Windows XP Service Pack 2 (SP2) includes the Windows Firewall, a replacement for the Internet Connection Firewall (ICF) in previous versions of Windows XP. Windows Firewall is a stateful host-based firewall that discards unsolicited incoming traffic, providing a level of protection for computers against malicious users or programs. To provide better protection for computers connected to any kind of network (such as the Internet, a home network, or an organization network), Windows XP SP2 enables Windows Firewall on all network connections by default. This new behavior can impair some types of communications. This article describes how to deploy the appropriate configuration settings for Windows Firewall on an organization network so that it is enabled and providing protection, and so that communications are not impaired.
Download: Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2
View: Manually Configuring Windows Firewall in Windows XP Service Pack 2
View: Get ready for Windows XP SP2: Turn on Automatic Updates
Download: Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2 View: Manually Configuring Windows Firewall in Windows XP Service Pack 2 View: Get ready for Windows XP SP2: Turn on Automatic Updates
The event will climax on Thursday, 23rd September, when Sony's guests and competitions winners will be given VIP access to the Alton Towers Park, including priority access to rides and exclusive access to gaming areas.
They will also be able to enjoy musical performances from various artists - including breakthrough urban acts, established chart artists and upcoming rock bands - as they zoom over sets installed in amidst the park's various spiralling attractions.
Sony is also planning a multi-artist finale within the Alton Towers' castle walls, to be followed by an after-show party in the Stateroom adjacent to the Alton Towers Hotel, with overnight accommodation and a chance for guests and competition winners to mingle with the artists.
The finale performance will also form the basis for a 90-minute televised trip around the PlayStation-tinted Alton Towers, something that Alton Towers' marketing manager Mike Lorimer believes will prove very popular.
"We are very excited to be hosting this event. Not only will it showcase our fantastic rides and attractions to a key audience on TV, but it will also allow every one of our guests access to some fabulous added experiences in the Sony PlayStation areas," he said.
SCE UK's marketing director Alan Duncan, meanwhile, said the new look of the event is important to the development of the PlayStation brand.
"The PlayStation Experience at Alton Towers reflects both our commitment to the evolution of sampling events and to creating original broadcast content which communicates the values of PlayStation to new and existing audiences," he said on Friday.
On a side note, this new Windows Firewall is actually pretty damn good, I went www.grc.com and ran the Sheilds Up test and it passed all tests in full stealth mode, same as Zone Alarm did. So bye bye third party firewall for me
I'm not trolling, this is a serious question.
Its the same as anything else, to each their own
Otherwise your post is useful and I agree with you.
Microsoft deals with 3 levels for real security: Firewall, AV, Patch Mgmt. Turn on autoupdate, get an antivirus, turn on the firewall, you're fine. However if you choose to not use a piece of that puzzle, you may have to take other options to be as well secured. Your choice.
Besides as long as the Windows Firewall tests well (meaning full stealth) like it has thus far, I'll be using it.
Last edited by 10647 on 13 Aug 2004 - 17:30
Windows Firewall provides a level of protection from malicious users and programs that use unsolicited incoming traffic to attack computers. With the exception of some Internet Control Message Protocol (ICMP) messages, Windows Firewall does not drop outgoing traffic.
...now before you answer that, understand that it's a level of trust here. Your answer would inevitably contain some degree of "because I don't trust what's running on my machine".
If you had an up-to-date antivirus product, you should be catching any trojan program that might be running on your machine, that's the primary job of that program. To catch it with a firewall creates unnecessary intrusive work on the part of the user.
Firewall + AV + Patch Mgmt. The firewall is not the "end" to the security principles -- it is a part of the puzzle.
And to answer the question directly - the firewall only prompts when a program running potentially receives unsolicited communication from the internet, such as UDP streams (WMP, doom3 server for example) or server services (FTP/Web server). Read the prompts the next time they come up very carefully...
Security is a paradigm that involves many factors. Is your house secure? Well you have locks, you'd hope so. You have alarms preventing people to go into your house. Why have sensors that watch when people leave?
That's the idea here. Even if this were MacOS, the same logic applies. Lets assume on the mac, that you had a firewall that only prevented unsolicited traffic. What would be the point of blocking outbound traffic? User annoyances? Why put that in if you trust the programs running on your machine?
The only viable reason for having an outbound filter on your machine is that you don't trust the applications that may or may not be running, to be doing things you feel are right. And the antivirus products are better suited to analyze malicious code, in my opinion. It is far more likely for an uneducated home user to know what perfectly benign DNS lookup traffic means when it pops up as a warning in zonealarm for outbound traffic, and cause problems, for example. I consider myself a pretty savvy computer user, yet I was annoyed at the basic filters zonealarm or blackice warned me about when I'd do simple things in IE the first time I used it. Too many prompts, and a naive home user will just brush them aside as "whatever", esp since it'd be like "USER32.EXE tried to access port 443 for process token iexplorer.exe" or somesuch...
