how good is the XP firewall

I've happily been running Zone Alarm as the firewall, Grisoft's AVG as my
virus scanner, Ad-Aware and Spy-Bot for other nasties on my Win ME setup.

The last three presumably should be installed on a new XP machine? But does
the XP SP2 firewall do as good a job as Zone-Alarm? Quite a few articles
suggest that Microsoft offer 'cut-down' versions of 3rd party apps of this
nature. If one has something like Partition Magic, is it preferable to use
it?

RoS

RoS wrote:

nature. If one has something like Partition Magic, is it preferable to use
it?

You dont need partition magic to setup XP computers or add new hard
drives.







--
http://www.bootdisk.com/

Hi,
The XP firewall only monitors/blocks incoming traffic. It's certainly *much*
better than no firewall, but it can be useful to monitor/control outgoing
traffic. It's nice to know which programs are "phoning home."

Don
[MS MVP- IE/OE]

"RoS" kermitbaby[at]bigpond.com wrote in message
...

does the XP SP2 firewall do as good a job as Zone-Alarm?

In ,
RoS respectfully replied ;-)
I've happily been running Zone Alarm as the firewall, Grisoft's AVG
as my virus scanner, Ad-Aware and Spy-Bot for other nasties on my Win
ME setup.

The last three presumably should be installed on a new XP machine?
But does the XP SP2 firewall do as good a job as Zone-Alarm? Quite a
few articles suggest that Microsoft offer 'cut-down' versions of 3rd
party apps of this nature. If one has something like Partition
Magic, is it preferable to use it?

RoS

XP firewall is intended to protect users from exploits that exist with the
initial internet connection after setup and users that do not want to
purchase, or have not purchased a third party firewall. As with all non-OS
additions included with Windows XP or any previous Windows, they are basic
applications that have the limitations a basic application would have. The
XP firewall blocks incoming traffic only.
--
Michael Stevens MS-MVP XP

http://www.michaelstevenstech.com
For a better newsgroup experience. Setup a newsreader.
http://www.michaelstevenstech.com/ou...snewreader.htm

"RoS" wrote in message
...
I've happily been running Zone Alarm as the firewall, Grisoft's AVG as my
virus scanner, Ad-Aware and Spy-Bot for other nasties on my Win ME setup.

The last three presumably should be installed on a new XP machine? But
does
the XP SP2 firewall do as good a job as Zone-Alarm? Quite a few articles
suggest that Microsoft offer 'cut-down' versions of 3rd party apps of
this
nature. If one has something like Partition Magic, is it preferable to
use
it?

RoS



As has been pointed out the XP firewall can block incoming traffic only. It
does so by only allowing incoming traffic that has been initiated by your PC
which means if you get a Trojan, keyboard logger or other mass mail virus on
your PC the XP firewall will not stop them from turning your PC into a
zombie and sending out loads of spam, info etc. So saying, I am running the
XP firewall and Zone Alarm together without any conflicts although I
probably don't need the XP one any more.

Rob

The XP Firewall may have one advantage to other 3rd Party firewall
programs. During XP's boot up there is a "Small" time during Network
initialization that the PC is exposed.

Excerpt from a MS Document on XP Firewall
In earlier versions of Windows, there was a small window of time between
the network starting and the firewall becoming active, leaving your
computer
vulnerable for that brief period time.In Service Pack 2, during startup
and
shutdown, the firewall driver uses a rule called a boot-time filter to
help prevent
attacks during those brief periods. Once Windows Firewall is up and
running,
it loads your custom firewall settings and removes the boot-time filters.
This makes your computer less vulnerable to attacks during startup and
shutdown
operations.

I've never checked to see if Zone Alarm and other 3rd party firewalls
have provisions to protect the system during these times, but it would
be worth knowing.


"Canopus" wrote in message
...

"RoS" wrote in message
...
I've happily been running Zone Alarm as the firewall, Grisoft's AVG as my
virus scanner, Ad-Aware and Spy-Bot for other nasties on my Win ME setup.

The last three presumably should be installed on a new XP machine? But
does
the XP SP2 firewall do as good a job as Zone-Alarm? Quite a few articles
suggest that Microsoft offer 'cut-down' versions of 3rd party apps of
this
nature. If one has something like Partition Magic, is it preferable to
use
it?

