XP Firewall; Need Norton Personal Firewall?

  • Thread starter Thread starter rdbr
  • Start date Start date
R

rdbr

I understand XP (I have the Home version) has its own firewall. If this is
correct (is it activated automatically?), then is there any need for the
Norton program?
Thanks.

Bob
 
rdbr said:
I understand XP (I have the Home version) has its own firewall. If this is
correct (is it activated automatically?), then is there any need for the
Norton program?
Thanks.

Bob
Click to expand...

Go to your connection/ Properties/ Advanced. Tick the box to activate the xp
firewall.
This will only block uninvited incoming. It does not block outgoing.
If you already have a Norton firewall why not use it ? You do not need to
use both.
I use the free version of ZoneAlarm firewall and Norton Antivirus. Passes
all system security checks
that I have tried with green ticks all the way. I do however have all ports
stealthed and I don't use file or printer sharing

Richard.
 
Greetings --

WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes. It doesn't give you any alarms to
tell you that it is working, though. What WinXP also does not do, is
protect you from any Trojans or spyware that you might download and
install inadvertently. It doesn't monitor out-going traffic at all,
much less block (or at least ask you about) the bad or the
questionable out-going packets.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even Symantec's Norton
Personal Firewall is superior by far, although it does take a heavier
toll of system performance then do ZoneAlarm or Sygate.

WinXP's built-in firewall is _not_ enabled by default; SP2 will
correct this. To enable/disable the built-in firewall, Start >
Network Connections > Right-click the connection > Properties >
Advanced > Protect my computer.....

HOW TO Enable or Disable Internet Connection Firewall in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q283673


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Hi!

I've been meaning to post this question, and I see from
your reply to "rdbr" that you're in tune with what I need
to know:

When I run a Symantec on-line Security Check, I pass with
pretty high marks, except for one:

I always get the message that I have one port open which
could be attacked. My questions are:

(1) Isn't it somewhat self-serving for Symantec to warn
me about an ICMP Ping? I mean, how can I run an "on-
line" security check *without* a port being open? (I'm
an intermediate newbie, so please excuse if this is a
dumb question.)

(2) If I want to "disguise" an open port, how would I do
this? I have my "zone security" customized to moderate
levels (per instructions from Tourbus) and I don't have
any problems surfing; however, I'd like to know how to
protect an individual port if this is indeed my
computer's only "vulnerable" area.
 
Regina said:
Hi!

I've been meaning to post this question, and I see from
your reply to "rdbr" that you're in tune with what I need
to know:

When I run a Symantec on-line Security Check, I pass with
pretty high marks, except for one:

I always get the message that I have one port open which
could be attacked. My questions are:

(1) Isn't it somewhat self-serving for Symantec to warn
me about an ICMP Ping? I mean, how can I run an "on-
line" security check *without* a port being open? (I'm
an intermediate newbie, so please excuse if this is a
dumb question.)

(2) If I want to "disguise" an open port, how would I do
this? I have my "zone security" customized to moderate
levels (per instructions from Tourbus) and I don't have
any problems surfing; however, I'd like to know how to
protect an individual port if this is indeed my
computer's only "vulnerable" area.
Click to expand...

Regina,

When you run an on line security check you give specific permission to let
your computer be scanned.
If all your ports are in stealth mode the only information the scanner can
report will be your IP address.
Here is a useful URL which tells you how to enable or disable ICMP echo
requests.
http://www.dslreports.com/faq/tweaks#3 Not allowing Pings makes your
computer that much more secure and does not have any bad effects . Should
you wish to respond to Pings you can always switch them back on. I leave
mine switched off all the time.

Richard
 
As has been mentioned, the firewall Windows XP uses (called Internet
Connection Firewall or ICF) only offers basic protection from hackers. The
free firewall from ZoneAlarm is better. However, Service Pack 2 (SP2) for
Windows XP will introduce a more powerful firewall that should offer more
protection. Unfortunately, SP2 probably won't be released for a few more
months.
 
When you run an on line security check you give specific
permission to let your computer be scanned.
If all your ports are in stealth mode the only
Click to expand...
information the scanner can report will be your IP
address.
Here is a useful URL which tells you how to enable or
Click to expand...
disable ICMP echo requests.

http://www.dslreports.com/faq/tweaks#3 Not allowing
Pings makes your computer that much more secure and does
not have any bad effects . Should you wish to respond to
Pings you can always switch them back on. I leave mine
switched off all the time.
Richard
Click to expand...

O.K. I read your link; thanks. Follow-up Q: if I
leave "allow..." UN-checked that puts the port in
Stealth mode? Then, if I understand you correctly, when
I want to run a security check, some window will ask me
if I want to "open" this port for just this one time?

_________________
PS re something slightly different:

When someone like you is responding to a post on this
board, do you have some system which allows you to track
if you've received a reply? (My boot-strap method is to
bookmark the page with the date and time I posted; then
search back through headers until I find it again. Is
there a simpler way? Thanks, Regina)
 
I followed the instructions, and here's what I found:

(1) Under Settings, under FTP server, only "msmsgs 13561
TCP" and "msmsgs 9999 UDP" are checked off; does this
mean all other ports are closed? Or am I in the wrong
place?

(2) Under the ICMP tab, *none* of the "allow..." boxes
are checked as it stands right now. So, what un-
stealthed port was Symantec finding? It would seem to me
that I already have everything pretty much secure?
 
Regina said:
I followed the instructions, and here's what I found:

(1) Under Settings, under FTP server, only "msmsgs 13561
TCP" and "msmsgs 9999 UDP" are checked off; does this
mean all other ports are closed? Or am I in the wrong
place?

(2) Under the ICMP tab, *none* of the "allow..." boxes
are checked as it stands right now. So, what un-
stealthed port was Symantec finding? It would seem to me
that I already have everything pretty much secure?
Click to expand...


The test to find out which ports are open is to go to a test site ,such as
Symantec, for a security check.
The test will report in detail which ports are, open, closed or stealthed.
There is no need to open any ports to have the test done.
Unless you use MSM Messenger there is no need to have those ports open.

Regarding your PS. You are presumably using a web based newsreader. I cannot
comment as I use Outlook Express which I find much more manageable. There
are many others about but I find OE satisfactory for my purposes.

We have in the last few posts broken some rules .
The original thread was Hijacked. The subject title has been changed.
Welcome to the sometimes cruel world Usenet :-))

Richard.
 
HistoryFan said:
As has been mentioned, the firewall Windows XP uses (called Internet
Connection Firewall or ICF) only offers basic protection from hackers. The
free firewall from ZoneAlarm is better. However, Service Pack 2 (SP2) for
Windows XP will introduce a more powerful firewall that should offer more
protection. Unfortunately, SP2 probably won't be released for a few more
months.
Click to expand...

One caution about ZoneAlarm.

Many technical support departments, including those at some Internet
Service Providers, will not provide technical assistance for Internet
access or connection related problems so long as Zone Alarm is
installed on the machine. Some will provide help if Zone Alarm is
totally disabled and the problem is shown to still exist while others
insist that Zone Alarm be completely uninstalled and the computer
rebooted before they will help with the problem.


Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

"The reason computer chips are so small is computers don't eat much."
 
Back
Top