I don't disagree that the better firewalls (zonealarm et al) are better at security, they certainly are. But my stance is that the reason those exist are due to the lack of trust of the programs running on your system. I'm completely in support of the Firewall + AV + Patch 3-step security that MS is condoning for home users. If you need more, go for it, and there are better products. However, this is a pretty small footprint solution that works just as well, with less user hassle.
You just answered in that quote why inbound-outbound firewalls still aren't necessary in the MS "3-step security program". Antivirus programs would've caught the virus. Right? It's still a matter of trusting your system. Besides, you'd want this because not all viruses (but, regretfully, most) propagate; some just destroy your system or files... or do both. A two-way firewall still isn't the "ultimate answer".
Lets say you use an inbound/outbound firewall product and get a virus (somehow, like via a disk). Would you be really running Windows without AV? Which program do you want catching this problem? Why would you want two programs double teaming -- especially when the firewall product can only suspend traffic, yet not actually fix the problem?
Lets say it was Norton Internet Security (a nifty product btw, but imho high memory overhead, by far...). That's a suite that does both isolation of outbound traffic and virus protection. In that case you've got the double duty. But your AV section of that product will catch the problem first, and the traffic will never occur. So what benefit is the outbound firewall providing, if you truly were catching viruses? And in 95% or more of the cases where the Norton firewall warned or blocked on outbound traffic, it's either benign or simply hard to decypher for "novice" users. So where's the benefit?
The only situation I can think of is 0-day viruses, where there is no dat protection, or you don't update dats (stupid admin syndrome) or your dats aren't updated fast enough (stupid admin syndrome), etc... or you simply have a perfectly good program on your system that you want to block traffic outbound. In the case of the "stupid admin syndrome" the chances are quite great that by the time a virus somehow bypassed any AV, the user would be more likely to allow the outbound traffic, having already been thoroughly de-sensitized by all the benign outbound "warnings"...
I'm not trying to be a pill here, I am simply advocating that the windows firewall, while thin (and very memory/cpu friendly btw), is quite good at handling the problems, I just don't see the actual tangible benefit of the outbound firewall unless you simply want to be paranoid.... (which don't take that the wrong way, that's just the best word to describe it) I'd like to know if there's something I'm missing though.
Last edited by 48053 on 14 Aug 2004 - 08:06
Antivirus software can only detect well known viruses. For the undetected viruses you want some way to block it from propagating.
And what do you mean by "trusting your system"? Do you mean trust the author of a program? Trust the hardware? Trust the company? Trust a digital signature? Why do you have to trust it to run a Firewall/AV/Patch?
Edit: I just reread some of your posts and kinda of understand something.
So you are saying that we don't need to block outgoing traffic because we trust our AV? What what about malicious programs that aren't viruses such as spyware, or programs that are a mix of good and evil or programs that turn malicious because of a software/hardware glitch that puts a program in a loop? Do you trust a program because it is written by a reputable company or do you trust it because you compiled it yourself?
Last edited by 30836 on 14 Aug 2004 - 08:27
I have a short ICQ UIN which seems to attract script kiddies. They often use 0day trojans and even some old trojans still undetected by AV (of course I send them to AV/AT vendors and they take care of it).
While my case may be special, I do think an outgoing connections protection should have been an option in the SP2 firewall.
It may not be that useful for the average home user, but XP has a Pro version too.
Trojans aren't covered that well by AV...
Bear in mind it would only be checking outbound connectivity too, so you'd need AV on your systems.
I would put Windows Firewall back on if there were other machines behind your linksys that you may not trust.
Also, the memory/CPU overhead of WF is the lowest I checked out there in beta, I haven't checked the gold SP2 yet, but I imagine it's quite low compared to the others (but also not as full featured -- but I think that's by design -- see my other posts in this thread).
I need a firewall? WHY?
My pc will run almost 24h x 7days and i have no troubles since the first release of xp devilsown (prior to xp retail release).
However I would suspect that you might be answering on the standard ports, like ICMP, which isn't necessarily vulnerable (who knows, really).
I'd recommend finding or using a portscanner for your machine and verifying you have no listening or open ports due to services, and making an assessment based upon those results. IMHO ICMP being open isn't really an issue; but if machines can determine "live" IPs from the internet -- your machine can receive traffic even if it doesn't do anything with it -- it's like verifying you are live and creating possible DOS attacks by overusing your pipe. So it's still a bit of a concern.
Most hardware firewalls disable ICMP for precisely that reason...
Great point though really, if you don't run the server services, you don't really need to have the protections.
You can go so far as to disable it in the network stack (file & printer sharing), and it does the same thing more or less. Shutting down the service not only saves a whopper on memory but it's more controllable via policies and such if you're a security conscious administrator ... like me ...
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.