RoS



As has been pointed out the XP firewall can block incoming traffic only.
It
does so by only allowing incoming traffic that has been initiated by your
PC
which means if you get a Trojan, keyboard logger or other mass mail virus
on
your PC the XP firewall will not stop them from turning your PC into a
zombie and sending out loads of spam, info etc. So saying, I am running
the
XP firewall and Zone Alarm together without any conflicts although I
probably don't need the XP one any more.

Rob

In message "Canopus"
wrote:

As has been pointed out the XP firewall can block incoming traffic only. It
does so by only allowing incoming traffic that has been initiated by your PC
which means if you get a Trojan, keyboard logger or other mass mail virus on
your PC the XP firewall will not stop them from turning your PC into a
zombie and sending out loads of spam, info etc. So saying, I am running the
XP firewall and Zone Alarm together without any conflicts although I
probably don't need the XP one any more.

It's worth noting that if you are running XP using an administrator
account, any malware you install on your system can bypass your firewall
to connect out anyway.


--
They call it "PMS" because "Mad Cow Disease" was already taken

"DevilsPGD" wrote in message
reenews.net
In message "Canopus"
wrote:

As has been pointed out the XP firewall can block incoming traffic only.
It
does so by only allowing incoming traffic that has been initiated by your
PC
which means if you get a Trojan, keyboard logger or other mass mail virus
on
your PC the XP firewall will not stop them from turning your PC into a
zombie and sending out loads of spam, info etc. So saying, I am running
the
XP firewall and Zone Alarm together without any conflicts although I
probably don't need the XP one any more.

It's worth noting that if you are running XP using an administrator
account, any malware you install on your system can bypass your firewall
to connect out anyway.

No matter what the firewall.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/sec...t/default.aspx
http://defendingyourmachine.blogspot.com/

"RoS" wrote:

The last three presumably should be installed on a new XP machine? But does
the XP SP2 firewall do as good a job as Zone-Alarm? Quite a few articles
suggest that Microsoft offer 'cut-down' versions of 3rd party apps of this
nature.

In my opinion, based on extensive personal experience as well as regularly
reading firewall-related posts on these newsgroups, is that the Windows
firewall is better than third party firewalls -- better from the standpoint
of overall performance, reliability, and even security. If you feel like you
need to depend on a third party firewall to prevent crudware already on your
machine from phoning home, then you already don't know what you really need
to know about security in the first place. Knowledge is power. Learn what
crudware actually is, how some POS attempts to install it on your machine,
and how to avoid downloading and installing crudware in the first place, and
then implement what you have learned. One of the things you'll learn is that
all you need is an up-to-date Windows XP system with SP2 set to default
settings, any good standalone antivirus program, and a good antispyware
program that runs in real time (I use Microsoft Antispyware -- it's the best
one of many that I have tried).

Think of it this way. If your computer is already secure enough, installing
a third party firewall is redundant and unnecessary -- it would be like
adding a few more burglar alarms to Fort Knox. If it is insecure, installing
a third party firewall will, at best, help you minimize any resulting damage.
You are, therefore, much better off devoting your time, energy, and money to
making your system secure than making an insecure system slightly less
insecure.

Even more generally, a good rule of thumb about XP is that the less you mess
with how it was designed to run, the better it will operate. It is currently
designed to run with the Windows firewall, working in conjunction with an
antivirus program that the user must install separately. It is a good
design. Don't mess with it.

Ken

R. McCarty wrote:

The XP Firewall may have one advantage to other 3rd Party firewall
programs. During XP's boot up there is a "Small" time during Network
initialization that the PC is exposed.

Excerpt from a MS Document on XP Firewall
In earlier versions of Windows, there was a small window of time between
the network starting and the firewall becoming active, leaving your
computer
vulnerable for that brief period time.In Service Pack 2, during startup
and
shutdown, the firewall driver uses a rule called a boot-time filter to
help prevent
attacks during those brief periods. Once Windows Firewall is up and
running,
it loads your custom firewall settings and removes the boot-time filters.
This makes your computer less vulnerable to attacks during startup and
shutdown
operations.

I've never checked to see if Zone Alarm and other 3rd party firewalls
have provisions to protect the system during these times, but it would
be worth knowing.



The Sygate firewall has a setting to block all traffic when the firewall
service is not loaded including during shutdown and boot up.

Thanks Rock, I'll have to check with Zone Alarm's forum and see if
the same protection exists in their product.

"Rock" wrote in message
...
R. McCarty wrote:

The XP Firewall may have one advantage to other 3rd Party firewall
programs. During XP's boot up there is a "Small" time during Network
initialization that the PC is exposed.

Excerpt from a MS Document on XP Firewall
In earlier versions of Windows, there was a small window of time
between
the network starting and the firewall becoming active, leaving your
computer
vulnerable for that brief period time.In Service Pack 2, during
startup and
shutdown, the firewall driver uses a rule called a boot-time filter to
help prevent
attacks during those brief periods. Once Windows Firewall is up and
running,
it loads your custom firewall settings and removes the boot-time
filters.
This makes your computer less vulnerable to attacks during startup and
shutdown
operations.

I've never checked to see if Zone Alarm and other 3rd party firewalls
have provisions to protect the system during these times, but it would
be worth knowing.



The Sygate firewall has a setting to block all traffic when the firewall
service is not loaded including during shutdown and boot up.

In ,
Ken Gardner typed:


In my opinion, based on extensive personal experience as well
as
regularly reading firewall-related posts on these newsgroups,
is that
the Windows firewall is better than third party firewalls --
better
from the standpoint of overall performance, reliability, and
even
security.


You certainly have a right to that opinion, but I wanted to point
out that most of us here disagree with you completely.

Not only that, but Microsoft also disagrees with you. Read
http://www.microsoft.com/athome/secu.../firewall.mspx
which includes the following:

"Q. Should I use a non-Microsoft personal firewall instead
of the built-in Internet Connection Firewall?
A. If you already have a non-Microsoft firewall on your
computer, you should continue to use it. If you do not have a
firewall, then you have a choice. If you want a simple firewall
that is very easy to configure, then you should use the Windows
XP Internet Connection Firewall. If you want more advanced
control over the traffic that passes through your computer and
you also want to block outgoing traffic (that is the traffic from
your computer out to the Internet) then choose a personal
firewall from another company."




Think of it this way. If your computer is already secure
enough,
installing a third party firewall is redundant and unnecessary


Yes, but what does "secure enough" mean? The problem is that you
never really know. I have a lock on my front door, and no burglar
has ever broken in. Does that mean I am "secure enough"? How do I
know that tomorrow a more skilled burglar won't come along and
pick my lock?

So I were given the opportunity to easily install a better lock,
and one that cost me nothing, I would take it. I may protect me
against that better burglar, or he may never come along and it
may not. But I don't care. There's no downside to enhancing my
security for free, whether or not it turns out that it's
necessary.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup

On Tue, 29 Mar 2005 10:15:03 -0800, "Ken Gardner"
wrote:


and how to avoid downloading and installing crudware in the first place, and
then implement what you have learned. One of the things you'll learn is that
all you need is an up-to-date Windows XP system with SP2 set to default
settings, any good standalone antivirus program, and a good antispyware
program that runs in real time (I use Microsoft Antispyware -- it's the best
one of many that I have tried).
Having a good program watching for your 'crudware' is just a stop gap measure.
You need to be able to identify WHEN you've been compromised. All the backup
virus software, firewall's, adware removers popup killers etc.. don't mean
diddly if something gets past them. And something WILL get past them. That's
when you need to know when something's wrong and go after it the best you can.
You might have to run several different NEW virus scanners or adware programs
cause not all of them are equal. Trend might find 98%. Then you might need
mcaffee, Norton or any others to find what's causing trouble.
something calling itself desktop xxxx made it to my system ages ago. Trend had
no idea what it was, Adaware didn't. I had to search the web for desktop xxx to
find someone else that had been hit by it and find out how to dump it.
I never found it in time. I just did a reformat and reinstall of the OS. Just
reinstalling the OS and rollbacks was doing nothing.

That right there is the only guaranteed solution to a virus.

Think of it this way. If your computer is already secure enough, installing
a third party firewall is redundant and unnecessary -- it would be like
adding a few more burglar alarms to Fort Knox. If it is insecure, installing
a third party firewall will, at best, help you minimize any resulting damage.
More eyes open, better chance of survival, but adding software isn't the same
comparison. Identical software will wind up fighting each other for resources,
and cause more trouble than it solves.
IIRC The XP OS specifically says ONLY use 1. If you have a 3rd party either
disable that one or XP's but don't run both.

You are, therefore, much better off devoting your time, energy, and money to
making your system secure than making an insecure system slightly less
insecure.

Even more generally, a good rule of thumb about XP is that the less you mess
with how it was designed to run, the better it will operate. It is currently
designed to run with the Windows firewall, working in conjunction with an
antivirus program that the user must install separately. It is a good
design. Don't mess with it.

