Windows Legacy OS forum

General discussion

Windows XP Firewall

by Chuck100 / April 7, 2006 5:07 AM PDT

Pentium 4
Running: Windows XP Pro, SP2

I run Norton Antivirus(SystemWorks)and Norton Firewall. What I'd like to know is, whether or not the Windows Firewall that comes with my Operating system is sufficient enough by itself that I can discontinue the use of the Norton Firewall without worry of putting my computer in danger. I'm pretty sure an answer from the Norton and Microsoft people would be biased. So far, I haven't been able to find enough evidence on this topic to make be comfortable enough to switch from Norton firewall to Windows firewall, but I sure would like to do so.
Please help if you can.
Sincere thanks.

Discussion is locked
You are posting a reply to: Windows XP Firewall
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Windows XP Firewall
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
by Themisive / April 7, 2006 5:19 AM PDT
In reply to: Windows XP Firewall

On what you want to do. Remember, it's a Microsoft programme, but the best way of being safe is to use an anti-virus suit. I use Trend Micro Internet Security, this has it's own firewall, will run e-mail scans on incoming AND outgoing mail, and has a real time scan system (amongst other things).

As for Norton, just read some of the comments posted on these forums about that system, it's almost impossible to remove.

I would be inclined to first get a trial package from one of the other anti-virus companies, to see what it's like, then back up ALL your irreplaceable data (Word files, e-mails and the like), if you haven't already got them, download Spybot S & D and Ad-aware - both free. Backup all your downloads as well, then set to work and be prepared to re-install all the programmes again. That's not too bad, because the private data you will eventually need you already have backed up.

Collapse -
by gmperry / April 7, 2006 5:20 AM PDT
In reply to: Windows XP Firewall

I run Norton & would not switch over to the OS
firewall. You can not run two so I would leave the OS one turned off. My Throughts, gmp

Collapse -
by joesmithers06 / April 7, 2006 5:31 AM PDT
In reply to: Windows XP Firewall

For probably 99% of all Windows users, XP's firewall is perfectly sufficient. I still prefer a firewall as a part of a router for a number of reasons, but XP's firewall is more than adequate for most people's needs.

Collapse -
Norton's firewall vs Windows firewal
by MarkFlax Forum moderator / April 7, 2006 5:38 AM PDT
In reply to: Windows XP Firewall

As Themissive says, it all depends.

Many people here, (myself included), do not use the Windows firewall because it only blocks incoming hacker attempts. 3rd party firewalls such as Norton's and ZoneAlarm, Kerio, etc block incoming and outgoing attempts.

That's important because a hacker may get through some day, (no machine can be 100% safe, perhaps a virus gets missed that installs spyware on the computer), and so blocking outgoing will help stop the infection from "phoning home".

However, other people here, more technically minded, will point out that the Windows firewall will block outgoing, but it just needs configuring properly. I've never tried to configure the Windows firewall because it is not for the faint-hearted. I'm faint-hearted!

Still others will say a router with a hardware configured firewall built in is better still, but I am not of that opinion.

As has been said, you shouldn't have two or more firewalls working at the same time, conflicts can arise.

You haven't said why you are considering closing down the firewall part of Norton's, but if it is running well, I would suggest leaving it alone.

But if you are intent on disabling it, do so with the computer disconected from the internet, then connecting up the Windows firewall before re-connecting to the internet. This is because it has been estimated that it takes about 25 seconds for an unprotected computer on the internet to be identified.

Or, download the installer file for any other firewall, then disconnect from the internet, disable Nortons and then install your new firewall.

Good luck.


Collapse -
Not true
by joesmithers06 / April 7, 2006 8:18 AM PDT

It amazes me how many people have gotten the mistaken impression that XP's firewall only blocks incoming connection attempts.

It all stems from someone, somewhere, quite possibly an employee of the Cnet/ZDNet corporation, misinterpreted the fact that originally XP's firewall was configured to block only incoming connection attempts. It was always possible to block outgoing connections, but until SP2 came along, it was a bit on the tedious side. You had to monkey around with IPSec rules, since that's all XP's firewall really is, an IPSec rule generator. SP2 made creating rules to block outgoing connections not much more difficult than any other software firewall.

I would hope, that as a moderator and thus in a position of implicit trust by people coming here, you would stop spreading this false information. Maybe you should actually TRY configuring XP's firewall before spouting off about how difficult it is or isn't for the faint hearted. Then again, maybe it's just a personal choice. I choose not to live in ignorance if I can help it, so I seek out knowledge wherever I can. The exact opposite of what I take "faint hearted" to mean.

Collapse -
question # 17...on Tom's link....
by nuttron / April 7, 2006 1:08 PM PDT
In reply to: Not true

from microsoft = Q. Should I use a non-Microsoft personal firewall instead of the built-in Internet Connection Firewall?

