XP's Firewall

Discussion in 'Virus Information' started by B.W., Aug 22, 2006.

  1. From: "RJK" <>

    | I think it's on this thread / lower down, that someone was explaining that
    | one doesn't really need a firewall if networking services are sensibly set
    | etc. etc. (cough...cough - all very well if you're an expert and have the
    | luxury of spending HOURS and HOURS tweaking the aforesaid).
    |
    | ...well .... a friend of mine who, ( (unknownst to me), removed his Norton
    | Internet security software and didn't switch on his XP firewall recently ran
    | David H Lipmans "multi-av" / four major a/v command line scanners, (one of
    | them, possibly McaFee or Kaspersky), refused to run apparantly )), and the
    | 3rd sweep, McaFee or Kaspersky, found over 30 viruses.
    |
    | I'll be zero-filling his hd and reinstalling in September, so when I get to
    | see the logs I'll let you know what was found.
    | I wonder who was rummaging around his hard disk hwilst not getting any
    | firewall alerts ?
    |


    Richard:

    I'd like to see those log files.
     
    David H. Lipman, Aug 27, 2006
    1. Advertisements

  2. B.W.

    B. Nice Guest

    Your personal opinions don't change the facts. And no, you absolutely
    don't need to be an expert spending hours of tweaking.
    And how on earth is this related to the discussion that has been going
    on here? - You are describing a scenario where someone dropped his
    firewalls and virus-protection just like that. Nobody in this thread
    has ever mentioned that being a good idea.
    You are just another advocate of personal firewalls, that's all. You
    are not doing a very good job though.
     
    B. Nice, Aug 27, 2006
    1. Advertisements

  3. B.W.

    RJK Guest

    Will do, when I get my hands on that PC.

    best regards, Richard
     
    RJK, Aug 27, 2006
  4. B.W.

    RJK Guest

    Oooh! ....a nibble .... a byte !

    "Your personal opinions don't change the facts." CORRECT ! When has an
    opinion ever changed a fact ?
    "And no, you absolutely don't need to be an expert spending hours of
    tweaking." RUBBISH !
    ....even when tweaking in familiar software territory, EVERYTHING involved
    with PC hardware OS/GUI's and application software translates into THOUSANDS
    of hours that whistle away into the ether. To prove my point - it's taken
    me several minutes to write this post !
    ....and just what is the personal abuse for, at the end of your post ? ROFL
    :)

    regards, Richard
     
    RJK, Aug 27, 2006
  5. B.W.

    B. Nice Guest

    Hey, you do know some IT terms ;-)
    I can shut down network services in less than 5 minutes. Obviously not
    rubbish.
    That's not my experience. And since the topic here is firewalls - only
    networking services need to be stopped - not all other kinds of
    services - which could criple your machine.
    And your point being?
    What was the ridiculing in the beginning of your initial reply for?
    ROFL :)

    And why did you deliberately choose not to comment on this:
     
    B. Nice, Aug 27, 2006
  6. B.W.

    Kerry Brown Guest

    B. Nice wrote:

    <more snipped>

    You are technically correct. Shutting down network services is fairly easy
    if you know what you are doing and it will give you as similar protection to
    running a firewall. It is not good advice for most people. I'm guessing less
    than 10% of Windows users would know how to do this. In the event they did
    do this without messing up their computer their computer would be an island
    unto itself, no printer sharing, no file sharing, etc.. The vast majority of
    users neither want nor need to do this. They are far better off with a
    firewall. We can debate the merits of which firewall which was how this
    thread started but a firewall is needed for most people. Your method of
    protection is simply not workable for most people and very poor advice for
    the non technically inclined who may find this thread through various search
    engines.
     
    Kerry Brown, Aug 28, 2006
  7. B.W.

    PA20Pilot Guest

    Hi,

    .........I can shut down network services in less than 5 minutes.

    Might you have a list of services that can be safely shut down to share
    with those of us that are less well informed?

    Thanks!

    ---==X={}=X==---

    Jim Self

    AVIATION ANIMATION, the internet's largest depository.
    http://avanimation.avsupport.com

    Your only internet source for spiral staircase plans.
    http://jself.com/stair/Stair.htm

    Experimental Aircraft Association #140897
    EAA Technical Counselor #4562
     
    PA20Pilot, Aug 28, 2006
  8. B.W.

    B. Nice Guest

    That's true.
    That's your opinion.
    I'm guessing that approx. 92% of all guesses involving percentages are
    simply wrong ;-)

    However, you do have a point. Simply because is is not the
    conventional wisdom being taught - and there is no money in it for
    software vendors making a living from peoples lack of knowledge. But
    if users are skilled enough to properly configure a personal firewall
    and understand how it works, they are also skilled enough to shut down
    services and understand the implications.
    True to some extent. But if they don't need that stuff, disabling the
    services is, from a security standpoint, the preferred option.

    That said, you _can_ actually disable the network services and still
    do file- and printersharing by using a network protocol different from
    TCP/IP for you LAN. Again a very good solution from a security
    standpoint.
    And I disagree to that opinion. They are far better off by getting in
    contact with someone who understands to properly configure their
    machine and eventually their network. Someone who is'nt somehow in it
    for the money.
    Depending on the circumstances, a packet filter of some kind is
    needed, yes.
    That would imply that most people do file- and printersharing. I'm not
    convinced whether that is true. At least not for home users.
    Don't worry about that. The thread will drown in links advicing you to
    install a personal firewall. Not least from the software vendors
    making a living from it. And you think that the non technically
    inclined should be better off with a personal firewall? - I disagree -
    with the windows firewall as an exception.

    I believe in providing different views and letting people decide for
    themselves. I don't believe in providing conventional wisdom only -
    which is why I find debates like these useful.
     
    B. Nice, Aug 28, 2006
  9. B.W.

    Dan Guest

    I still think the best solution is a multi-layered approach that
    includes a hardware firewall and a software firewall.
     
    Dan, Aug 28, 2006
  10. B.W.

    Dan Guest

    I would say that everyone is in agreement that a multi-layered approach
    is the best idea for security. So far we have determined that includes
    a hardware firewall, a software firewall and disabling unneeded services
    to help harden a computer's defenses.
     
    Dan, Aug 28, 2006
  11. B.W.

    B. Nice Guest

    I have some very outstanding guides in my native language describing
    how to manually close the usual networking ports (135, 137-139 and
    445), but that will probably not help you a lot :) - maybe I should
    take this oportunity to make an english version of those.

    However, I have come across these good sites in english also:


    * Torsten Mann's guide for windows 2000 and XP

    This is the one I normally use myself. The site contains a nice
    ready-to-run script with different hardening options depending on your
    environment and needs. And it comes with a restore (undo) possibility
    if something did not turn out the way you wanted. All it requires is
    that you know the basics of using a command window. As always, read
    the instructions first.
    http://www.ntsvcfg.de/ntsvcfg_eng.html


    * PCSTATS guide to understanding services

    An article providing some background information about services.
    http://www.pcstats.com/articleview.cfm?articleid=1759&page=1


    * Beemerworlds list of XP services

    A description of the different services in XP and recommendations for
    configuring them
    http://www.beemerworld.com/tips/servicesxp.htm

    And also this:
    http://web.archive.org/web/20041128021034/www.blackviper.com/WinXP/servicecfg.htm
    You're welcome.
     
    B. Nice, Aug 28, 2006
  12. B.W.

    B. Nice Guest

    Again it depends. If you are not offering network services there is no
    idea in adding extra complexity to protect something that is'nt there.
    I agree - but it does'nt seem to me like everyone is in agreement on
    this.
     
    B. Nice, Aug 28, 2006
  13. B.W.

    Leythos Guest

    No, it's a flaw in the Windows Firewall, any changes should require the
    user to make them directly or should require the user to approve the
    change via some Windows GUI, not an AOL program.

    There is no different between AOL making the change using their software
    and a CODEC installer, Malware, Kazza, etc... doing it.
    But the firewall is something that most users assume is protecting them,
    and allowing unseen, unknown changes, not specifically authorized by the
    user, is bad juju.
    No, the firewall should not allow change except through it's own
    interface, not by program, not by malware, not by juju, not by AOL or
    any other product. Windows Firewall is flawed in that it's exposed.
    Wrong, you're idea is sort of on track, but your idea is flawed in that
    the Windows Firewall could have been a quality product, but, if it was a
    quality product it would have caused a number of complications for users
    and network administrators.
     
    Leythos, Aug 28, 2006
  14. B.W.

    Leythos Guest

    And just how to you propose to disable it and use file/printer sharing
    in a business/corporate environment when you take your laptop around the
    country?

    While you can disable services, and that's a good idea, one solution
    rarely works for most people.

    A good method is to run a firewall that properly allows users to monitor
    and block access - as such, using a non-Windows XP firewall, I could
    easily allow my system to print to a printer on a clients network while
    not allowing any of their workstations/servers to access my laptop.
     
    Leythos, Aug 28, 2006
  15. B.W.

    B. Nice Guest

    Why should I make any attempt to propose that? I just stated that it's
    possible to do file- and printersharing on your own LAN without
    offering network services. A possibility that many home users for
    example are not aware of and therefore would not consider unless
    someone mentions it now and then.
    That's true. That's why I normally post different suggestions for
    different scenarios. There are however, some posters for which it
    seems like personal firewalls are the answer to everything.
     
    B. Nice, Aug 28, 2006
  16. B.W.

    Leythos Guest

    You didn't make the "Home" or "Your" LAN distinction in your post,
    that's what I was replying too.

    In many cases you can not use an alternative method to share files or
    print.
    I don't like "Personal Firewalls", but, even as crappy as the Windows
    Firewall is, they have a place for any user connecting to an
    unknown/untrusted network. As an example, I always use a PFW solution on
    our laptops when connecting to any network outside of our secure network
    in the office - even customers networks that we've designed. I use the
    inbound reporting/monitoring features to see what traffic is hitting my
    node in their network in addition to monitoring their firewall device.

    I don't like Windows XP Firewall because it's not informative, allows
    changes to be made without users understanding and sometimes without
    knowing about the changes, and because there is no real-time reporting
    on inbound and outbound.
     
    Leythos, Aug 28, 2006
  17. B.W.

    B. Nice Guest

    No. And I did'nt state "business/corporate environment" either.
    Yes I did.
    <snip>
     
    B. Nice, Aug 28, 2006
  18. B.W.

    B. Nice Guest

    It's crappy in your opinion. Not in mine.
    No. Not for ANY user. For users offering services of some kind - or
    for users with unpatched machines (since you seem to be focused on
    being precise).
    Good for you.
    And that's your opinion - based on your needs. Many users have no need
    for that info.
     
    B. Nice, Aug 28, 2006
  19. B.W.

    Leythos Guest

    Seems you've not been unable to show that my opinion is wrong, so it
    stands as crappy. Anything that allows changes to be made without the
    user knowing is a crappy solution.
    Yes, even for users offering services, since we appear to be talking
    about workstations and not dedicated servers. People, from a workstation
    or non-dedicated device, should have a firewall protecting the system.
    Thanks, it's good that you understand what can be done.
    No, it's a fact, all users NEED that info, but they are not use to
    having it. If all users had that info they would be a lot more aware of
    what is happening on their systems and it would make many systems more
    secure because the users would see what is happening and most would
    question it.

    How could a user not need to know about changes to their firewall rules?
     
    Leythos, Aug 28, 2006
  20. B.W.

    B. Nice Guest

    Seems it does'nt occur to you that opinions cannot be proven right or
    wrong.
    You must have misunderstood me.
    I understand what can be done. I also understand real life. Many users
    would not have the slightest interrest in what is hitting them. They
    just want to be protected from it.
    Those are just opinions - not facts. And you are entitled to have
    them, of course.
    A user installing something without having a good idea about what it
    does and how it is supposed to work, is not aware of security at all.
    Don't expect him/her to make sensible descisions in that respect.
     
    B. Nice, Aug 28, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.