G
Guest
I have been told that the XP SP2 Firewall will only protect aginst incoming
info but not outgoing. Is this true?
info but not outgoing. Is this true?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
B
Bruce Chambers
Bud said:I have been told that the XP SP2 Firewall will only protect aginst
incoming info but not outgoing. Is this true?
That's correct.
The "2nd generation" Windows Firewall included with SP2, while
vastly superior to the original ICF in terms of visibility, usability
and configurability, is still rather lacking, as a solid security
component. It still can't supplant 3rd-party solutions, nor is it
intended to do so; rather, it's intended to complement them.
WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes. What WinXP SP2's firewall does not
do, is protect you from any Trojans or spyware that you (or someone
else using your computer) might download and install inadvertently.
It doesn't monitor out-going traffic at all, other than to check for
IP-spoofing, much less block (or at even ask you about) the bad or the
questionable out-going signals. It assumes that any application you
have on your hard drive is there because you want it there, and
therefore has your "permission" to access the Internet. Further,
because the Windows Firewall is a "stateful" firewall, it will also
assume that any incoming traffic that's a direct response to a
Trojan's or spyware's out-going signal is also authorized.
ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even the commercially
available Symantec's Norton Personal Firewall is superior by far,
although it does take a heavier toll of system performance then do
ZoneAlarm or Sygate.
--
Bruce Chambers
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having
both at once. - RAH
D
Digen
hey bruce thanks for the explanation.no offence but can you give me some
links which state the above.
links which state the above.
S
Steve Clark [MSFT]
You need only consult the product documentation.
I can state with authority that this is the case. The rationale from the
product group was basically that if you can prevent inbound infection, you
ameliorate over 80 to 90% of infections in the first place.
I can state with authority that this is the case. The rationale from the
product group was basically that if you can prevent inbound infection, you
ameliorate over 80 to 90% of infections in the first place.
D
Digen
Thanks Steve.But there is utter confusion on my part as to whether it blocks
outgoing traffic or not.Consider this example.
Say I fire up Adaware & try to update its definitions with windows firewall
running at the background.Now since its going to access the internet, will
the firewall block this connection or will it ask for permission like zone
alarm does?
If it does ask for permission then surely it must block outgoing traffic.
The thing came to my mind after looking at the "Firewall security alert" in
the url given below.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Thanks in advance.
outgoing traffic or not.Consider this example.
Say I fire up Adaware & try to update its definitions with windows firewall
running at the background.Now since its going to access the internet, will
the firewall block this connection or will it ask for permission like zone
alarm does?
If it does ask for permission then surely it must block outgoing traffic.
The thing came to my mind after looking at the "Firewall security alert" in
the url given below.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Thanks in advance.
T
Torgeir Bakken \(MVP\)
HiDigen said:Thanks Steve.But there is utter confusion on my part as to whether it blocks
outgoing traffic or not.Consider this example.
Say I fire up Adaware & try to update its definitions with windows firewall
running at the background.Now since its going to access the internet, will
the firewall block this connection or will it ask for permission like zone
alarm does?
If it does ask for permission then surely it must block outgoing traffic.
The thing came to my mind after looking at the "Firewall security alert" in
the url given below.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
That one does not cover outgoing connections.
If you get a security alert from the FW, asking if you want to keep
blocking a program, it is not because that program tries to create an
outbound connection, but because that program are trying to set up an
*listening* port that accepts unsolicited inbound traffic
Let's take AOL IM as an example, when you start it, the FW will ask
if you want to keep blocking AOL IM.
What happens is that AOL IM is trying to set up a listening port, that
part of the TC/PIP communication it is that the FW is asking about.
Any other communication from AOL IM (on e.g. other ports) will not be
stopped if you choose block (but some functionality in AOL IM will be
disabled by doing it, e.g. maybe that your AOL buddies cannot connect
to you on some level).
See "Firewall asks to unblock a program"
http://www.michna.com/kb/WxSP2.htm#The_Service_Pack_2_firewall
and
Understanding Windows Firewall/Introduction (3 pages)
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
and
How to use the Security Alert dialog box in Windows XP Service Pack 2
http://support.microsoft.com/default.aspx?kbid=875353
and
The Windows XP/SP2 Firewall
http://www.huitema.net/sp2-firewall.asp
S
Steve Clark [MSFT]
The Firewall will not block outbound communications.
If you desire an out of the box solution for that, and you already know your
traffic patterns (by port number and dest IP or subnet) then you can use
IPsec filters to control outbound behavior.
If you desire an out of the box solution for that, and you already know your
traffic patterns (by port number and dest IP or subnet) then you can use
IPsec filters to control outbound behavior.