If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
"Alias" wrote in message =
... =20 "John R. Copeland" wrote "Mark Lloyd" wrote Notice that the XP firewall is incoming-only, and provides much less protection than a good firewall. Mark Lloyd No, Mark. You're describing the old Internet Connection Firewall. The Windows Firewall in XP intercepts both incoming and outgoing = traffic. ---JRC--- =20 No it doesn't and it doesn't to avoid law suits like what happened = with=20 Internet Explorer. Please do your research before you post false=20 information. =20 Thanks =20 Alias =20 Alias: Perhaps there's a fine distinction about intercepting which I missed. But the Windows Firewall offers a level of protection many people complained was absent in the Internet Connection Firewall. The ICF was vulnerable to a Trojan Horse, which could establish internet connections without drawing much attention to itself. Just for you, I set up a small test to get something from the internet, but purposely did not create the appropriate exception in the firewall. When I ran my little test, which I called Alias, here's a verbatim transcript of the resulting dialog box: { Windows Security Alert To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to keep blocking this program? Name: Alias Publisher: Unknown - Keep blocking - Unblock - Ask Me Later Windows Firewall has blocked this program from accepting connections from the Internet or a network. If you recognize the program or trust = the publisher, you can unblock it. } You may rightly point out that the firewall claims to have blocked the program from *accepting* connections, but it was my little Trojan which ended up being blocked. I think that's good, and the old firewall didn't do that. Now, since I'm not about to write a mass-mailing worm, I'll leave that up to somebody else to test against the firewall. ---JRC--- |
#12
|
|||
|
|||
Alias wrote:
Notice that the XP firewall is incoming-only, and provides much less protection than a good firewall. No, Mark. You're describing the old Internet Connection Firewall. The Windows Firewall in XP intercepts both incoming and outgoing traffic. No it doesn't and it doesn't to avoid law suits like what happened with Internet Explorer. Please do your research before you post false information. The XP firewall inspects both ways. |
#13
|
|||
|
|||
heheheh remain alias cause your making yourself look stupid. SP1 and
SP2 firewalls are dramatically different. Although I still would rather have sygate or whatever instead. "Alias" wrote in message ... "John R. Copeland" wrote "Mark Lloyd" wrote Notice that the XP firewall is incoming-only, and provides much less protection than a good firewall. Mark Lloyd No, Mark. You're describing the old Internet Connection Firewall. The Windows Firewall in XP intercepts both incoming and outgoing traffic. ---JRC--- No it doesn't and it doesn't to avoid law suits like what happened with Internet Explorer. Please do your research before you post false information. Thanks Alias |
#14
|
|||
|
|||
"Z" wrote in message ... : Alias wrote: : Notice that the XP firewall is incoming-only, and provides much less : protection than a good firewall. : : No, Mark. You're describing the old Internet Connection Firewall. : The Windows Firewall in XP intercepts both incoming and outgoing traffic. : : No it doesn't and it doesn't to avoid law suits like what happened with : Internet Explorer. Please do your research before you post false : information. : : The XP firewall inspects both ways. If you say so ... but, you're wrong. Search xp.general with Google and you will find posts like these: Hi The XP SP2 doesn't monitor outgoing access to the internet. You will need to install a 3rd party '2-way' Firewall such ZoneAlarm. -- Will Denny MVP - Windows Shell/User Please reply to the News Groups Greetings -- The "next generation" Windows Firewall included with SP2, while vastly superior to the original ICF in terms of visibility, usability and configurability, is still rather lacking, as a solid security component. It still can't supplant 3rd-party solutions, nor is it intended to do so; rather, it's intended to complement them. And, like the original ICF, it will not monitor out-going traffic. It's most important virtues, I think, are it's improved compatibility with internal LANs and its configurability via group policies. Now, there's a simple, cheap tool that system admins can use to protect the LAN workstations from that occasional - but not rare enough - fool who manages to bypass the perimeter firewall and manually install some malware that could then spread throughout the LAN via shared drives. WinXP's built-in firewall is _adequate_ at stopping incoming attacks, and hiding your ports from probes. What WinXP also does