Windows Legacy OS forum

General discussion

XP Firewall - is it permanent protection?

by cynthialind / August 15, 2004 12:45 AM PDT

Does the firewall provided with XP provide permanent protection, or does it need to be updated/upgraded? I have been told that it will not protect against new threats, and that I should get a router (even though I have only one computer) that will constantly update the protection level.

Can I feel safe using the existing XP firewall, or should I invest in a router or some other updateable firewall system?

I'd really appreciate any advice anyone could offer.

Thanks,
Cynthia

Discussion is locked
You are posting a reply to: XP Firewall - is it permanent protection?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: XP Firewall - is it permanent protection?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re: XP Firewall - is it permanent protection?
by R. Proffitt Forum moderator / August 15, 2004 12:58 AM PDT

Here's the problem. "Firewall" is not a defined item. For some, only one that does stateful inspection will meet their definition of a proper firewall. Microsoft's definition blocks unsolicited incoming packets and doesn't block (in its defaults) outgoing packets.

It's a very deep subject, but the stock firewall would have done much to quell past plagues. And still will.

Bob

Collapse -
Re: XP Firewall - is it permanent protection?
by Yew / August 15, 2004 2:29 AM PDT

The XP Firewall isn't the greatest in the world, but the improvements made in SP2 (you have downloaded and installed SP2 right) bring it to a new level, but you'd still be better off with a freeware firewall like Outpost.

But whoever has been talking in your ear is full of crap to put it bluntly. Even routers need firmware updates to update the firewall software. But generally all a firewall does is allow or block traffic, be it incoming or outgoing. If you've set up a firewall correctly, and it drops all packets coming in on ports not being used by some app on your system, you shouldn't ever need to update it.

Collapse -
Re: XP Firewall - is it permanent protection?
by Merl Priester / August 15, 2004 6:44 AM PDT

Most routers even without a "firewall" builtin, have NAT
and also usually do not respond to port requests from the outside WAN. This stops hackers from "seeing" a computer at your IP address. Without a outgoing firewall, it acts much the same as a Windows ICF would running on your computer.
The difference is this, a software firewall can be taken down by software, corruption or user error.
The router just sits there and does its job.
You can pick up a router for 40.00, so my opinion is get a router and you won't have any extra software running on your machine.

If you want to configure a firewall for outgoing traffic as well as incoming you can run software.

Collapse -
Re: XP Firewall - is it permanent protection?
by Yew / August 15, 2004 9:36 AM PDT

NAT is security through obscurity, and you REALLY don't want to rely on it as your only line of defense.

Just as an example... A guy working at Bell Labs devised a way to figure out how many computers were connected to a router via NAT, based on traffic patterns. This can be used by companies that have a contractual clause about having more than one computer hooked to the Internet. It could also be used by would-be hackers.

Besides, all they need to do is get a connection into the router, then scan a very small subset of IP addresses. Typically either 192.168.*.* or 10.0.*.*. You can probably even limit it to 192.168.1/0.* and 10.0.1/0.* since people buying routers generally aren't going to have enough systems to fill even one of those subnets. All of which can be effectively port scanned in a matter of minutes.

In the end NAT is like hiding the key to your house under a rock by the porch. You're just hoping that no one thinks to look under that rock, kick it over, or whatever. It's foolish, it's stupid, and it's not something you should trust as your only defense.

Collapse -
Re: XP Firewall - is it permanent protection?
by Merl Priester / September 3, 2004 8:54 AM PDT

Yew,

The routers I have used do not report to "port scans"
The ports are closed by default from the outside.
The NAT address ranges are not routable and therefore cannot be scanned from the outside across the router.

You would need to open a port to make the router let in traffic from the outside.

How would someone from the outside scan a non-routable IP?

Yes someone could look at patterns of web requests to see if more than one user is using the connection, but they still wouldn't know what the IP ranges were or which computer asked for the data unless the Router could be compromised.

A router is still better than someone that doesn't understand a firewall. If the turn off the software for anyreason, they are vulnerable. They will not be turning off NAT or the routers blocked incoming ports by accident.

Collapse -
The routers I have used do not report to "port scans"...
by R. Proffitt Forum moderator / September 3, 2004 9:00 AM PDT

I had my Linksys report such for a long time. It was mostly out of wondering what was incoming. All I found was that the scanning PC was almost always a "PC" and in about 1/3 the machines they had network shares that you could if you wanted to, delete all the files on C:

It's surprising...

Bob

Collapse -
Re: The routers I have used do not report to "port scans"...
by Merl Priester / September 3, 2004 10:58 AM PDT

Bob,
Are you saying that these routers can be scanned from the outside and get to the shared folders on the PCs?

Collapse -
Re: The routers I have used do not report to "port scans"...
by R. Proffitt Forum moderator / September 3, 2004 11:10 AM PDT

No. But I was not amused that if you look at the machine that scanned you, an unbelievable percent had shared their C drive. It's 100% sure the poor devil (owner) was not behind a NAT router.

Bob

Collapse -
(NT) (NT) Oh I see...
by Merl Priester / September 3, 2004 1:31 PM PDT
Collapse -
Re: XP Firewall - is it permanent protection?
by halsteis / September 4, 2004 6:21 AM PDT

Cynthia: Go to www.zonelabs.com/store/content/home.jsp. On the menu on the left side is a link called 'Download and buy", Click on it, in the next window, on the right, under Zone Alarm Security Suite, click on Zone Alarm.
This will give you a page where you can download the FREE version of Zone Alarm. Download and install it.
After that, you can go to their Forum and learn how to tweak it.
Then you can relax, knowing that your machine is protected from crackers.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.