April 26th, 2004, 07:41 AM
WinXP service pack 2..........
Hello again everybody,
I have downloaded XPSP2 (all 230+MB's) and removed my 3rd party firewall app, but am still running an AV.
The AV is one of the freebies off the internet. Oh, I forgot, also running Spy-sweeper.
So, in effect I am relying on the MS XPSP2 firewall to do its job. So far, so good, and it seems
extremely simple to set up and configure. It has some decent functionality for those that understand a little about TCP/IP, and in conjunction with the Advanced TCP/IP filter options
that you can access under Network Connections (you'll have to dig a little ), it gives you some flexibility. I am curious to see how well it holds up.
Here's why I am posting:
I'd like to get folks that have XP and SP2 to comment/log their experiences here.
But you should have only the XP firewall installed. It would be prudent to have an AV
and possibly an Anti Trojan running.
The POP-UP blocker really works well, no surprises, unobtrusive, very easy to use.
Gee, MS did something nice this time.
The service pack is a beta version....no probs 'yet'....
April 26th, 2004, 04:59 PM
Being that the SP is still beta, I would wait until at least a week or two of it's official release. It's beta for a reason, and there have been postings on the MS.com forums about intermittent problems with the service pack to which the Micro$oft techs replies were "it's beta".
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
April 26th, 2004, 05:14 PM
I'll download SP2 Rc2 sometime soon on a test machine. We'll see then!
April 30th, 2004, 03:39 PM
Yea don't put this on your main box but if you have a spare or test box you may want to install it and mess with it. No other SP ever has made so many changes to the OS before.
Link to a list of changes http://www.microsoft.com/technet/pro.../sp2chngs.mspx
Informatin on the improved firewall http://www.microsoft.com/technet/com...uy/cg0104.mspx
It has been in beta a long time now trying to find last minute bugs. I have been testing it to see if it breaks anything I do... so far so good.
Internet Connection Firewall in SP2
ICF for SP2 will include a host of new features. This paper will discuss five of them that will have some impact on existing applications:
On by default. Prior to SP2, Windows XP shipped with ICF disabled by default; users either needed to run a wizard or navigate through the Network Connections folder to enable ICF. By enabling ICF by default, the computer will be protected from many network based attacks. For example, if ICF had been enabled by default the recent Blaster attack would have been greatly reduced in impact, regardless of whether users were up to date with patches. This may have an impact on existing applications if the application does not work with stateful filtering by default.
Boot time security. In earlier versions of Windows there is a window of time between when the network stack started and when ICF provided protection. Consequently, a packet could have been received and delivered to a service without ICF filtering it, potentially exposing the computer to vulnerabilities. In SP2, the firewall driver has a static rule called a boot-time policy to perform stateful filtering. This will allow the computer to perform basic networking tasks such as DNS and DHCP and communicate with a Domain Controller to obtain policy. Once the firewall service is running, it will load and apply the run-time ICF policy and remove the boot-time filters. This change should increase system security without affecting applications.
Application white list. Prior to SP2, applications needed to call the ICF APIs to enable the necessary listening ports to be open to send and receive messages. This proved difficult in peer-to-peer situations when the port was not known in advance. Further, it was up to the application to close the hole in the firewall, which could lead to unnecessary openings in the firewall should the application terminate unexpectedly. Additionally, these holes could only be opened by applications running in the security context of a local administrator. In SP2, an application that needs to listen to the network can be added to the Application White List. An application on the white list will have the necessary listening hole created automatically. By having an application on the white list, only necessary ports are opened, and they are only opened for the duration that the application is listening on it. This prevents an application from opening up a port it's not using and either deliberately or inadvertently exposing another application or service to network traffic from that port. Further, this also allows applications listening to the network to run as a regular user. Applications that work with stateful filtering do not need to be placed on the white list. Only administrators can add an application to the white list.