not do, is protect you from any Trojans or spyware that you (or someone else using your computer) might download and install inadvertently. It doesn't monitor out-going traffic at all, other than to check for IP-spoofing, much less block (or at even ask you about) the bad or the questionable out-going signals. It assumes that any application you have on your hard drive is there because you want it there, and therefore has your "permission" to access the Internet. Further, because the ICF is a "stateful" firewall, it will also assume that any incoming traffic that's a direct response to a Trojan's or spyware's out-going signal is also authorized. ZoneAlarm, Kerio, or Sygate are all much better than WinXP's built-in firewall, and are much more easily configured, and there are free versions of each readily available. Even the commercially available Symantec's Norton Personal Firewall is superior by far, although it does take a heavier toll of system performance then do ZoneAlarm or Sygate. SP2's Windows Firewall is intended to complement 3rd-party firewalls, so it won't hurt anything to leave it enabled whilst using another software firewall, but it also won't do much good, except as extra "insurance." Bruce Chambers The inbuilt one does a perfectly good job of blocking probes from the outside. But it is not easy to configure where there may be exceptions you need to make, and especially if these are relevant to just one program. Nor does it do anything at all about nasties that get on your machine trying to 'phone home'. So a separate product is better - and generally the free version of Zone Alarm from www.zonelabs.com is quite adequate -- Alex Nichol MS MVP (Windows Technologies) Bournemouth, U.K. The XP firewall compares quite well with Zone Alarm and the others insofar as blocking incoming traffic is concerned. As others have explained, it has no ability to block outgoing traffic, such as that generated by spyware and/or trojans, and so if that is also a concern of yours then you would be better served by another product. Good luck Ron Martell Duncan B.C. Canada -- Microsoft MVPSoooo, you were saying?Alias |
#15
|
|||
|
|||
"JAD" wrote : heheheh remain alias cause your making yourself look stupid. SP1 and : SP2 firewalls are dramatically different. Although I still would : rather have sygate or whatever instead. You're the ones making yourselves look stupid. From a cursory search of news:microsoft.public.windowsxp.general: Hi The XP SP2 doesn't monitor outgoing access to the internet. You will need to install a 3rd party '2-way' Firewall such ZoneAlarm. -- Will Denny MVP - Windows Shell/User Please reply to the News Groups Greetings -- The "next generation" Windows Firewall included with SP2, while vastly superior to the original ICF in terms of visibility, usability and configurability, is still rather lacking, as a solid security component. It still can't supplant 3rd-party solutions, nor is it intended to do so; rather, it's intended to complement them. And, like the original ICF, it will not monitor out-going traffic. It's most important virtues, I think, are it's improved compatibility with internal LANs and its configurability via group policies. Now, there's a simple, cheap tool that system admins can use to protect the LAN workstations from that occasional - but not rare enough - fool who manages to bypass the perimeter firewall and manually install some malware that could then spread throughout the LAN via shared drives. WinXP's built-in firewall is _adequate_ at stopping incoming attacks, and hiding your ports from probes. What WinXP also does not do, is protect you from any Trojans or spyware that you (or someone else using your computer) might download and install inadvertently. It doesn't monitor out-going traffic at all, other than to check for IP-spoofing, much less block (or at even ask you about) the bad or the questionable out-going signals. It assumes that any application you have on your hard drive is there because you want it there, and therefore has your "permission" to access the Internet. Further, because the ICF is a "stateful" firewall, it will also assume that any incoming traffic that's a direct response to a Trojan's or spyware's out-going signal is also authorized. ZoneAlarm, Kerio, or Sygate are all much better than WinXP's built-in firewall, and are much more easily configured, and there are free versions of each readily available. Even the commercially available Symantec's Norton Personal Firewall is superior by far, although it does take a heavier toll of system performance then do ZoneAlarm or Sygate. SP2's Windows Firewall is intended to complement 3rd-party firewalls, so it won't hurt anything to leave it enabled whilst using another software firewall, but it also won't do