If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
What is the trick to get Windows XP firewall to stay on (after
"Colin Barnhorst" wrote: I use the SP2 firewall. "Alessandro Crugnola" wrote in message ... On Mon, 03 Jan 2005 00:39:55 GMT, Rick Wintjen wrote: Windows Security Expert wrote: On Sun, 02 Jan 2005 23:28:14 GMT, (Charlie Hauper) wrote: In article .com, "Orak Listalavostok" wrote: QUESTION: What is the trick to get Windows XP firewall to stay on? Every time I boot it says my firewall isn't on (even though I use Sygate). So I turn the Windows firewall on every time manually. I don't think anyone on this ng uses the windows xp firewall. Most (if not all) of us use that "other" firewall program. The one that actually works. Everyone knows that anything from Microsoft is pure garbage. The windows xp firewall can't even start up upon reboot. It's just another (RDB) really dumb program by Microsoft. The windows firewall is a joke. Besides not blocking anything, it won't even start up gracefully. You're the idiot for using Microsoft products in the first place. What did you expect from Microsoft anyway? Our Computer Club with 18 systems running WinXP Home SP2 with Windows Firwall turned on. I have two networked with WinXP Pro SPe with Windows Firewall turned on. It's too bad you bash a product because you don't know how to use it. |
Ads |
#2
|
|||
|
|||
What is the trick to get Windows XP firewall to stay on (after
From "Top 10 Reasons to Deploy Windows XP Service Pack 2"
(http://www.microsoft.com/technet/pro...in/sp2top.mspx): The new Windows Firewall is on by default and enabled even before the network starts up, as Windows XP SP2 boots. With that said, there are still some reasons you might want a more full-featured firewall – almost no outbound traffic checking is performed, and all machines on the local subnet are trusted, but if you know anything about firewalls "Alessandro Crugnola" wrote: On Mon, 03 Jan 2005 00:39:55 GMT, Rick Wintjen wrote: Windows Security Expert wrote: On Sun, 02 Jan 2005 23:28:14 GMT, (Charlie Hauper) wrote: In article .com, "Orak Listalavostok" wrote: QUESTION: What is the trick to get Windows XP firewall to stay on? Every time I boot it says my firewall isn't on (even though I use Sygate). So I turn the Windows firewall on every time manually. I don't think anyone on this ng uses the windows xp firewall. Most (if not all) of us use that "other" firewall program. The one that actually works. Everyone knows that anything from Microsoft is pure garbage. The windows xp firewall can't even start up upon reboot. It's just another (RDB) really dumb program by Microsoft. The windows firewall is a joke. Besides not blocking anything, it won't even start up gracefully. You're the idiot for using Microsoft products in the first place. What did you expect from Microsoft anyway? |
#3
|
|||
|
|||
What is the trick to get Windows XP firewall to stay on (after
In your example, you refer to an FTP server and an XP machine. If you
initiate an FTP connection from XP to the server, the connection is allowed whether the box is checked or not and you will in fact receive data from the server. This inbound traffic was solicited. By checking the box, would be able to initiate an FTP connection to the XP box. Of course this would be of limited use if you were not running an FTP server on the XP box. The Firewall control panel is explicit in saying that exceptions are allowing inbound connections. This firewall is not designed to block outbound connections. I would refer you to the link I mentioned below (http://www.microsoft.com/technet/pro...in/sp2top.mspx) where it is clearly stated that almost no outbound checking is done. In Summary: I would recommend that you understand the technology you are using and "testing" before making wild assertions. No one is claiming that this is a complete solution, but should be used as another layer of protection *if* desired. Otherwise, feel free to add a product like ZoneAlarm to your arsenal. But make sure you understand how it works and what protection it affords you. "Triffid" wrote: Lars M. Hansen wrote: On Mon, 03 Jan 2005 15:31:58 -0500, Triffid spoketh I understand how FTP works. I mentioned it only as an easily reproduceable example. My issue with Windows Firewall is the fact it pops up claiming to have blocked something, when in reality it has not - clearly misleading behavior. Please provide examples of unsolicited traffic that the Windows firewall claims to have blocked but which in fact it has not. I fail to see the relevance of solicited vs. unsolicited traffic to the issue I raised. The firewall permits inbound FTP data connections by default, but does not display an exception for FTP by default, i.e. there is at least one invisible "permit" rule built in. The firewall raises a Windows Security Alert when traffic is permitted by the invisible rule. The Alert says "Windows Firewall has blocked this program from accepting connections...", which is misleading because it has in fact permitted the connection - apparently by design. The responses to my post suggest people here don't consider this behavior problematic, but it makes me distrust the software - so I dug a little deeper to see if my unease is justified. Turns out it is. I clicked "Unblock" on the Alert window, which added a visible exception for the Windows FTP client with unlimited scope. This is reasonable behavior, although it would be nice if the user were prompted for scope given that the FTP data connection which raised the alert was from a server on the local subnet. FTP continues to function after adding the exception, the exception merely stops the spurious alerts (as expected) Next I constrained the FTP exception's scope to "Custom list" and specified a single RFC1918 IP address which is *not* on my local subnet, i.e. I configured the firewall to permit FTP data connections from one unreachable IP address *only*. Guess what? Active mode FTP still works to all servers, regardless of their IP address. I then changed the scope to "My network (subnet) only". Same result, i.e. restricting scope has no effect. In summary: - Windows Firewall has a default exception for FTP, with unlimited scope, but it is not shown on the default exception list. - Windows Firewall raises spurious FTP alerts unless a visible FTP exception is added. - Changes to the FTP exception scope have no effect. Scope is unlimited regardless of configured scope. Microsoft has already released a patch to fix exception scope on dialup connections. Given the above, one wonders how many more invisible exceptions and broken scope restrictions remain to be discovered. Triffid |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
What is the trick to get Windows XP firewall to stay on (after a reboot)? | Orak Listalavostok | Networking and the Internet with Windows XP | 11 | January 6th 05 12:47 AM |
Transparent or hidden windows | lmk34 | Windows XP Help and Support | 1 | December 27th 04 03:01 AM |
Marshaling Window...I think | Jason Butler | Windows XP Help and Support | 1 | December 8th 04 11:39 PM |
HELP!! - Can I reload Windows XP??? | SuZ | New Users to Windows XP | 5 | November 3rd 04 06:35 PM |
how tot print my favorites on one page? | Bern Holvoet | General XP issues or comments | 5 | September 22nd 04 10:01 PM |