Windows firewall

[Guest]

I am a newcomer to the world of computers, can anyone tell me if I need a
seperate firewall to the windows one? I am running XP SP2 and I have a cable
connection.
Thanks for your help

 

[B. Nice]

I am a newcomer to the world of computers, can anyone tell me if I need a
seperate firewall to the windows one? I am running XP SP2 and I have a cable
connection.
Thanks for your help

As a newcomer, You certainly don't.

You are well protected using the windows firewall, as long as You
don't install or run all kinds of questionable software.

And by the way, if You intend to do that, a seperate firewall will not
help You anyway.

/B. Nice

 

[Bruce Chambers]

I am a newcomer to the world of computers, can anyone tell me if I need a
seperate firewall to the windows one? I am running XP SP2 and I have a cable
connection.
Thanks for your help

Unless you're an exceedingly cautious and paranoid expert user, and no
one else ever uses your computer, you really should have better protection.

WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes. What WinXP SP2's firewall does not
do, is provide an important additional layer of protection by informing
you about any Trojans or spyware that you (or someone else using your
computer) might download and install inadvertently. It doesn't monitor
out-going network traffic at all, other than to check for IP-spoofing,
much less block (or at even ask you about) the bad or the questionable
out-going signals. It assumes that any application you have on your
hard drive is there because you want it there, and therefore has your
"permission" to access the Internet. Further, because the Windows
Firewall is a "stateful" firewall, it will also assume that any incoming
traffic that's a direct response to a Trojan's or spyware's out-going
signal is also authorized.

ZoneAlarm or Kerio are much better than WinXP's built-in firewall,
in that they do provide that extra layer of protection, are much more
easily configured, and have free versions readily available for
downloading. Even the commercially available Symantec's Norton Personal
Firewall provides superior protection, although it does take a heavier
toll of system performance then do ZoneAlarm or Kerio.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and every
computer user to learn how to secure his/her own computer.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

 

[Bruce Chambers]

As a newcomer, You certainly don't.

You are well protected using the windows firewall, as long as You
don't install or run all kinds of questionable software.

Nothing like giving a newcomer a completwely *FALSE* sense of security,
is there? What particular flavor of malware do you distribute? That
can be the only reasonable explanation for why you don't want people to
be better protected.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

 

[B. Nice]

Nothing like giving a newcomer a completwely *FALSE* sense of security,
is there?

No. I don't understand why You keep doing it.

What particular flavor of malware do you distribute?

Running out of arguments?

That can be the only reasonable explanation for why you don't want people to
be better protected.

From
http://www.microsoft.com/technet/technetmag/issues/2006/05/SecurityMyths/default.aspx

Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe.

Speaking of host firewalls, why is there so much noise about outbound
filtering? Think for a moment about how ordinary users would interact
with a piece of software that bugged them every time a program on
their computer wanted to communicate with the Internet. What would
such a dialog box look like? "The program NotAVirus.exe wants to
communicate on port 34235/tcp to address 207.46.225.60 on port
2325/tcp. Do you want to permit this?" Ugh! How would your grandmother
answer that dialog box? Thing is, your grandmother just got an e-mail
with an attachment that promises some rather sexy naked dancing pigs.
Then this crazy dialog box appears. We promise: when the decision is
between being secure and watching some naked dancing pigs, the naked
dancing pigs win every time.

The fact is, despite everyone’s best efforts, outbound filtering is
simply ignored by most users. They just don’t know how to answer the
question. So why bother with it? Outbound filtering is too easy to
bypass, too. No self-respecting worm these days will try to
communicate by opening its own socket in the stack. Rather, it’ll
simply wait for the user to open a Web browser, then hijack that
connection. You’ve already given the browser permission to
communicate, and the firewall has no idea that a worm has injected
traffic into the browser’s stream.

Outbound filtering is only useful on computers that are already
infected. And in that case, it’s too late—the damage is done. If
instead you do the right things to ensure that your computers remain
free of infection, outbound filtering does nothing for you other than,
perhaps, to give you a false sense of being more secure. Which, in our
opinion, is worse than having no security at all.

 

[B. Nice]

Unless you're an exceedingly cautious and paranoid expert user, and no
one else ever uses your computer, you really should have better protection.

Do You have a background in marketing? ;-)

Please explain how a personal firewall in itself provides good
protection when someone else is using Your machine. And keep our
newcomer in mind.

Ultimately, it is incumbent upon each and every
computer user to learn how to secure his/her own computer.

Finally something we can agree on. We just don't agree on the means.

 

[Bruce Chambers]

No. I don't understand why You keep doing it.


Running out of arguments?

No. it's just the only explanation I can think of for the otherwise
patently absurd position you've taken.

From
http://www.microsoft.com/technet/technetmag/issues/2006/05/SecurityMyths/default.aspx

Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe.

Ah! So your whole point boils down to the fact that you, like
Microsoft, think people are basically too stupid and/or lazy to properly
use a real firewall. No doubt many are, but I'll continue posting more
useful information for the benefit those that are actually willing to
learn how to manage their own computers, rather than relying on a best
wishes of a corporation driven primarily by profit. (And quoting
Microsoft, given their world renowned stature in the IT security
community, hurt your argument more than anything I could possibly have
said. Thank you.)


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

 

[Bruce Chambers]

Finally something we can agree on. We just don't agree on the means.

How do we agree? You prefer and recommend that people just trust
Microsoft (who's never produced a buggy product, yet) and rely solely on
the Windows Firewall.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

 

[B. Nice]

No. it's just the only explanation I can think of for the otherwise
patently absurd position you've taken.

If my advice for a *newcomer* to stick with the windows firewall and
otherwise behave properly is absurd, then Your argument about him or
her having to install a personal firewall is totally ridiculous.

You seem so stuck in Your own preconceived opinions that You have
become immune to others.

Ah! So your whole point boils down to the fact that you, like
Microsoft, think people are basically too stupid and/or lazy to properly
use a real firewall.

That's Your translation.

Real life has proven that personal firewalls don't add real security
and are easy to circumvent. For a *newcomer* as is the case here, it
is especially true, but has nothing to do with stupidity. I guess Your
use of the term stupid says more about You then about me.

No doubt many are, but I'll continue posting more
useful information

Great. When will You start?

for the benefit those that are actually willing to
learn how to manage their own computers

All are willing to learn, but asking a *newcomer* to jump directly
into using a personal firewall is just ridiculous.

What users need is good advice on how to act properly. When You drive
a car, You better go by the rules. Same applies to computing and
internet. Adding an extra airbag really does'nt solve the problem,
does it?

, rather than relying on a best
wishes of a corporation driven primarily by profit.

If You have a hard time with MS, feel free to not use windows at all.
It's Your choice.

By the way, why are You promoting the use of "security products" from
companies primarily driven by profit?

(And quoting Microsoft, given their world renowned stature in the IT security
community, hurt your argument more than anything I could possibly have
said. Thank you.)

In fact I don't quote microsoft for the sake of qouting them.

But since You have previously been so kind to let me know how horrible
my english skills are, instead of writing it myself, I chose to quote
an article that just happens to share my opinions. It has nothing to
do with the fact that it is from an MS guy.

 

[B. Nice]

How do we agree? You prefer and recommend that people just trust
Microsoft (who's never produced a buggy product, yet) and rely solely on
the Windows Firewall.

You very elegantly avoided answering my question.