBob

 

Why wouldn't it if the firewall can identify what is trying to get out? That's the rationale for two way firewalls.

Regards - Charles

 

Let me say this.

I believe you are missing the point.

Even if I had a software firewall to identify and HELP to control what goes out and I tell the Firewall to allow it ( such as one of the worst things, E-MAIL ) I have opened a path for something to get back in if it is included in an E-Mail.

Please note the " charlesvar." is used below for help in clarity only.

If I were running a Firewall and I go to a Web Site and a Firewall message comes up saying " charlesvar wants to connect to your machine " Or something on here wants to connect to "charlesvar" . and I say YES, then I AS THE USER have given " charlesvar " permission to enter my machine. Or my machine to connect to " charlesvar." In other words I have given " charlesvar " the keys to get in my front door. And any time I go back to that site it WILL NOT ( or may not anyway ) ask me again.

So if I grant permission ( open or leave the door unlocked ) and something/somebody gets in it IS NOT the software or the doors' fault.

The Firewall is only as good as the USER sets/uses it.

And unless I am wrong in my thinking My Router is an excellent ( if not better in my case ) replacement for XPs' Firewall. As far as incoming anyway. XPs' Firewall would only protect this machine. The Router HELPS to protect all three machines.

Also the Router keeps the WWW ( Wide Area Network ) and the LAN ( Local Area Network ) separated. I know this to be a fact cause I can pull the cable from the Modem ( or the ISP goes down ) and still play games between machines.

Now !. I know that it would be safer for me to be running a software firewall. and I was doing so awhlie back. But it was also driving us nuts over the LAN. We had everything set up and it was working fine until I made some changes on here and it was back to square one. So I just have not put it back in service.

Also there was a problem ( even during a game ) when we would be playing Golf. It kept asking for permission ( even though we were already connected ). But I suspect that that was caused by a momentary glitch in the IPS. So I would shut the Firewall down before connecting.

BillyBob