Ken

--
more pix @ http://members.toast.net/cbminfo/index.html

"Ken Blake" wrote:

In my opinion, based on extensive personal experience as well
as regularly reading firewall-related posts on these newsgroups,
is that the Windows firewall is better than third party firewalls --
better from the standpoint of overall performance, reliability, and
even security.

You certainly have a right to that opinion, but I wanted to point
out that most of us here disagree with you completely.

Sure. I don't deny it. Usually when I give this speech, I throw in the
caveat that many people, including people like you whose opinions I greatly
respect, disagree with me. This time I simply forgot to do it.

Not only that, but Microsoft also disagrees with you. Read
http://www.microsoft.com/athome/secu.../firewall.mspx
which includes the following:

"Q. Should I use a non-Microsoft personal firewall instead
of the built-in Internet Connection Firewall?

A. If you already have a non-Microsoft firewall on your
computer, you should continue to use it. If you do not have a
firewall, then you have a choice. If you want a simple firewall
that is very easy to configure, then you should use the Windows
XP Internet Connection Firewall. If you want more advanced
control over the traffic that passes through your computer and
you also want to block outgoing traffic (that is the traffic from
your computer out to the Internet) then choose a personal
firewall from another company."

I could respond, in hypertechnical fashion, that this blurb refers to ICF,
not the (much improved) Windows firewall. But despite the first sentence, it
is unclear to me what it is really saying because the user always has the
choice to uninstall the third party firewall -- which then puts him in the
same position as the person who must choose between one or the other (which
is what the rest of the blurb addresses).

Why would Microsoft do this? My guess is that there are separate problems
that are likely to come up if the user uninstalls a third party firewall that
don't exist if the firewall was never installed in the first place. I have
experienced some of these problems myself, especially with Zone Alarm
(admittedly a very popular choice, but one that, for some reason, always
seems to constipate my system), and we can read about the problems others
have experienced right here in these newsgroups. So of course it would make
sense for Microsoft to advise a person who is already using a third party
firewall to keep using it and thereby avoid these types of problems.

But leaving all this aside, I completely agree with the rest of what
Microsoft wrote, even if you substitute the (improved) Windows Firewall for
ICF. However, I have no desire or need to monitor outgoing communications or
otherwise take "more advanced control" (or what I would call using additional
bells and whistles). I use other software and related security measures to
keep crudware off my system in the first place, and otherwise I don't want
anything obstructing legitimate outbound communications even long enough to
bother me to make decisions on which legitimate communications I should block
when the answer will almost always be "none." I would rather have the
simpler firewall that is much easier to configure -- and which has never
caused me a single problem or security breach going all the way back to the
day Microsoft introduced XP in 2001. I agree that others may prefer the
"more advanced" features. I'm simply not one of them.

Think of it this way. If your computer is already secure
enough, installing a third party firewall is redundant and unnecessary
Yes, but what does "secure enough" mean? The problem is that you
never really know.

I can never know with 100 percent certainty. I also don't know with 100
percent certainty that I won't be killed in an automobile accident the next
time I drive to work, but this uncertainty will not stop me from ever again
driving to work. I do know with pretty much 100 percent certainty when
something is wrong with my computer or with someone else's computer,
including the signs of crudware. I don't need a third party firewall to tell
me that something is wrong.

I have a lock on my front door, and no burglar
has ever broken in. Does that mean I am "secure enough"? How do I
know that tomorrow a more skilled burglar won't come along and
pick my lock?

Well, I can also increase the number of locks on the door, install an
electric fence, get some guard dogs, booby-trap my front yard, etc. But at
some point the law of diminishing returns kicks in. The locks and electric
fence costs money, the guard dogs need to be feed and then they mess up your
yard, booby traps can also injure young children, etc., etc.

So I were given the opportunity to easily install a better lock,
and one that cost me nothing, I would take it. I may protect me
against that better burglar, or he may never come along and it
may not. But I don't care. There's no downside to enhancing my
security for free, whether or not it turns out that it's
necessary.

Even with the best of third party firewalls, there is some downside. There
may be compatibility issues (especially as Microsoft continues to update
Windows), they may sometimes make mistakes in deciding which outbound
communications to block, there is a small hit on resources and memory, these
programs have to be maintained and updated from time to time, etc.

