Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Secure is Windows Firewall?

Posted by michael on from the better-than-nothing dept.

Garret writes "Though Microsoft is doing their part in protecting Windows users from internet attacks by including a firewall in their latest service pack, one has to wonder just how secure is the Windows Firewall from XP Service Pack 2? Not too good according to Flexbeta. Their recommendation is to turn off Windows Firewall and get an alternative such as ZoneAlarm or Sygate PF. Simply the fact that Windows Firewall can be turned off by another application is enough to tell me Microsoft has goofed again." PCWorld also has a story about the new firewall capability.

7 of 620 comments (clear)

  1. MS shot themselves in the foot with IE by jrockway · · Score: 4, Interesting

    I think there's a reason for this. If M$ put a good firewall and good virus scanner in XP, they would be using their monopoly position to put third-party anti-virus and firewall software companies out of business. They wouldn't be doing this intentionally, but it doesn't matter. That whole incident with IE fucked them over.

    If M$ could go back a few years, they would see that not putting IE in the OS would have avoided all the anti-trust problems AND made windows more secure. LOL at M$.

    --
    My other car is first.
  2. No outbound blocking by dj245 · · Score: 5, Interesting
    The reason there is no outbound blocking is because XP Firewall is for the average user. Not the average Slashdot user. The average user can't determine whether Claria should be given internet rights or not. We know better.

    So for average users XP firewall is a good thing since you don't have to know anything, but we (Slashdot users and internet savvy) demand more.

    --
    Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
  3. Re:SP2 is a security hole in itself. by ChrisKnight · · Score: 4, Interesting

    Yes, I was there, but how difficult would it have been to make the final dialog box before reboot state that the machine needed to reboot, and be logged into the Administrator account to finish the install?

    I am certain there will be office techs who have to install SP2 on more than one machine in a day who will leave the machine unattended while they start the install on others. That means that am office drone could see the reboot dialog, click OK, and wind up being presented with a dialog that changes an administrative setting.

    They took the easy path. The easy path is rarely the secure path. You can't assume that the admin will be there for the reboot unless you inform the admin it is necessary.

    -Chris

    --
    -- This sig is only a test. If this were a real sig it would say something witty. --
  4. I question their results.. by datajack · · Score: 4, Interesting
    I've never used Windows Firewall (or XP or that matter), but their port scanning results look inconsistent to me. There should not be such a difference between the TCP Connect scan and the TCP SYN scan.

    I want to cover a few definitaions that aren't in the article. If they are using different definitions for these terms, they are going to confuse a lot of people (and may be confused themselves).

    1. 'Stealthed' port - yeuch, I don't like that name, but I assume that is where a probe to a port illicits no response from the remote host
    2. 'Closed' port - where the host returns the correct 'not available' response. In the case of TCP, this is a packet with the ACK and RST flags set.
    3. 'Connect Scan' - A port-scan that performs the full TCP three phase TCP connection handshake. Usually only performed when you don't have rights to perform a SYN scan.
    4. 'SYN Scan' - A port scan that only sends the initial SYN packet of the TCP handshake and bases it's result on the response.

    For the 'Connect' scan, the tester will have sent a 'SYN' packet to the port being tested. The 'Stealthed' ports will have sent back no response at all. The 'Closed' ports will have sent back an ACK/RST packet.

    For the 'SYN' scan, the tester will have sent a 'SYN' packet to the port being tested. The 'Stealthed' ports will have sent back no response at all. At this point, the 'SYN' scan is identical to the 'Connect' scan, so the 'closed' ports should have sent back ACK/RST.
    This leads me to believe that either the testers system was broken, the target system firewall was in a different state during the SYN scan, or there is something really weird going on there.

    As for the 'Turning Off' claim, that appears to be when the user or process has admin rights. As with the ludicrous Trend Anti-Virus 'vulnerability' posted to Bugtraq last week, it's unreasonable to expect software to 'defend' against being reconfigured or turned off by an authorised administrator.


    I've just realised I'm defending M$ here :o
    /me runs & hides
  5. Market Comparison: OS X Internet Firewall by CdBee · · Score: 4, Interesting

    Mac OSX has a firewall supplied which does exactly the same - inbound connections only with an option to open ports for file sharing, remote desktop etc... except NOT enabled by default.
    Again, if you're using it for serious stuff you'd add a hardware FW at the network perimeter.

    --
    I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
  6. Sort of Missing the Point... by Blic · · Score: 4, Interesting

    For the most part, if you're a savvy user you already have firewall software or are protected in some other fashion. What SP2 is aimed at is the unwashed masses who just have their Best Buy and Walmart boxes directly connected to the Internet with no protection at all.

    If anyone reading Slashdot *needed* SP2 to make their XP system secure you should be ashamed of yourself. =)

    So while it's not perfect, it's a situation where anything helps.

    This also leaves the door open for other vendors who want to provide better or different firewall solutions. Ditto with not adding AV software.

    Remember, unlike Apple and Linux distros MS can't bundle much into their OS unless they want to get dragged back to court...

  7. Insecurity: A People Problem Tech Won't Solve by reallocate · · Score: 4, Interesting

    The vast majority of computer users -- Windows, Linux, OS X -- lack the knowledge to correctly configure a firewall. They also lack the will and intent to acquire that knowledge. Almost all computer users don't have the foggiest notion of how IP networks function, and will never acquire that knowledge.

    Badmouthing Microsoft for rolling out a less-than-perfect firewall is more than a bit hypocritical when much of it comes in the form of kneejerk ritualistic abuse from open source users who couldn't implement a firewall if it involved anything more complicated than selected "Yes" during their Linux installation.

    Insecurity on the network is, in the end, a human problem. Computers do what they're told. The only effective solution is to go after the behavior and the people who cause the insecurity.

    --
    -- Slashdot: When Public Access TV Says "No"