If you already have a non-Microsoft firewall on your computer, you should continue to use it. If you do not have a firewall, then you have a choice. If you want a simple firewall that is very easy to configure, then you should use the Windows XP Internet Connection Firewall. If you want more advanced control over the traffic that passes through your computer and you also want to block outgoing traffic (that is the traffic from your computer out to the Internet) then choose a personal firewall from another company.

Collapse -
by joesmithers06 / April 8, 2006 3:35 AM PDT

Microsoft is a company devoted to proving the old maxim about creating a better class of fools by trying to make something foolproof.

It's always been possible to write rules for XP's firewall to block any kind of connection you want, but you just needed to know how to use IPSec, something very few experts even know how to do. So for Joe Blow computer user, it's the same as not being possible.

You could argue that using a program like ZoneAlarm vs learning to write IPSec rules would take significantly less time and effort, and many similar sorts of arguments, but it doesn't change the fact that it's always been possible to block any connection type with XP's firewall since its first inception in XP.

It also doesn't change the fact that you are repeating a misinterpreted (read: wrong) accounting of the fact that XP's firewall was initially only CONFIGURED to block incoming connections. Which again, is a VERY different statement from saying it's only CAPABLE of blocking incoming connections. Nowhere in the little blurb you plagiarized does it dispute anything I've said.

Collapse -
You disprove your own point
by MarkFlax Forum moderator / April 8, 2006 6:56 AM PDT
In reply to: And?

After berating me for even considering not using the Windows Firewall, you now admit that;

"It's always been possible to write rules for XP's firewall to block any kind of connection you want, but you just needed to know how to use IPSec, something very few experts even know how to do. So for Joe Blow computer user, it's the same as not being possible."

Most people who post questions here are Joe Blows. Myself included. So, when they ask questions and say they are not technically minded, or it appears from their posts thet they are not so, then telling them that Windows Firewall does block outgoing and all they have to learn is how to use IPSec, something which "very few experts even know how to do", doesn't really help them does it.

Perhaps SP2 has made configuring the Windows Firewall easier, but the user still needs to know which applications to block as they have to add them manually to WF's exceptions list. If they are asking questions in the first place with no indication that they want to take a masters degree in IT to learn how to do it, then it is my belief that the Windows Firewall is not the best route for them.

I know this lack of IT IQ offends your sensibilities, and you believe that most people here, Mods included, should not be using computers if they don't know how to build them, configure them, troubleshoot them and write their own programs, then have breakfast, but there you go m8. We're not all as gifted as you.

Beware, you appear to be getting out of hand, again.


Collapse -
Aren't we sensitive
by joesmithers06 / April 8, 2006 9:13 AM PDT

I didn't "beat" you for anything but your own laziness. To make an analogy... You can remain blissfully ignorant about basic car repairs, but then you put yourself in a situation where any small time con artist who runs a garage could take advantage of you by telling you that you need a large number of expensive repairs that you really don't. You should maybe ask yourself why it is you seem to think that I'm attacking you so fiercely when I'm not. When you feel that people are persecuting you for everything you do, it's often a result of guilt over something. In this case, I might postulate that it's guilt over giving out information you know to be erroneous. I call you on it, and you then interpret this as an attack.

Far from the offense you seem to think I take from people's ignorance, it's not ignorance I take offense to. It's people's laziness and even celebration of that ignorance, as if it were something to be proud of, that I take offense to. People, like yourself apparently, who seem to be so arrogant and full of themselves that you just assume there will be people like myself who will clean up the messes you invariably create. That's what offends me. People asking for information doesn't offend me, it's people like you who say how something is this way or that, and in the same breath, admit that you've never actually even tried to do it. It's like my asking you how the food is at some restaurant, and you saying it's good or bad, then following it with the nugget that you've never actually eaten there. Why should I regard your opinion any more than something I scrape off the bottom of my shoe in such a case?

I respect people who at least make an effort to solve some problem given whatever range of skills they have, a whole lot more than people like yourself who just give up immediately. If people just stopped being arrogant and self-centered, assuming other people will fix everything for them, and learned to use a search engine and follow simple directions... There'd be a lot fewer questions on this forum and others like it. Imagine that... All you need, is a non-defeatist mentality, some basic skills with a search engine, and the ability to read and follow instructions and the bulk of computer problems Joe Blow might run into can be solved.

So, once again, I don't mind people seeking information. I admire people who seek information. I have a good deal of respect for people who attempt to use whatever skills they have, to solve their problem before asking others. And I have a deep dislike for people who seem to think ignorance is something to be proud of. Which probably explains my shortness with you.

Collapse -
by MarkFlax Forum moderator / April 8, 2006 9:17 PM PDT
In reply to: Aren't we sensitive

Moi? Mais non! At least, no more than any other person I guess.

Joe, I notice you use anologies often in your posts. The problem with analogies is they can be made to fit any type of situation, whether it supports or collapses what is being argued over.

Take you car repair analogy. I drive a modern car everyday. I know the basics about cars; 4-stroke combustion engine, carburetor, clutch, gearbox, driveshaft, etc. I know how to change plugs, check points, oil her up, check the battery etc. But if an exhaust valve goes south I would have no idea how to fix it. I am ignorant of engineering principles in that respect. I may not even know what the symptoms point to. Does this offend you? Does it offend you that, rather than take a vehicle mechanics course I opt to take it to a garage to be fixed? Why would that offend you?

Can you fix it?

Take another analogy. I travel by air ocassionally. Does it offend you that, if the airplane engine won't start, or there is some other mechanical/electrical problem with the plane, I can't fix it? I am ignorant of such things. I choose not to take the, (whatever), course to learn how to fix and repair airplanes.

Can you fix it?

(If you answer Yes to both, then you are truly a wonderful person and I bow down to the greater being).

If not, then would a car mechanic or a plane engineer be justified in calling you ignorant, lazy, arrogant, not willing to at least attempt to learn for themselves?

By the way, I trust I never have the er... opportunity to travel with you in a car that brakes down, or an airplane that won't fly. If you attempt to ''have a go'', I'm out and walking!

A funny thing about search engines. Many times I have used them myself and come across possible solutions listed in these forums as well as other places. So, somewhere along the line some other person has asked similar questions, here. Or elsewhere.

Do you consider those people lazy?

I don't mind how short you are. Oops, sorry! I don't mind how short you are with me. Or what you say about me. At least it's me and not someone else on these boards you are offending.


Collapse -
by shankru85 / April 7, 2006 11:55 PM PDT
In reply to: Not true
Collapse -
Sorry, I don't click on links
by joesmithers06 / April 8, 2006 3:42 AM PDT
In reply to: Link

I don't click on links like that, out of a general habit regarding being a bit smarter than the average person who falls for phishing scams.

I also don't know anything about the site to gauge its credibility with. Anyone with a few bucks and some basic web design skills can create a website, but that doesn't mean anything you find there can be trusted. Take Steve Gibson's website for example. Looks professional enough, but there are serious credibility issues with the content contained within.

If you want to paste the relevant portions, I might consider reading it, but I suspect it will be another case of a person mistaking the meaning of CONFIGURED with CAPABLE. They both start with C, so I can see how that might happen.

Collapse -
Enough said, it explains your numerous errors...
by Edward ODaniel / April 8, 2006 8:06 AM PDT

in your advice.

By default Microsoft's firewall does protect only inbound connections.

IPSec configuration is not something everyone knows about and have you attempted to set it up on XP Home which does not include the group security tools? (from your responses it is obvious you haven't)

For those who have the time and tools and knowledge to configure IPSec as desired it is indeed more than adequate but for the majority of users a more "user friendly" firewall such as Outpost or Kerio or Zone Alarm or packages such as those offered by Norton, McAfee, CA, or TrendMicro are arguably better as they are configured "out of the box" to block outgoing traffic which is often the whole poing of a trojan, worm, or key logger.

Moral here is that you should either click links or type them in yourself and if you are not familiar with the source make yourself familiar.

Collapse -
What errors?
by joesmithers06 / April 8, 2006 9:32 AM PDT

You seem to agree with everything I said, other than the tone I took with Mr. I'm-stupid-and-proud.

Also, all the tools are in Home, you just have to use Safe Mode to access them. I also never said anything about any of the other software firewalls, just that XP's firewall is perfectly adequate for the uses of probably 99% of all XP users. I have said that many of the others try and sell you the "Pro" versions, and then some sort of subscription service on top of that, so in that regard XP's firewall is better. I'm just saying XP's firewall CAN be configured to handle incoming AND outgoing.

Collapse -
by tomron / April 7, 2006 5:59 AM PDT
In reply to: Windows XP Firewall

WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes. What WinXP SP2's firewall does not
do, is provide an important additional layer of protection by informing
you about any Trojans or spyware that you (or someone else using your
computer) might download and install inadvertently. It doesn't monitor
out-going network traffic at all, other than to check for IP-spoofing,
much less block (or at even ask you about) the bad or the questionable
out-going signals. It assumes that any application you have on your
hard drive is there because you want it there, and therefore has your
''permission'' to access the Internet. Further, because the Windows
Firewall is a ''stateful'' firewall, it will also assume that any incoming
traffic that's a direct response to a Trojan's or spyware's out-going
signal is also authorized.

ZoneAlarm or Kerio are much better than WinXP's built-in firewall,
in that they do provide that extra layer of protection, are much more
easily configured, and have free versions readily available for
downloading. Even the commercially available Symantec's Norton Personal
Firewall provides superior protection, although it does take a heavier
toll of system performance then do ZoneAlarm or Kerio.

Click HERE for additional info.


Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.