much good, except as extra "insurance." Bruce Chambers The inbuilt one does a perfectly good job of blocking probes from the outside. But it is not easy to configure where there may be exceptions you need to make, and especially if these are relevant to just one program. Nor does it do anything at all about nasties that get on your machine trying to 'phone home'. So a separate product is better - and generally the free version of Zone Alarm from www.zonelabs.com is quite adequate -- Alex Nichol MS MVP (Windows Technologies) Bournemouth, U.K. The XP firewall compares quite well with Zone Alarm and the others insofar as blocking incoming traffic is concerned. As others have explained, it has no ability to block outgoing traffic, such as that generated by spyware and/or trojans, and so if that is also a concern of yours then you would be better served by another product. Good luck Ron Martell Duncan B.C. Canada -- Microsoft MVP Soooo, you were saying?Alias : : : "Alias" wrote in message : ... : : "John R. Copeland" wrote : "Mark Lloyd" wrote : : Notice that the XP firewall is incoming-only, and provides much : less : protection than a good firewall. : : Mark Lloyd : : No, Mark. You're describing the old Internet Connection Firewall. : The Windows Firewall in XP intercepts both incoming and outgoing : traffic. : ---JRC--- : : No it doesn't and it doesn't to avoid law suits like what happened : with : Internet Explorer. Please do your research before you post false : information. : : Thanks : : Alias : : : : |
#16
|
|||
|
|||
anybody with the moniker 'MVP' I take what they say with a HUGE
granule of salt. These guys argue amongst themselves about every thing, taking the opposing side to create discussion. When has Microsoft ever made anything with the intent on it being complimentary to 3rd party anything?? And, like the original ICF, it will not monitor out-going traffic. definition of 'monitor' I guess, is in question. Will it block EVERYTHING outgoing? So we get to the specific scenarios which supports either side. No thanks. XP firewall is positioning itself for the future. Cause what it doesn't block will be deemed permissible. For those that know me, know where I'm going with this. Obvious as the nose on your face. "Alias" wrote in message ... "Z" wrote in message ... : Alias wrote: : Notice that the XP firewall is incoming-only, and provides much less : protection than a good firewall. : : No, Mark. You're describing the old Internet Connection Firewall. : The Windows Firewall in XP intercepts both incoming and outgoing traffic. : : No it doesn't and it doesn't to avoid law suits like what happened with : Internet Explorer. Please do your research before you post false : information. : : The XP firewall inspects both ways. If you say so ... but, you're wrong. Search xp.general with Google and you will find posts like these: Hi The XP SP2 doesn't monitor outgoing access to the internet. You will need to install a 3rd party '2-way' Firewall such ZoneAlarm. -- Will Denny MVP - Windows Shell/User Please reply to the News Groups Greetings -- The "next generation" Windows Firewall included with SP2, while vastly superior to the original ICF in terms of visibility, usability and configurability, is still rather lacking, as a solid security component. It still can't supplant 3rd-party solutions, nor is it intended to do so; rather, it's intended to complement them. And, like the original ICF, it will not monitor out-going traffic. It's most important virtues, I think, are it's improved compatibility with internal LANs and its configurability via group policies. Now, there's a simple, cheap tool that system admins can use to protect the LAN workstations from that occasional - but not rare enough - fool who manages to bypass the perimeter firewall and manually install some malware that could then spread throughout the LAN via shared drives. WinXP's built-in firewall is _adequate_ at stopping incoming attacks, and hiding your ports from probes. What WinXP also does not do, is protect you from any Trojans or spyware that you (or someone else using your computer) might download and install inadvertently. It doesn't monitor out-going traffic at all, other than to check for IP-spoofing, much less block (or at even ask you about) the bad or the questionable out-going signals. It assumes that any application you have on your hard drive is there because you want it there, and therefore has your "permission" to access the Internet. Further, because the ICF is a "stateful" firewall, it will also assume that any incoming traffic that's a direct response to a Trojan's or spyware's out-going signal is also authorized. ZoneAlarm, Kerio, or Sygate are all much better than WinXP's built-in firewall, and are much more easily configured, and