June 4th, 2003 07:35 PM
With the WinXp Firewall you dont have many setting and cant configure it right for you
One that works alright is Norton Antivirus
June 4th, 2003 07:49 PM
okay netcrasher two things Norton Antivirus isnt a firewall. It has NO firewall functions. hence the name antivirus. okay that rant is over. NEXT with win xp you only have 2 possible setting ON or OFF thats it. Maybe somebody should read a little closer to whats being said next time????????
June 4th, 2003 08:03 PM
Ok, I think I get the idea. Personnally, I also use ZoneAlarm while mobile and behind my FW box at home. Love the stealth of ZA, gotta have outbound checks, etc..
It looks like we can all agree that it's not a real *firewall* per se, M$ should be calling it "security enhancements" not a "firewall." Even Red Hat's iptables GUI is called "Security Configuration" -- not "Firewall." But hey, Windows 3.1 was a "multi-tasking o/s" too, wasn't it?
Still, if you need something, but it's better than nothing.
Anyone know any reason NOT to use it? (As long as it's not soley relied upon and doesn't lend to a false sense of security.)
June 4th, 2003 08:20 PM
I think that many of the reasons above should suffice, don't you? It lends little control to properly secure your environment. It has no ability to track connection state, it has no concept of inside vs. outside, it is used for securing ports (and I use that term lightly), it cannot analyze packets thoroughly (other than the protocol), it has no protection for outbound connections and the list goes on. Do yourself a favor and look into something more robust. You'll be happier in the end. I'd look at IPTABLES in any RH distro, or look into an appliance like Cisco PIX, etc.
Anyone know any reason NOT to use it?
Hope this helps.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
June 4th, 2003 08:35 PM
ZombieMann and netcrashxx you CAN configure XP's firewall to a certain extent... go to properties of the connection > advanced > settings> services and you can configure there what ports to let open - it's not true to say that the ICF is either off or on.
having said that - the reasons not to use the thing have already been stated several times so I'm not going to reiterate them again...
Quis Custodiet Ipsos Custodes
June 5th, 2003 03:51 AM
Im not an idiot...There are more then one Norton
---Norton Personal Firewall
June 5th, 2003 04:06 AM
netcrashxx the error in your message ios that you said that the WinXp firewall does not have the same functions as Norton Antivirus <---..
June 5th, 2003 05:16 AM
Re: XP's "firewall" - why the bad press?
Not when that something is more exploitable than not having an extra app running with holes.
Originally posted here by Mykol
Why? Isn't something better than nothing?
June 5th, 2003 09:18 AM
Thanx Noodle to provide real good posts!
You're right fingerprinting is a real pain and should be mitigated!
As just as a little conclusion to our discussion, i'll say that securing a PC with embedded s/w don't give full satisfaction. I believe that i'll definitly go for a firewall in the middle when possible (a old PC will do it).
BTW I'm not windows expert but didn't Microsoft understood the danger of predictable TCP sequence number...
Is there a ptach to upgrade the TCP/IP stack???
[shadow] SHARING KNOWLEDGE[/shadow]