Member Avatar for majje

Can somone please explain why I should use a third party firewall instead of the one shipped with win XP.

What benefits or security enhancements comes with using Norton or some other firewall, wich you therefore will miss when using the XP firewall?

Isn't the XP firewall secure enough?

  • 3 Contributors
  • 7 Replies
  • 231 Views
  • 7 Hours Discussion Span
  • Latest Post Latest Post by )BIG"B"Affleck

Recommended Answers

All 7 Replies

Member Avatar for )BIG"B"Affleck

Can somone please explain why I should use a third party firewall instead of the one shipped with win XP.

What benefits or security enhancements comes with using Norton or some other firewall, wich you therefore will miss when using the XP firewall?

Isn't the XP firewall secure enough?

Ok, because it only monitors inbound trafic for one.

The average user with a bit of knowledge will start the firewall and believe they are secure. I tend to believe that no matter what, nothing is actually secure, their are only steps that can be taken to prevent something from happening.

for two, it has no idea about connection state, second, it is very limited in that it only allows for port and protocol filtering from the "outside" and not much else. It lends little control to properly secure your environment. It has no ability to track connection state, it has no concept of inside vs. outside, it is used for securing ports (and I use that term lightly), it cannot analyze packets thoroughly (other than the protocol), it has no protection for outbound connections and the list goes on. Do yourself a favor and look into something more robust. You'll be happier in the end. I'd look at IPTABLES in any distro, or look into an appliance like Cisco PIX, etc.
www.linuxiso.org

http://grc.com/x/ne.dll?rh1dkyd2
Another thing I would like to add to this discussion is that it doesn't report ports as 'stealth' instead it reports ports as 'closed'. Sygate reports all none used ports as 'stealth' for example.
If you use a nmap scan on it, whether it be a syn scan or one of the other scans., it reports the host as being 'up'.
Why is this bad ?
If a port is in the state closed and you send a packet to it it will respond to that packet. For example with a 'res' packet. The packets contain overhead that can give information on the system.
Another thing is that you get no information. It does not tell you what is happening.
And being unable to block outgoing connections is just plain bad.
In my opinion you can better use a (free) third party firewall like sygate, kerio or outpost ect.....
Remember to disable the built in firewall if you choose to use a third party one.

Member Avatar for majje

Ok, because it only monitors inbound trafic for one.

But if you scan you PC for virus and trojans and stuff at a regular basis then you should be quite sure that you are safe anyway? I mean, if i dont have any malicious stuff on my PC, do I need outbound traffic control?

Member Avatar for Dani

Actually Big "B" some good news ... the newest version of Windows XP's firewall will monitor both inbound and outbound traffic. I'm pretty sure it will be bundled with Windows XP SP2 which has not yet been released. However, Big B is correct, the most recent available version of the Windows XP firewall wants to let Windows talk out to everyone - including Microsoft. This is bad because it doesn't block spyware on your machine from talking out.

Other more advanced firewall software allows you to setup rules of exactly what can come in and exactly what can go out. It's extremely more flexible. To be perfectly honest, I'm not a huge fan of Norton Personal Firewall. I have used a few versions in the past and found the thng to be bloated and riddled with bugs and registry errors.

I have heard that Tiny Firewall and a few others are really nice.

Member Avatar for Dani

But if you scan you PC for virus and trojans and stuff at a regular basis then you should be quite sure that you are safe anyway? I mean, if i dont have any malicious stuff on my PC, do I need outbound traffic control?

If you installed something that monitored outbound traffic and set up the firewall to notify you each time it does, you'll be amazed what wants to talk out. You think only viruses and spyware talk out? AOL Instant Messenger unnecessarily calls back to Netscape all the time ... Windows calls back to Microsoft every X number of minutes you use your machine, tons and tons of legit programs are constantly datamining and sending their findings back to their manufactuers - how long you use the programs for, when they were last loaded on your machine, tons and tons of info! Not to mention that it is 2-way communication every time you load a webpage. What if you stumble upon some website somewhere which a virus/trojan program doesn't pick up, but which contains an ActiveX control to get some info off your hard drive. You'd never know!

Member Avatar for )BIG"B"Affleck

*edit above* Through with buggy code shipped default by windows with false sense of security. User error can be fatal. With any OS Windows, OpenBSD ,slackware ect.....

Member Avatar for majje

Well I guess you're right, i'll better stick to a third party firewall. It's just that I get so frustrated at times with Norton. Like now, 1 hour ago the firewall asked if a certain IP should be allowed to access my PC. Of cource i turned the request down, as always, but after that Internet Explorer cant access Internet, so I instead disabled Norton and enabled the XP firewall.

But I think I'll try another firewall instead of figuring out what the **** happened....

Thanks

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.