RPC support. In earlier versions of Windows, ICF blocked RPC communication, causing functions such as file and print sharing and remote administration to fail. This was because the RPC process image filename was the same for many RPC servers (svchost.exe). SP2 enables granular control of which RPC services have the ability to traverse ICF. When opening a port, a caller may claim that the port is to be used for RPC. ICF will only accept this claim if the caller is running in the Local System, Network Service, or Local Service security contexts. ICF supports a profile level flag that enables RPC ports to be opened even if the caller is not on the Application White List: PrivilegedRpcServerPermission. By having granularity, administrators can control which RPC services are exposed to the network, limiting communication to only those who need it.
"Shielded" mode. In the event a malicious application that finds and exploits a vulnerability in one of the listening Windows services is threatening users, SP2 introduces a setting to ICF, code-named "shielded" mode. This mode enables users to easily protect themselves by switching ICF to prevent all unsolicited inbound traffic until a patch is available, without having to reconfigure the firewall. When in this operation mode, the computer cannot listen for requests that originate from the network. Outgoing connections are the only connections that succeed. Any API call to open up a static hole will be allowed and the configuration stored, but it will not be applied until the ICF operational mode switches back to normal operation.
April 30th, 2004, 07:30 PM
remember that hacks and cracks go after ms more than anyother software, simply cuz there's more of it than anyother..I agree with corrosive great thread tho...
May 3rd, 2004, 08:03 AM
a week l8ter...
Well, its been a few days and all I can say is 'thumbs up'. I realize that in my case, XPSP2 is installed on a stand alone box, but I just cannot find any flaws at the time. In fact, the box is running the best it has ever. I'd like to see an app that can take the pfirewall.log file(C:\Windows) and straighten it out a bit, for better viewing. If anyone knows of one, please let me know.
I've had some time to play with the firewall, and there is quite a bit of functionality. You can access it by right clicking the system tray icon of your active network connection, provided it is configured to show in the system tray, or by going to Control Panel/System/Automatic Updates. You can also get to it via Control Panel/Security Center. There are several ways...
One thing I noticed, are the different ways the XPSP2 firewall intergrates with AV software.
I had AVG(personal/free) running, and VIRUS PROTECTION in the Security Center was "orange". It basically reminded me to maintain up to date virii definitions. Then I uninstalled AVG and installed McAfee, and now the button is blue, so there seems to be better intergration.
If you go to 'Tools'/Internet Options/Privacy in IE, you'll also notice that the Pop-Up blocker has been intergrated.
All in all, I'm pleased to date.
I still have to play with the firewall on my internal routerlab via the second NIC.The firewall does recognize the second NIC and allows for individual configs.
May 3rd, 2004, 09:08 PM
OK, this makes me curious, opinions - Is XPSP2 primarily enhancements for the retail/consumer market? Does anyone see any value for the business consumer? I am sure there is of course, but what does everyone think of it in that context?
I have no use for the firewall of A/V integration and improvements. Safer e-mail handling is not at issue here, my users are well trained (woof woof, gooood doggie). MP9 - OK - gimme a reason. OK, maybe some improved activeX handling.. but still low priority.
Don't get me wrong - MS has made my life easier over the years, but is this going to keep me wishing that MS would REMOVE some of the bloatation for a change?
May 10th, 2004, 05:33 AM
Well, close two 2 weeks, using the box as usual.....
I like...no problems, nada, zilch, an occasional look into the pfirewall.log file, tempted to claim peace of mind! I have taken a short break from playing with the network set-up, which is actually a good thing. I now have a baseline in terms of the boxes behaviour in its standalone config. This will help in nailing any network issues, should they arise.
I highly recommend giving XPSP2 RC 1 a try...it won't break your box, it won't break your box,
you are getting sleepy, it won't break your box....
Attached is a word document from MS that explains some of the networking features a bit more in depth:
May 10th, 2004, 08:08 AM
I'll probably wait to update my network to SP2 until a good month or so after its been out. That way I'll know what bugs are in it and what it crashes. lol