there are free versions of each readily available. Even the commercially available Symantec's Norton Personal Firewall is superior by far, although it does take a heavier toll of system performance then do ZoneAlarm or Sygate. SP2's Windows Firewall is intended to complement 3rd-party firewalls, so it won't hurt anything to leave it enabled whilst using another software firewall, but it also won't do much good, except as extra "insurance." Bruce Chambers The inbuilt one does a perfectly good job of blocking probes from the outside. But it is not easy to configure where there may be exceptions you need to make, and especially if these are relevant to just one program. Nor does it do anything at all about nasties that get on your machine trying to 'phone home'. So a separate product is better - and generally the free version of Zone Alarm from www.zonelabs.com is quite adequate -- Alex Nichol MS MVP (Windows Technologies) Bournemouth, U.K. The XP firewall compares quite well with Zone Alarm and the others insofar as blocking incoming traffic is concerned. As others have explained, it has no ability to block outgoing traffic, such as that generated by spyware and/or trojans, and so if that is also a concern of yours then you would be better served by another product. Good luck Ron Martell Duncan B.C. Canada -- Microsoft MVPSoooo, you were saying?Alias |
#17
|
|||
|
|||
Alias wrote:
: The XP firewall inspects both ways. If you say so ... but, you're wrong. Search xp.general with Google and you will find posts like these: The XP SP2 doesn't monitor outgoing access to the internet. You will need to install a 3rd party '2-way' Firewall such ZoneAlarm. Google for "flat earth" next. Wow, I guess that proves the planet is really flat. The current XP SP2 firewall most DEFINITELY inspects both ways. I'm using it now. If I deny my term emulator s/w access, it won't get an outside connection. |
#18
|
|||
|
|||
"Z" wrote in message ... : Alias wrote: : : The XP firewall inspects both ways. : : If you say so ... but, you're wrong. Search xp.general with Google and you : will find posts like these: : The XP SP2 doesn't monitor outgoing access to the internet. You will need : to install a 3rd party '2-way' Firewall such ZoneAlarm. : : Google for "flat earth" next. I googled microsoft.public.windowsxp.general : : Wow, I guess that proves the planet is really flat. Stupid analogy. : : : The current XP SP2 firewall most DEFINITELY inspects both ways. I'm : using it now. If I deny my term emulator s/w access, it won't get an : outside connection. Um, you're wrong, sorry. I have crossposted this message to the appropriate newsgroup so that the XPers over there can help me straighten you guys out. Alias |
#19
|
|||
|
|||
lol the XPer's. Here we go with the specifics............
"Alias" wrote in message ... "Z" wrote in message ... : Alias wrote: : : The XP firewall inspects both ways. : : If you say so ... but, you're wrong. Search xp.general with Google and you : will find posts like these: : The XP SP2 doesn't monitor outgoing access to the internet. You will need : to install a 3rd party '2-way' Firewall such ZoneAlarm. : : Google for "flat earth" next. I googled microsoft.public.windowsxp.general : : Wow, I guess that proves the planet is really flat. Stupid analogy. : : : The current XP SP2 firewall most DEFINITELY inspects both ways. I'm : using it now. If I deny my term emulator s/w access, it won't get an : outside connection. Um, you're wrong, sorry. I have crossposted this message to the appropriate newsgroup so that the XPers over there can help me straighten you guys out. Alias |
#20
|
|||
|
|||
On Wed, 17 Nov 2004 15:19:55 GMT, "John R. Copeland"
wrote: "Mark Lloyd" wrote in message ... Notice that the XP firewall is incoming-only, and provides much less protection than a good firewall. Mark Lloyd No, Mark. You're describing the old Internet Connection Firewall. The Windows Firewall in XP intercepts both incoming and outgoing traffic. ---JRC--- I checked a system with SP2 applied a couple of weeks before. Would you have a specific procedure for demonstrating the presence of an outgoing firewall? If possible, I'd probably test that. -- 38 days until the winter solstice celebration Mark Lloyd http://notstupid.laughingsquid.com |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Help! Windows98 & Explorer gone mad in safe mode. | Sybil Fox | General | 45 | September 26th 04 09:01 PM |
cant send e mail or forward e mail thru aol | v pellegrini | Internet | 1 | July 21st 04 03:52 PM |
Mail Problem on Windows ME Internet | Jacque® Dupre© | Internet | 0 | July 20th 04 02:46 AM |
Mail from microsoft ? | JohnH | General | 7 | June 14th 04 10:56 PM |
Clean Install of Windows 98 | DL | Disk Drives | 1 | June 9th 04 11:40 PM |