Norton IS 2005 Firwall with XP SP2 Firewall

  • Thread starter Thread starter Speug
  • Start date Start date
S

Speug

Until the beginning of Sep 04, I was running the XP SP1 Firewall ON with a
Norton Internet Security 2003 Firewall ON without an apparent problem.

At the beginning of Sep 04 I installed XP SP2 and run with the Firewall ON
as recommended by Microsoft and continued to run with the Norton IS Firewall
2003 ON - again without apparent problem.

I have just installed today as an upgrade, Norton Internet Security 2005
which in its handbook positively instructs turning the XP Firewall OFF to
prevent conflict.

I have now found that my PC seems to operate without an apparent problem
whether the XP Firewall is ON or OFF,
so far as I have been able to check out using Outlook Express, Internet
Explorer and AceFTP3 (for website updates).

While running with 2 Firewalls seems instinctly safer, although experts
suggest it is pointless, are there any disadvantages ? e.g potential
conflict in the future or slower transfer speeds or something else.

Your thoughts are welcome

Speug, 13 Oct 04
 
Speug said:
Until the beginning of Sep 04, I was running the XP SP1 Firewall ON
with a Norton Internet Security 2003 Firewall ON without an apparent
problem.
At the beginning of Sep 04 I installed XP SP2 and run with the
Firewall ON as recommended by Microsoft and continued to run with the
Norton IS Firewall 2003 ON - again without apparent problem.

I have just installed today as an upgrade, Norton Internet Security
2005 which in its handbook positively instructs turning the XP
Firewall OFF to prevent conflict.

I have now found that my PC seems to operate without an apparent
problem whether the XP Firewall is ON or OFF,
so far as I have been able to check out using Outlook Express,
Internet Explorer and AceFTP3 (for website updates).

While running with 2 Firewalls seems instinctly safer, although
experts suggest it is pointless, are there any disadvantages ? e.g
potential conflict in the future or slower transfer speeds or
something else.
Your thoughts are welcome

Speug, 13 Oct 04
Click to expand...

Advantage:
- Windows Firewall loads earlier and reduces the window of opportunity
of vulnerability. This advantage is obviated if you use even a
simplistic inbound-only firewall in a NAT router.
- No monitoring and control over outbound connections. ALL programs get
immediate and unfettered outbound connections. Since you still leave
open channels into your computer (i.e., e-mail, HTTP downloads, etc.)
then any trojan you infect yourself with can connect without any
restriction.

Disadvantage:
- Having to manage multiple sets of rules, one for each firewall.
- Interference in port interception between competing firewalls.
- Increased delay as there is a doubling, or more, of packet inspection
by 2, or more, firewalls (every firewall incurs a hit in throughput
performance simply because of it inspecting the traffic).
- You use up more resources (memory, CPU cycles) in running a
superfluous firewall (because its features are included and bettered by
another concurrently running firewall).

Go read http://www.microsoft.com/athome/security/protect/firewall.mspx.

If you want multiple firewalls, get a NAT router with a simplistic
firewall in it (which is pretty much what Windows Firewall gives you
since few of the consumer-grade routers include outbound authentication)
and use a 3rd party software firewall on your host. Even the freebie
and crippled 3rd party firewalls are better than what you get with
Windows. I've even seen some users employ a multi-OS layered approach
where they have their Windows hosts going through a Linux host running a
firewall and then through a router and a hardware firewall, the idea
being that the hacker would first have to get through the hardware
firewall, then hack through the Linux-based software firewall, and then
hack into the Windows hosts and past their software firewall - but each
firewall is running on a separate host or device. Uffda! This can be a
setup, maintenance, and troubleshooting nightmare. Not something you
need for a typical home computer setup.
 
"Vanguardx" <see_signature> wrote in message

************************
Vanguardx,

Thanks your valued input.

Speug, 16 oct 04
 
Back
Top