Ken

On Tue, 29 Mar 2005 13:55:01 -0800, "Ken Gardner"
wrote:


But leaving all this aside, I completely agree with the rest of what
Microsoft wrote, even if you substitute the (improved) Windows Firewall for
ICF. However, I have no desire or need to monitor outgoing communications or
otherwise take "more advanced control" (or what I would call using additional
bells and whistles). I use other software and related security measures to
Ask yourself what is outgoing ? Normally once the burglars entered, he TAKES
the stuff OUT.
Your passwords, social security number, home address, children's ages, anything
personal you've stuck on a drive could be included in the OUTGOING that you
don't feel a need to monitor.

You sound like one of those commercials now, Nostradamus didn't predict Trojans
or computer virus, so I'm protected. I want my machine to make a sound like a
Yeti, AAAOOOOOOWWWWWWW!!!

keep crudware off my system in the first place, and otherwise I don't want
anything obstructing legitimate outbound communications even long enough to
bother me to make decisions on which legitimate communications I should block
when the answer will almost always be "none." I would rather have the
simpler firewall that is much easier to configure -- and which has never
caused me a single problem or security breach going all the way back to the
day Microsoft introduced XP in 2001. I agree that others may prefer the
"more advanced" features. I'm simply not one of them.
You've been lucky so far. I see on average at least 5 attempts daily to
compromise my computer. The kiddie scripts are still out there. And if they can
turn your machine into a slave for forwarding their spam [you'll never know if
they do], or even better, turning your machine into a source for pirate ware.
You could benefit from www.dshield.org and help others. It'd increase your web
paranoia, but it'd make you think about how much traffic you want to ignore.

Think of it this way. If your computer is already secure
enough, installing a third party firewall is redundant and unnecessary
Yes, but what does "secure enough" mean? The problem is that you
never really know.

I can never know with 100 percent certainty. I also don't know with 100
percent certainty that I won't be killed in an automobile accident the next
time I drive to work, but this uncertainty will not stop me from ever again
driving to work. I do know with pretty much 100 percent certainty when
something is wrong with my computer or with someone else's computer,
including the signs of crudware. I don't need a third party firewall to tell
me that something is wrong.
But you still keep your seat belts and other safety devices [brakes] in working
order. If one starts to fail, and a weak firewall you can almost guarantee will
fail, you wouldn't stay with it. M$ has already said it's not the best out
there.
You can't stop the burglar, but you can make it hard enough to give you the
breathing space to call 911. IOW: You don't post signs on your roof that you
leave your doors unlocked and aren't home between the hours of xx and xx.

If some kiddy script can identify you as an easy mark, they'll be back until
they get thru.

Check your security with XP at this site

http://grc.com/intro.htm look for the Shields up page and then tell us just how
secure you feel. Or go to Norton, they have something similar but it may take
hours for results. GRC can tell you in minutes how vulnerable and where you
aren't secure. It's sobering when they can tell you more about you than you
know about you just by visiting their web site..

And for all you know the link I'm giving you above isn't sending you off to a
malicious java script that won't have any problem dropping it's load on you.
It isn't, but you don't know that unless you've been to GRC.com b4.

I would say take a look at the counter I use, it grabs everything but blood
type and mothers maiden name.

That's way more info than a visit to a web site needs to know. But the
technology exists to scan your entire machine and send it to Osama Bin Laden.

I have a lock on my front door, and no burglar
has ever broken in. Does that mean I am "secure enough"? How do I
know that tomorrow a more skilled burglar won't come along and
pick my lock?

Well, I can also increase the number of locks on the door, install an
electric fence, get some guard dogs, booby-trap my front yard, etc. But at
Guard dogs and booby trapping your front yard, and you can kiss your freedom
goodbye. It's ILLEGAL. And if you do catch a burglar in one, he'll own you, If
he survives, if not his relatives will own you.

some point the law of diminishing returns kicks in. The locks and electric
fence costs money, the guard dogs need to be feed and then they mess up your
yard, booby traps can also injure young children, etc., etc.

So I were given the opportunity to easily install a better lock,
and one that cost me nothing, I would take it. I may protect me
against that better burglar, or he may never come along and it
may not. But I don't care. There's no downside to enhancing my
security for free, whether or not it turns out that it's
necessary.

Even with the best of third party firewalls, there is some downside. There
may be compatibility issues (especially as Microsoft continues to update
Windows), they may sometimes make mistakes in deciding which outbound
communications to block, there is a small hit on resources and memory, these
programs have to be maintained and updated from time to time, etc.

Ken

--
more pix @ http://members.toast.net/cbminfo/index.html