Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Secure is Windows Firewall?

Posted by michael on from the better-than-nothing dept.

Garret writes "Though Microsoft is doing their part in protecting Windows users from internet attacks by including a firewall in their latest service pack, one has to wonder just how secure is the Windows Firewall from XP Service Pack 2? Not too good according to Flexbeta. Their recommendation is to turn off Windows Firewall and get an alternative such as ZoneAlarm or Sygate PF. Simply the fact that Windows Firewall can be turned off by another application is enough to tell me Microsoft has goofed again." PCWorld also has a story about the new firewall capability.

12 of 620 comments (clear)

  1. Zone Alarm? Blech by Anonymous Coward · · Score: 5, Informative

    Kerio Personal Firewall is much much better.

    1. Re:Zone Alarm? Blech by timothv · · Score: 5, Informative

      I agree. Kerio PF (even the post-trial free version) is a great tool for Windows. I've only had a problem with it on Windows ME (don't ask) where it made the system unbootable except to safe-mode.

    2. Re:Zone Alarm? Blech by identity0 · · Score: 4, Informative

      I use Tiny persoanl firewall.

      It's great because it detects any program that tries to connect to the internet from your PC, and pops up a window asking you if you want to allow the program to connect, or to block it, and if you want to set up a rule for future attempts. It also detects connection attempts from the outside, and asks you about those too. Best windows security tool I've seen.

    3. Re:Zone Alarm? Blech by T-Kir · · Score: 4, Informative

      After an 'Ask Slashdot' a while back asking for the first apps you put on a Windows system.. I had ZoneAlarm in there, until someone suggested that I try Kerio. I've been a Kerio user ever since. The only issue I've found is that if you have a load of connections and the Low Rated intrusions are written to the log file, the GUI will slow right down and crash.

      The best thing about Kerio is the ability to keep track of rogue componants trying to activate other componants and other programs, whereas that was only available in ZA Pro. I also love the Ad Blocking/filtering. I recently installed ZA for someone who'd just got DSL, and noticed a big overhaul in options from the previous version. But I never really looked into what ZoneLabs have done with it because I'm a happy Kerio user. ZoneAlarm is good enough for Joe User (after doing some initial setup first).

      Mind, I installed SP2... and it doesn't have Kerio on it's 3rd party firewall list, so it'll activate its own (which promptly got disabled by moi).

      --
      Are you local? There's nothing for you here!
  2. Re:Hardware Firewall by bitslinger_42 · · Score: 4, Informative

    Granted, I am ultra-paranoid, but I run a combination. I use the hardware firewall to deal with most inbound attacks, and then I also run a software firewall (Kerio for technical users who understand networking, ZoneAlarm for my father) to keep track of what software on my PC is doing. Really good for stuff like that crappy Real Player that constantly wants to phone home. Also keeps track of executable checksums to let me know if a program has been replaced. Sure, its a bit noisy when setting up the software firewall, but once it was properly configured, I almost never get messages from it that I'm not expecting.

  3. Re:Of course. by EvilNTUser · · Score: 4, Informative

    "Basic clue about CS -- it's a good thing."

    Definitely. And while we're at it, maybe we should send the flexbeta editors a one-line shell script that'll disable the OpenBSD packet filter. I'm sure watching their heads explode would be fun.

    What the hell do users expect if they run trojans under admin-accounts... "the API used to manage the Windows Firewall could also be used by attackers to modify the software or turn it off." Ya think??

    --
    My Sig: SEGV
  4. Re:Um.... wait a second. by davidstrauss · · Score: 4, Informative
    the XP firewall gives no warning when something kills it

    Wrong. The security console, by default, will pop up a warning that the firewall is inactive. I've seen this myself when diabling the firewall for even a single connection. The only way to disable the warning is to turn off firewall status monitoring.

  5. Lay off Microsoft by wwahammy · · Score: 4, Informative

    For god sakes, what do you expect of them? They are not in this to make slashdotters safer, they know we can defend ourselves just fine. They have a firewall that, while not perfect, is easy enough for the average and new user to use and provides a decent amount of protection. No its not the second coming but I don't think they ever intended it to be. They did what needed to be done and I applaud them for their effort and end product.

    MS bashing on here never bothered me until SP2 came out when A LOT of people mainly wrote it off as crap. They did a damn good job this time and a lot of you people should stop bitching about them.

  6. Re:SP2 is a security hole in itself. by gnu-generation-one · · Score: 3, Informative

    "I am certain there will be office techs who have to install SP2 on more than one machine in a day who will leave the machine unattended while they start the install on others. That means that am office drone could see the reboot dialog, click OK, and wind up being presented with a dialog that changes an administrative setting."

    Install nearly any type of linux, but let's say Mandrake...

    (1) Do all the configuration stuff

    (2) Choose the software you want

    (3) Get several cups of coffee while it spends an hour and a half copying stuff from CDs (or downloading from the web, or compiling...)

    (4) Return to find that it's finished, and is prompting you to set your administrator password

  7. Re:I turned it off. by Foolhardy · · Score: 3, Informative

    Wrong. Process Explorer tells me that the firewall and security center are hosted in the main svchost process, along with 21 other services. With the SharedAccess (firewall) and wscsvc (Security Center) services stopped, that svchost was using 18,872k of private memory. With both of them running, the process was using 19,108k of private memory, a difference of 236k. The services are implemented in DLLs so they are considered shared memory: the Securty Center binary (wscsvc.dll) is 80k and the firewall binary (ipnathlp.dll) is 323k. That's a total 639k of memory used by the firewall and security center on my computer (xpsp2). Hardly 20mb.

    I'm curious; how did you come up with the 20mb number?

  8. Re:Three letters by Sentry21 · · Score: 4, Informative

    on an interesting note, apparantly, my entire system is 'stealthed' (or at least the first 1056 ports of it are) - yay me. Shields Up thinks this is 'very cool'. I'm inclined to agree, since the only firewall I have running is the built-in Windows firewall. This is a fresh, as-of-yet untweaked version of Windows XP, with only the messenger service turned on, and Shields Up was unable to get any information whatsoever on my machine, excepting a ping reply.

    My roommate's computer, which is installed pretty much the same as my own, minus SP2, is reporting all kinds of information - computer name, workgroup, and a ton of open ports - to the ShieldsUp scanner.

    I just thought I'd mention that, since the only thing I have installed that could be closing these ports and fixing things up is SP2 and the Firewall.

    --Dan

  9. Re:Stealth? *ARGGGH* by Shanep · · Score: 4, Informative

    Your statement that there's _nothing_ wrong with security through obscurity (whether it's all you got or not) is a very dangerous statement to stand behind, which is why I suspect you posted as an AC.

    I have worked for military, top tier financial and law enforcement entities (I am not the AC poster, BTW). In the military, no matter how high your security clearance is, if you don't "need to know" something to carry out the job at hand, then you will not get to know it. If you do need to know it and have a high enough clearance, then you will get to know it. That is a security through obscurity policy that helps to make a nation safer.

    If a military satelite communications system uses some hypothetically perfect authentication and encryption, then would there be any good reason to publish to the World the specifications of the control codes? No, there would be no good reason, so it should not be made public, regardless of the fact that the crypto is supposed to be perfect. "More eyes looking at the code" would not be good enough in this instance.

    Obscurity techniques that lead to higher security, does get used and should get used. Because they usually add a layer of security.

    The problem here, is that YOU, along with a lot of others around here, think of "security through obscurity" in the same weak light.

    Security through weak obscurity is bad. Relying on it, is unforgivable.

    As I said in another post, passwords and encryption are obscurity methods that can be strong.

    --
    War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?