xpsp2's firewall - how good is it?

By ring0
in Microsoft (Windows)

 Share

Recommended Posts

Proficient

ramian

Posted
Posted
i just got a perfect stealth scan with ICF and shildsup...

I don't trust GRC one bit. I can get a perfect stealth rating on ShieldsUp and I don't have ICF enabled or a 3rd party firewall software installed.

A couple of good security scans I've been using for a while now are

http://www.securitymetrics.com/portscan.adp

http://security2.norton.com/sscv6/default.asp

http://scan.sygate.com/

http://browsercheck.qualys.com/

http://webtest.scanit.be/bcheck/sid-38ba24...9890718fe7701b/

I just grabbed these from my Favorites so I can't remember if all of them are accurate but, there's no harm in trying them all.

cheers!

Community Regular

Shining Arcanine

Posted
Posted
i just got a perfect stealth scan with ICF and shildsup...

I don't know about all of the microsoft bashers here, but I think they may have got it right this time, as i feel no need to reinstall ZAP

I don't, I keep failing TruStealth because of the ICMP ping.

I don't trust GRC one bit. I can get a perfect stealth rating on ShieldsUp and I don't have ICF enabled or a 3rd party firewall software installed.

A couple of good security scans I've been using for a while now are

http://www.securitymetrics.com/portscan.adp

http://security2.norton.com/sscv6/default.asp

http://scan.sygate.com/

http://browsercheck.qualys.com/

http://webtest.scanit.be/bcheck/sid-38ba24...9890718fe7701b/

I just grabbed these from my Favorites so I can't remember if all of them are accurate but, there's no harm in trying them all.

cheers!

Your ISP probably has some kind of security measure in place.

Proficient

ramian

Posted
Posted
Your ISP probably has some kind of security measure in place.

Don't think so. While GRC's ShieldsUp test said all my ports are in Stealth mode, both the SecurityMetrics and the Symantec scan revealed that I had barely 5 or so ports stealthed. Compare your results between these 3 tests and see for yourself.

Mentor

Night.Hawk

Posted
Posted

I like it, but I still use Sygate or ZoneAlarm. Works real good and I'd tell you about it, but I have to go ppl. :sleep: See ya, check in the other thing about if Firewalls really work. I've got a thing about all 3. Or just ask someone else.

Neowinian

UnitedConfusion

Posted
Posted
To be honest i dont think I could want any more features from a firewall than the winxp one. It has:
  • Configurable Options
  • Outbound Blocking
  • Inbound Blocking
  • Logging
  • Full stealth scan good
  • Total Intergration into OS

Seems enough for me :p

The Windows Firewall in Windows XP SP2 does not filter outgoing connections.

For typical consumer and office computers, the computer is a client on the network. Software on the computer connects out to a server (an outbound connection) and gets responses back from the server. Windows Firewall allows all outbound connections, but applies rules to the types of communication that are allowed back into the computer. For more information about what network traffic Windows Firewall allows as part of Transmission Control Protocol (TCP) and User Data Protocol (UDP) outbound connections, see Notes, below.

Grand Master

kiddingguy

Posted
Posted
humm i might stop using norton its only slowing down my system i guess

i have exactly the same thoughts, since nis 2004 is such a resource hog.

but than again... i think that 3rd party software on internet protection/firewall is better - coz the specialize more into it - that MS itself.

or am i wrong and is the windows firewall comparable (or maybe even better?) than norton's internet security 2004? and can i in the future just forget about nis?

or is the protection and security of my computer controlled by one company (ms) begging for trouble? (since windows os's are not all bugfree and vulnerabilities - and thus possible hacking attempts - are detected every now and than)

Community Regular

Shining Arcanine

Posted
Posted
When using the MS Firewall, did you just enable it or did you go into advance settings and configure it properly?

I didn't have to enable it, that should be off by default and I've tried everything to turn it off. An MVP told me to do the same thing that was done by default so I think there is a problem here.

  • 2 weeks later...
Grand Master

John Veteran

Posted
  • Veteran
Posted

Some people think outbound scanning is extremely important. I say that if you know what's on your machine, outbound checks are pointless. If you don't click on popups and don't download things you shouldn't, you're not very likely to get a trojan...

Experienced

Nodiaque

Posted
Posted

hmmm... that depend... look on my school network, a laptop pluged into the network and spread a worm that's not even detectable now... Easy to remove though, but no scan detect it except trend micro housecall... (msgfix.exe or ktax.exe)

You never know when you get one, but again, I'm one of those that don't use antivirus software and firewall stuff... firewall cause I'm behind nat, antivirus cause I'm the only user of the computer and I know what I download so no risk of virus...

But even there, I activated ICF in sp2 cause I though it was better then before and when I saw it was more customizable and asked to allow incoming traffic for games and prog, I said: "Hey, now it's good enough to be activated, better then nothing and it's free"

Grand Master

John Veteran

Posted
  • Veteran
Posted
hmmm... that depend... look on my school network, a laptop pluged into the network and spread a worm that's not even detectable now... Easy to remove though, but no scan detect it except trend micro housecall... (msgfix.exe or ktax.exe)

Worms can't infect you if you have a firewall...

Grand Master

John Veteran

Posted
  • Veteran
Posted
Bull****. There are plenty of paranoid users who still find spyware in one form or another on their system. Though I can count the number of times it's happened to me on one hand, it still does.

Blaster's a good example.

ciaran

Blaster's a good example, huh? I don't see how it relates to spyware, but let me use blaster as a good example...

The RPC hole was fixed a full month before the blaster worm was released. Had people either a. had a firewall, b. turned on automatic updates, or c. had updated antivirus software, blaster wouldn't have been a problem. The first two would have stopped it from even infecting the computer, and antivirus software would remove it.

Now how do you explain how the blaster worm was related to spyware? The worm itself was not spyware, it didn't install any spyware on the system, and there's no spyware that it manipulated to get in the system.

Proficient

digitalslacker

Posted
Posted

it's been working pretty well for me

i did report a few VPN problems to microsoft though

my Cisco VPN dialer wouldn't tunnel after xpsp2 was installed, it connected fine i just couldn't do anything :)

tried to add the programs to the exceptions list, no luck

even turned off the firewall, still didn't work

and i can't seem to figure out how to uninstall xpsp2 to see if the problem fixes

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.