May 8, 2008 at 8:46 am #2146440
Is Windows XP Firewall the only Firewall you need for home?Locked
by web-guy · about 14 years ago
Years ago, everybody said don’t just run the XP Firewall, it doesn’t provide enough protection. However, Microsoft has become much more proactive with security updates and Service packs in the last few years. So I was wondering if the old advice is still true, of if XP Firewall has really improved?
ThanksThis conversation is currently closed to new comments.
May 8, 2008 at 8:46 am #2460637
by web-guy · about 14 years ago
May 8, 2008 at 8:59 am #2460628
If your car needed a garage session every week …
by older mycroft · about 14 years ago
You wouldn’t necessarily be too impressed with it, even after eight years of religiously taking it into the garage once a week for a new part to be swapped out, now would you?
I tend to feel the same way about [i]anything[/i] M$.
If the Firewall is so secure, how come there are regular security patches for the system?
I don’t run the XP firewall at all, I use ZoneAlarm and am quite content thus far.
May 8, 2008 at 9:08 am #2460624
A number of things
by wesley.chin · about 14 years ago
There have been some improvements. But the big one is not addresssed. The firewall handles incoming traffic, but not outbound. If you are concerned about spyware or anything like that on your computer trying to “phone home”, the firewall that comes with XP will not be enough.
May 8, 2008 at 9:12 am #2460619
I say no.
by robo_dev · about 14 years ago
In general, a hardware firewall beats a software firewall every time. XPs firewall offers some basic protection, but I would not rely on it.
From an ‘average user’ standpoint, there’s nothing to easily misconfigure with a hardware firewall, and you cannot easily disable the firewall protection on a hardware firewall.
The fatal flaw with XPs firewall is that you can turn it off, AND it can be turned off programmatically, AND exceptions can be added programmatically to it as well.
This means that a virus you catch from joe scipt-kiddie, such as Bagz, XGQ, and others can and will shut off the firewall. So, in a way, the XP firewall is only as good as your Malware/Virus protection. So the castle walls are made of hefty stones, but the mortar is made of Jello pudding.
The XP firewall, when properly configured, is reasonably secure from very basic outside attacks (it blocks all inbound traffic).
Not to confuse the issue, but another concern is that the Windows firewall does not block or notify the user of suspicious outbound traffic.
Something like ZoneAlarm does block and detect outbound traffic.
Of course a typical soho NAT firewall doesn’t block outbound traffic either….
So here it is in a nutshell:
Best: Hardware-based NAT firewall and Personal Firewall such as ZoneAlarm.
Good: Hardware-based NAT firewall and XP firewall (though somehwat overlapping functionality).
Not-so-good: XP firewall only. Could be compromised through user error and/or malware.
May 8, 2008 at 9:21 am #2460612
I would defiantly say NO
by oh smeg · about 14 years ago
But then again I’m more Paranoid than some. 😀
The reality is that this is impossible to answer correctly as different people have different uses for their computers. I once saw a guy who ran XP for 3 years without a AV product on the system and when I was asked to look at it there where no infections. Though I would say that he was the exception that proves the rule and I wouldn’t even suggest this to anyone.
A router between the computer and ISP connection is a fairly standard fitting these days but what is often overlooked is the Firmware updating so in a case like that I see them as more of a problem than a solution as they do give a false sense of security.
May 8, 2008 at 9:41 am #2460596
NAT plus firewall really works
by nepenthe0 · about 14 years ago
The [i]ShieldsUp![/i] test reports total [i]stealth[/i] mode with NAT plus Windows firewall:
Of >1000 ports tested, all were [i]stealth[/i] mode using just the XP SP2 Windows filewall and a Linksys router.
One needs to check the native firewall [i]exceptions[/i], and I hope Wes Chin will post back discussing his recommendations regarding permissible [i]exceptions[/i].
May 8, 2008 at 11:10 am #2460546
by fincke · about 14 years ago
The firewall that comes with window xp service pack 2 is a one way mirror in which it only checks the stuff comeing out of your computer not going in. I use Comando firewall it’s easy to configure and it’s free and it updates too. It is simple to use and more useful then the firewall that comes with windows.