Re: Commercial Firewall(s) and MS' XP version

Chuck--- wrote: 
Hi Experts:

1) My faithful Zone Alarm Free, after years, went 'True Vector' belly up with a new version install;
2) Sygate won't install at all;
3) Kerio installed, but locks me out of everything (FAQ needs study).

In the meantime, I have the MS built-in XP firewall, (and AVG) defending me from Evil Doers. I haven't noticed much discussion on this XP feature here. Am I fairly well protected, or should I try harder on the others?

A check shows that my ports are stealthed (good), but I don't get any feedback (bad), like the reports ZA gave me, or that it is working at all. All my security patches are current. Am I just suffering from a lack of feedback gratification and should not be concerned?

Your advice please. Thanks, Chuck---




WinXP's built-in firewall is adequate at stopping incoming attacks, and hiding your ports from probes. What WinXP SP2's firewall does not do, is provide an important additional layer of protection by informing you about any Trojans or spyware that you (or someone else using your computer) might download and install inadvertently. It doesn't monitor out-going network traffic at all, other than to check for IP-spoofing, much less block (or at even ask you about) the bad or the questionable out-going signals. It assumes that any application you have on your hard drive is there because you want it there, and therefore has your "permission" to access the Internet. Further, because the Windows Firewall is a "stateful" firewall, it will also assume that any incoming traffic that's a direct response to a Trojan's or spyware's out-going signal is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's built-in firewall, in that they do provide that extra layer of protection, are much more easily configured, and have free versions readily available for downloading. Even the commercially available Symantec's Norton Personal Firewall provides superior protection, although it does take a heavier toll of system performance then do ZoneAlarm or Sygate.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having both at once. - RAH
.

Relevant Pages

  • Re: Deep Throat
    ... someone else using your computer) might download and install ... Further, because the ICF is a "stateful" firewall, it will also assume ... >> Sounds like your antivirus protection caught it and blocked you ...
    (microsoft.public.security.virus)
  • Re: Is Windows XP firewall any good?
    ... it is not the job of a firewall to protect You from ... important additional layer of protection by informing you about any ... allow someone else to install programs on Your computer. ... In most cases, for Your average user, it does. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Modem with NAT firewall, do I also need a software firewall?
    ... Zonealarm installed. ... Windows XP Firewall is enabled, ... If you need outgoing protection - you're already messed up. ... install from that hardware installation cd-ROM, ...
    (microsoft.public.windowsxp.hardware)
  • Re: Commercial Firewall(s) and MS XP version
    ... >> 2) Sygate won't install at all; ... >> In the meantime, I have the MS built-in XP firewall, defending ... > provide an important additional layer of protection by informing you about ... > ZoneAlarm, Kerio, or Sygate are all much better than WinXP's built-in ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Hardware, software or both?
    ... > checking the Sygate Personal firewall and like it a lot. ... You can get a cheap NAT router that will catch most attacks before it ... Think layered protection and not depend on one single element is going to ...
    (comp.security.firewalls)
Loading