Greetings --
The "next generation" Windows Firewall included with SP2, while
vastly superior to the original ICF in terms of visibility, usability
and configurability, is still rather lacking, as a solid security
component. It still can't supplant 3rd-party solutions, nor is it
intended to do so; rather, it's intended to complement them. And, like
the original ICF, it will not monitor out-going traffic.
It's most important virtues, I think, are it's improved
compatibility with internal LANs and its configurability via group
policies. Now, there's a simple, cheap tool that system admins can
use to protect the LAN workstations from that occasional - but not
rare enough - fool who manages to bypass the perimeter firewall and
manually install some malware that could then spread throughout the
LAN via shared drives.
WinXP's built-in firewall is _adequate_ at stopping incoming
attacks, and hiding your ports from probes. What WinXP also
does not do, is protect you from any Trojans or spyware that you (or
someone else using your computer) might download and install
inadvertently. It doesn't monitor out-going traffic at all, other
than to check for IP-spoofing, much less block (or at even ask you
about) the bad or the questionable out-going signals. It assumes that
any application you have on your hard drive is there because you want
it there, and therefore has your "permission" to access the Internet.
Further, because the ICF is a "stateful" firewall, it will also assume
that any incoming traffic that's a direct response to a Trojan's or
spyware's out-going signal is also authorized.
ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even the commercially
available Symantec's Norton Personal Firewall is superior by far,
although it does take a heavier toll of system performance then do
ZoneAlarm or Sygate.
SP2's Windows Firewall is intended to complement
3rd-party firewalls, so it won't hurt anything to leave it enabled
whilst using another software firewall, but it also won't do much
good, except as extra "insurance."
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH