How much can I trust XP SP2 firewall on its own?

Can I trust the Windows XP SP2 firewall to protected a machine with a
direct Internet connection? I usually use a broadband router to protect
my machines, but I still keep their own personal firewalls activated.
But due to various issues, I sometimes find it necessary to disconnect
the router and to connect one machine directly to the broadband modem.

Prior to SP2, I had been using ZoneAlarm and Sygate, but once SP2 came
out, I figured the Windows Firewall should be at least as capable at
basic protection as the other two. I also used to notice that there
were regular updates to ZoneAlarm, which I figured were them plugging
up newly discovered security holes in their software. However, barely
any updates to Windows Firewall.

Does anyone know if there's any vulnerability that's been discovered
that will allow a hacker to blow past the Windows Firewall?

Yousuf Khan

On Tue, 22 Mar 2005 11:39:01 -0800, YKhan wrote:
>
> Can I trust the Windows XP SP2 firewall to protected a machine with a
> direct Internet connection? I usually use a broadband router to protect
> my machines, but I still keep their own personal firewalls activated.
> But due to various issues, I sometimes find it necessary to disconnect
> the router and to connect one machine directly to the broadband modem.

You can not trust it any more than you trust anything based on MS
Security. I would never connect a workgroup computer directly to the
internet using SP2's firewall, and I would never suggest it as being "good
enough" to any client.

What are you doing that you need a direct connection - we might be able to
help you do it without a direct connection - securely.


--
(E-Mail Removed)
remove 999 in order to email me

I would think that taking the router out of the picture is just a
configuration issue. So why are you removing the router to make a direct
connect to the Internet with a machine?

Duane

On 22 Mar 2005 11:39:01 -0800, "YKhan" <(E-Mail Removed)> wrote:

>Can I trust the Windows XP SP2 firewall to protected a machine with a
>direct Internet connection? I usually use a broadband router to protect
>my machines, but I still keep their own personal firewalls activated.
>But due to various issues, I sometimes find it necessary to disconnect
>the router and to connect one machine directly to the broadband modem.
>
>Prior to SP2, I had been using ZoneAlarm and Sygate, but once SP2 came
>out, I figured the Windows Firewall should be at least as capable at
>basic protection as the other two. I also used to notice that there
>were regular updates to ZoneAlarm, which I figured were them plugging
>up newly discovered security holes in their software. However, barely
>any updates to Windows Firewall.
>
>Does anyone know if there's any vulnerability that's been discovered
>that will allow a hacker to blow past the Windows Firewall?
>
> Yousuf Khan

Go into your XP root folder.
Count all of the $NtUninstall* folders.
Every one of those is one more reason not to put all your faith in a single
Microsoft solution.

So, let's cut to the chase: what are we actually wrestling with here, YK?
Gaming problem?
Can't solve it with Port Forward rules in your router?

/daytripper

On Tue, 22 Mar 2005 21:01:00 GMT, Leythos <(E-Mail Removed)> wrote:


>You can not trust it any more than you trust anything based on MS
>Security. I would never connect a workgroup computer directly to the
>internet using SP2's firewall, and I would never suggest it as being "good
>enough" to any client.

Gerald Vogt (someone who posts here frequently) would disagree with
the above statements. I've used the SP2 XP firewall with no
compromises but I am now using Sygate just because it allows better
monitoring and outbound protection.

On Tue, 22 Mar 2005 18:03:09 -0800, Connected wrote:
>
> On Tue, 22 Mar 2005 21:01:00 GMT, Leythos <(E-Mail Removed)> wrote:
>
>>You can not trust it any more than you trust anything based on MS
>>Security. I would never connect a workgroup computer directly to the
>>internet using SP2's firewall, and I would never suggest it as being "good
>>enough" to any client.
>
> Gerald Vogt (someone who posts here frequently) would disagree with
> the above statements. I've used the SP2 XP firewall with no
> compromises but I am now using Sygate just because it allows better
> monitoring and outbound protection.

There are always two or more sides to every solution, and I just will not
trust my clients with SP2 Firewall as their means of protection. I've been
working with computers since the 70's and never had a computer/server
compromised, never had a client compromised, and install firewalls all
over the country. I'm going to stick with what I know works and I see no
reason to trust any personal firewall, let alone one put out by MS. Don't
get me wrong, the company I own is a MS Partner, and we're also a ISV, but
I'm not abound to even think of trusting the SP2 Firewall.

--
(E-Mail Removed)
remove 999 in order to email me

"YKhan" <(E-Mail Removed)> wrote in news:1111520341.384250.73880
@z14g2000cwz.googlegroups.com:

> Can I trust the Windows XP SP2 firewall to protected a machine with a
> direct Internet connection?

NO! NMAP can drill right through SP2 firewall.

--
"Why do they call it rush hour when nothing moves?", Robin Williams

Darko Gavrilovic wrote:
> "YKhan" <(E-Mail Removed)> wrote in news:1111520341.384250.73880
> @z14g2000cwz.googlegroups.com:
>
>
>>Can I trust the Windows XP SP2 firewall to protected a machine with a
>>direct Internet connection?
>
>
> NO! NMAP can drill right through SP2 firewall.
>

I checked out this thing after you mentioned it. It looks like it may
not be an issue with the SP2 version of the Firewall.

Dana Epp's ramblings at the Sanctuary: XPSP2 rips out raw sockets
http://silverstr.ufies.org/blog/archives/000666.html

Yousuf Khan

Leythos wrote:
> On Tue, 22 Mar 2005 18:03:09 -0800, Connected wrote:
>>Gerald Vogt (someone who posts here frequently) would disagree with
>>the above statements. I've used the SP2 XP firewall with no
>>compromises but I am now using Sygate just because it allows better
>>monitoring and outbound protection.
>
>
> There are always two or more sides to every solution, and I just will not
> trust my clients with SP2 Firewall as their means of protection. I've been
> working with computers since the 70's and never had a computer/server
> compromised, never had a client compromised, and install firewalls all
> over the country. I'm going to stick with what I know works and I see no
> reason to trust any personal firewall, let alone one put out by MS. Don't
> get me wrong, the company I own is a MS Partner, and we're also a ISV, but
> I'm not abound to even think of trusting the SP2 Firewall.

Other than general reputation of the company who makes the product, is
there anything specifically known about the SP2 firewall?

Yousuf Khan

daytripper wrote:
> Go into your XP root folder.
> Count all of the $NtUninstall* folders.
> Every one of those is one more reason not to put all your faith in a single
> Microsoft solution.

Yeah, but it also doesn't look like there's a too much they could do to
screw up this software -- listen for a signal on a port, and don't
answer it.

> So, let's cut to the chase: what are we actually wrestling with here, YK?
> Gaming problem?
> Can't solve it with Port Forward rules in your router?

No, just a problem with the router itself, it seems to overheat and drop
connections.

Yousuf Khan