xpsp2's firewall - how good is it?

[John Veteran]

it's been working pretty well for me

i did report a few VPN problems to microsoft though

my Cisco VPN dialer wouldn't tunnel after xpsp2 was installed, it connected fine i just couldn't do anything :)

tried to add the programs to the exceptions list, no luck

even turned off the firewall, still didn't work

and i can't seem to figure out how to uninstall xpsp2 to see if the problem fixes

It's in Add or Remove Programs in Control Panel. Check the "show updates" box (Y)

[PseudoRandomDragon]

Worms can't infect you if you have a firewall...

That applies most of the time, but not all the time. Remember the ASN.1 vulnerability? What made that so dangerous is the fact that it can bypass firewalls.

You are right though, blaster is not a good example. Even if a system is vulnerable, a properly configured firewall can stop it.

[Roger H. Veteran]

anyone noticed the upgrades on V5 Windows Updated which is specifically for the firewall?

[John Veteran]

That applies most of the time, but not all the time. Remember the ASN.1 vulnerability? What made that so dangerous is the fact that it can bypass firewalls.

From what I've read, the ASN.1 exploit requires the target machine to be running a process that uses ASN.1, and if you're not running any, then you're not vulnerable. This means that the attacker must be in contact with a process on the server anyway, which means he's already through the firewall. But, just like other bugs, it should be fixed...

[ciaran00]

Blaster's a good example, huh? I don't see how it relates to spyware, but let me use blaster as a good example...

The RPC hole was fixed a full month before the blaster worm was released. Had people either a. had a firewall, b. turned on

That's my point. See above where you attributed a firewall to protection against worms. No, a firewall did not protect against blaster (za pro) alone. Only the RPC vulnerability patch WITH a firewall did. Whether or not a user is foolish for not grabbing the updates isn't the point. A firewall alone is not adequate protection.

And try telling the users of Blackice that a firewall grants immunity to worms and similar exploits. Yeah right. :)

ciaran

[PseudoRandomDragon]

Wrong. ZoneAlarm Pro does protect against blaster, even without the patch.

[Banzai]

When the final comes out I might give it ago for a while, only thing ive got norton internet security 2003, can I uninstal the firewall without uninstalling the anti virus?

[PseudoRandomDragon]

Yes, but I suggest sticking with Norton Internet Security.

[MetaLRasaM]

nope benzai im almost 100% sure that you cant. why dont you just PURCHASE the actual antivirus? or *cought* download it *cought*

[PseudoRandomDragon]

You can't? Wow, well, you should be able to at least turn it off.

[MetaLRasaM]

amm..ya...im sure u cant...when u have the internet security package..u cant uninstall the firewall..and use the NAV...amm..but u sure can disable it...but if ur not gonna use it..i suggest that u just get the NAV2004 or somethin...but norton firewall is pretty good, sure it does hog ur PC a little, but its very effective, and either have norton firewall or zonealarm pro..both are great...but zonealarm doesnt hug ur resources as much as norton.