G
Guest
I have the windows firewall that is in the security center is that good?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
B
B. Nice
I have the windows firewall that is in the security center is that good?
Yes it is. Read also the previous thread "Is Windows XP firewall any
good?"
/B. Nice
B
Bruce Chambers
slayer123 said:I have the windows firewall that is in the security center is that good?
WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes. What WinXP SP2's firewall does not
do, is provide an important additional layer of protection by informing
you about any Trojans or spyware that you (or someone else using your
computer) might download and install inadvertently. It doesn't monitor
out-going network traffic at all, other than to check for IP-spoofing,
much less block (or at even ask you about) the bad or the questionable
out-going signals. It assumes that any application you have on your
hard drive is there because you want it there, and therefore has your
"permission" to access the Internet. Further, because the Windows
Firewall is a "stateful" firewall, it will also assume that any incoming
traffic that's a direct response to a Trojan's or spyware's out-going
signal is also authorized.
ZoneAlarm or Kerio are much better than WinXP's built-in firewall,
in that they do provide that extra layer of protection, are much more
easily configured, and have free versions readily available for
downloading. Even the commercially available Symantec's Norton Personal
Firewall provides superior protection, although it does take a heavier
toll of system performance then do ZoneAlarm or Kerio.
Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and every
computer user to learn how to secure his/her own computer.
--
Bruce Chambers
Help us help you:
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin
B
Bruce Chambers
B. Nice said:Yes it is. Read also the previous thread "Is Windows XP firewall any
good?"
/B. Nice
Sorry, but the referenced thread clearly established just the opposite.
While WinXP's firewall is certainly better than nothing, it is by no
stretch of the imagine "good."
--
Bruce Chambers
Help us help you:
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin
B
B. Nice
Sorry, but the referenced thread clearly established just the opposite.
While WinXP's firewall is certainly better than nothing, it is by no
stretch of the imagine "good."
That's just Your opinion. The referenced threat reflects different
opinions, and I am not the only one in there saying that WinXP does a
decent job, by the way.
B
B. Nice
WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes. What WinXP SP2's firewall does not
do, is provide an important additional layer of protection by informing
you about any Trojans or spyware that you (or someone else using your
computer) might download and install inadvertently. It doesn't monitor
out-going network traffic at all, other than to check for IP-spoofing,
much less block (or at even ask you about) the bad or the questionable
out-going signals. It assumes that any application you have on your
hard drive is there because you want it there, and therefore has your
"permission" to access the Internet. Further, because the Windows
Firewall is a "stateful" firewall, it will also assume that any incoming
traffic that's a direct response to a Trojan's or spyware's out-going
signal is also authorized.
ZoneAlarm or Kerio are much better than WinXP's built-in firewall,
in that they do provide that extra layer of protection, are much more
easily configured, and have free versions readily available for
downloading. Even the commercially available Symantec's Norton Personal
Firewall provides superior protection, although it does take a heavier
toll of system performance then do ZoneAlarm or Kerio.
Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and every
computer user to learn how to secure his/her own computer.
Pasted from
http://www.microsoft.com/technet/technetmag/issues/2006/05/SecurityMyths/default.aspx
Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe.
Speaking of host firewalls, why is there so much noise about outbound
filtering? Think for a moment about how ordinary users would interact
with a piece of software that bugged them every time a program on
their computer wanted to communicate with the Internet. What would
such a dialog box look like? "The program NotAVirus.exe wants to
communicate on port 34235/tcp to address 207.46.225.60 on port
2325/tcp. Do you want to permit this?" Ugh! How would your grandmother
answer that dialog box? Thing is, your grandmother just got an e-mail
with an attachment that promises some rather sexy naked dancing pigs.
Then this crazy dialog box appears. We promise: when the decision is
between being secure and watching some naked dancing pigs, the naked
dancing pigs win every time.
The fact is, despite everyone’s best efforts, outbound filtering is
simply ignored by most users. They just don’t know how to answer the
question. So why bother with it? Outbound filtering is too easy to
bypass, too. No self-respecting worm these days will try to
communicate by opening its own socket in the stack. Rather, it’ll
simply wait for the user to open a Web browser, then hijack that
connection. You’ve already given the browser permission to
communicate, and the firewall has no idea that a worm has injected
traffic into the browser’s stream.
Outbound filtering is only useful on computers that are already
infected. And in that case, it’s too late—the damage is done. If
instead you do the right things to ensure that your computers remain
free of infection, outbound filtering does nothing for you other than,
perhaps, to give you a false sense of being more secure. Which, in our
opinion, is worse than having no security at all.