XP's "firewall" - why the bad press? - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: XP's "firewall" - why the bad press?

  1. #11
    With the WinXp Firewall you dont have many setting and cant configure it right for you
    One that works alright is Norton Antivirus

  2. #12
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    okay netcrasher two things Norton Antivirus isnt a firewall. It has NO firewall functions. hence the name antivirus. okay that rant is over. NEXT with win xp you only have 2 possible setting ON or OFF thats it. Maybe somebody should read a little closer to whats being said next time????????

  3. #13
    Member
    Join Date
    May 2003
    Location
    Somewhere in Texas
    Posts
    76

    Exclamation

    Ok, I think I get the idea. Personnally, I also use ZoneAlarm while mobile and behind my FW box at home. Love the stealth of ZA, gotta have outbound checks, etc..


    It looks like we can all agree that it's not a real *firewall* per se, M$ should be calling it "security enhancements" not a "firewall." Even Red Hat's iptables GUI is called "Security Configuration" -- not "Firewall." But hey, Windows 3.1 was a "multi-tasking o/s" too, wasn't it?


    Still, if you need something, but it's better than nothing.

    Anyone know any reason NOT to use it? (As long as it's not soley relied upon and doesn't lend to a false sense of security.)

  4. #14
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Anyone know any reason NOT to use it?
    I think that many of the reasons above should suffice, don't you? It lends little control to properly secure your environment. It has no ability to track connection state, it has no concept of inside vs. outside, it is used for securing ports (and I use that term lightly), it cannot analyze packets thoroughly (other than the protocol), it has no protection for outbound connections and the list goes on. Do yourself a favor and look into something more robust. You'll be happier in the end. I'd look at IPTABLES in any RH distro, or look into an appliance like Cisco PIX, etc.

    Hope this helps.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #15
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    Posts
    949
    ZombieMann and netcrashxx you CAN configure XP's firewall to a certain extent... go to properties of the connection > advanced > settings> services and you can configure there what ports to let open - it's not true to say that the ICF is either off or on.

    having said that - the reasons not to use the thing have already been stated several times so I'm not going to reiterate them again...

    Z
    Quis Custodiet Ipsos Custodes

  6. #16
    ZomBieMann77

    Im not an idiot...There are more then one Norton
    -Norton Antivirus
    -Norton Cleansweap
    -Norton Ghost
    ---Norton Personal Firewall

  7. #17
    Banned
    Join Date
    Apr 2003
    Posts
    3,840
    netcrashxx the error in your message ios that you said that the WinXp firewall does not have the same functions as Norton Antivirus <---..

  8. #18
    er0k
    Guest

    Re: XP's "firewall" - why the bad press?

    Originally posted here by Mykol


    Why? Isn't something better than nothing?

    Not when that something is more exploitable than not having an extra app running with holes.

  9. #19
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    Thanx Noodle to provide real good posts!

    You're right fingerprinting is a real pain and should be mitigated!
    As just as a little conclusion to our discussion, i'll say that securing a PC with embedded s/w don't give full satisfaction. I believe that i'll definitly go for a firewall in the middle when possible (a old PC will do it).

    BTW I'm not windows expert but didn't Microsoft understood the danger of predictable TCP sequence number...
    Is there a ptach to upgrade the TCP/IP stack???
    [shadow] SHARING KNOWLEDGE[/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •