Re: Win xp sp2 firewall

On Tue, 20 Mar 2007 16:17:18 +0900, Gerald Vogt wrote:

Leythos wrote:
Windows XP SP2 fireall is the last resort - it has one serious flaw - if
you run as a local administrator, and most people do, it allows programs
and services to create holes (exceptions) in it. Also, if you normally
share files/printers, it will default to allowing File/Printer sharing,
which also greatly exposes you.

No other firewall is different. If you are administrator you can change
the settings of any firewall running on your system. No firewall running
on the computer can prevent that. Thus, if a program wants to open a
port it can do so if it is running as administrator. Maybe the installer
of the program does not care about opening the port on a 3rd party
firewall but still it could do so. It is usually not necessary anyway
because people running personal firewalls tend to turn off the whole
firewall whenever there is a networking issue, anyway.

Moreover, the firewall does not "default" to allow file sharing. The
default is to block sharing. However, if you want to share files and run
the file sharing wizard the necessary ports are opened. This is very
reasonable as it helps people to achieve what they want to achieve:
share files in their network. With other personal firewalls people have
a much harder time to figure out how to get it working. Many file
sharing problems are due to 3rd party firewalls.

But you seem to have little experience with other firewalls - as most
NON XP SP2 firewalls will alert/ask the user for permission to create the
rule. Win XP SP2 doesn't alert you, it just blindly lets it happen.

How is it that you guys miss the holes in XP Sp2 firewall while missing
that anything that makes it harder to put holes in a firewall is good?



spam999free@xxxxxxxxxx (remove 999 for proper email address)

Relevant Pages

  • Re: You can say I didnt warn her.....
    ... the charces of holes being all fixed is not one to put much faith in, ... yourself from the others with a software firewall etc. ... now you are talking about user education Roger. ... there computors get clogged up now and then. ...
  • Re: Layering portsentry and ipchains
    ... > have to poke holes in your firewall just so portsentry can do its magic ... same port yourself, or if you inadvertently leave an out-of-the-box port ... user-space is the whole reason *why* you're attempting to firewall the box ...
  • Re: OT: Which firewall is best?
    ... is not going to punch holes through, that malware is not going to punch ... firewall, that you're still protected from unsolicited inbound traffic. ... Well if you're not going to be an advocate for the windows firewall ... No, many applications DO PUNCH HOLES IN THE WINDOWS FIREWALL, and they ...
  • Re: Firewalls + IPSEC
    ... It really depends on the vendor's implementation of "IPSec passthrough". ... What holes does the vendor say they open up? ... don't allow specifying protocols, then you are correct that you can't go ... If the firewall is also a NAT, ...
  • Re: Firewalls, are they really necessary?
    ... > holes have been reported for the services I have running on my system, ... > Firewall issue or not, the firewall is there to protect you. ... it's either a security hole or a mis-configuration. ... > POP3 mail server from his house? ...