Windows XP firewall

[DJS0302]

How good is the built in software firewall that comes with Windows XP? I don't
have a modem yet but I'll be using a dial up connection. I've had my other
computer for over 7 years (the one I'm typing this message on) and I have never
used any sort of antivirus or firewall protection whatsover. I'm not worried
about things like e-mail viruses because I know better than to open unknown
attachments. I am concerned about things like worms and other nasty things
that unscrupulous people can put on your computer without your knowledge or
consent.

 

[Ken Blake, MVP]

In

How good is the built in software firewall that comes with Windows
XP?

It's OK, but it has two distinct disadvantages: it monitors
incoming traffic only, and it's not as configurable as other
choices. For those reasons, I use the free version of ZoneAlarm
instead.

I don't have a modem yet but I'll be using a dial up connection.
I've had my other computer for over 7 years (the one I'm typing this
message on) and I have never used any sort of antivirus or firewall
protection whatsover. I'm not worried about things like e-mail
viruses because I know better than to open unknown attachments. I am
concerned about things like worms and other nasty things that
unscrupulous people can put on your computer without your knowledge
or consent.

You are wise to be concerned. You are almost guaranteed to get
Blaster, Sasser, etc. within a few minutes of going on the
internet without a firewall.

 

[Bruce Chambers]

Greetings --

WinXP's built-in firewall is _adequate_ at stopping incoming
attacks, and hiding your ports from probes. It doesn't give you any
alarms to tell you that it is working, though. Nor is it very easily
configurable. What WinXP also does not do, is protect you from any
Trojans or spyware that you (or someone else using your computer)
might download and install inadvertently. It doesn't monitor
out-going traffic at all, other than to check for IP-spoofing, much
less block (or at even ask you about) the bad or the questionable
out-going signals. It assumes that any application you have on your
hard drive is there because you want it there, and therefore has your
"permission" to access the Internet. Further, because the ICF is a
"stateful" firewall, it will also assume that any incoming traffic
that's a direct response to a Trojan's or spyware's out-going signal
is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even Symantec's Norton
Personal Firewall is superior by far, although it does take a heavier
toll of system performance then do ZoneAlarm or Sygate.


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Alex Nichol]

How good is the built in software firewall that comes with Windows XP? I don't
have a modem yet but I'll be using a dial up connection.

It is effective for blocking incoming assaults (which is really the item
that matters), but does nothing about 'trojans' or 'spyware' phoning out
- for those you need a third party firewall, but using good AV and
antispyware to keep the system clean is probably as good for that side
of things.

The XP one has to be enabled - do so before connecting to the net for a
moment. And before connecting I would also get the update Security CD
which you can order for free from
http://www.microsoft.com/security/protect/cd/order.asp

(It also has a CD for a years free trial of a rather good Antivirus
program). And also download the patch for the Sasser worm from
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
clicking the download button in the fifth item in Affected Software

Run those, then in Network Connections right click the dial up
connection you have made, Properties - Advanced and check the top box
'Protect my computer'. Then you can go on line in reasonable safety to
get later patches