What's wrong with XP's built-in firewall?

[lanux128]

after seeing some of the problems, 3rd party firewalls introduce after an upgrade. i was wondering what's wrong with using XP's built-in firewall? currently, it is disabled because i have ZoneAlarm. but i'm thinking of ditching ZA for plain vanilla Windows Firewall.

so, what do you think, is it worth trying out XP's firewall?

[Mizraim]

I have never had any issues with the standard XP Firewall. You could try it out. 

[AdIyhc]

Windows Firewall only offers inbound protection and is very good at that.
It's very silent too, protecting you in the background if you choose "No exceptions".

I will recommend trying it out. Not all microsoft products are trouble.
I myself use Look 'n' Stop. Slow development but it works perfectly.
(Would use Windows Firewall if I had not paid for Look 'n' Stop)

[lanux128]

Windows Firewall only offers inbound protection and is very good at that.

-AdIyhc (October 04, 2006, 09:19 PM)

i didn't know that. thanks for the info, AdIyhc.

tks also Mizraim, for vote of confidence..

[dk70]

Problem is many security guides, forums and such places will almost warn you against Windows Firewall due to lack of outbound control. You can see it refered to as "crap". Big mistake I think but good for Zonealarm and similar easy to use firewalls. If you have control over what you install etc. there is little reason to say you absolutely must have outbound control - or pay the price. Also note that while there are some very nice free firewalls with outbound control many of them require way more understanding than is common. You risk setting them up the wrong way - or just get tired of it all  Some of them are buggy as h... too, firewall might not be the easiest thing to make. Windows Firewall is practically transparent.

If you use router perhaps you dont even need a firewall, only the cheapest dont have inbound control? Some even do outbound.

Pretty cool to watch what is actually going on though but not the same as a must-have for general safety. In many cases it will only work as a notifier, telling you spyware is doing this or that. Too late then. Better than nothing perhaps but real problem and solution is elsewhere.

Dont know if it is true but I read somewhere that Microsoft had planned to put in outbound control but usertests showed majority can not handle this feature, or dont want to bother with setting up rules for access, looking at pop-up warnings etc. They end up clicking randomly or better disable. Make sense to me even if not true.

A good reason to use outbound you wont see mentioned so much is to check cracked software do not phone home rendering it useless. If you take out that part of user base plus those with paranoia there are not many left who have a real need If you fiddle with not so legal software outbound control could be an advantage.

[lanux128]

Dont know if it is true but I read somewhere that Microsoft had planned to put in outbound control but usertests showed majority can not handle this feature, or dont want to bother with setting up rules for access, looking at pop-up warnings etc. They end up clicking randomly or better disable. Make sense to me even if not true.

-dk70 (October 04, 2006, 10:04 PM)

you make a point there, dk70. even in ZA, i would just disable the pop-ups, instead of looking at each & every one of the warnings. the novelty quickly wears off after reading the 1st few of them. in any case, imo the program also should be able to analyse out-going data & detect any anomalies, instead of bombarding me with messages. but that level of AI seems a long way off..

[dk70]

Oh no, you can have that. Last week I tried Comodo free firewall http://www.personalfirewall.comodo.com/ very nice and it appears they are actively supporting it. But until you get to the point where firewall just sits there it has to go through learning mode and you most likely have to set up rules fitting your setup. Defaults are not so bad but ideally they should be modified. Also many firewall s do more than just reporting net traffic. Injection control and what not. I use strokeit, a mouse gesture thingy. Each time I use that in for example Firefox Comodo will pop up saying strokeit has fiddled with memory allocated to Firefox - so time for an "allow  app" or similar rule. When done you are tired  Safer? Mostly in-head safety I think, makes you feel good! Depends on use of computer, not useless of course but those who have a real need for outbound/application control will know why...

I think a tool like Windows Defender is much more relevant and important than outbound control. Real time check of what is added/changed to registry, services, startup etc. and should be useful to everyone. If nothing bad is added there is nothing bad to monitor is the idea. Outbound should come as top of the cake, after there is little left to protect.

Try some of them out - check user reviews and experiences here http://www.wilderssecurity.com/ see "Other firewalls". Outbound being overkill or crucial is old question I believe. Big difference in resource use and most of at least the free ones need quite a long "changelog" before they get approved as "solid". Firewalls do seem like sensitive software.

I dont know any not free firewalls. Possible they have even more gadgets like adblocking etc. making them more useful. If all you need is monitoring of what is send from computer it should be easy to find a freeware firewall.

[Deozaan]

even in ZA, i would just disable the pop-ups, instead of looking at each & every one of the warnings. the novelty quickly wears off after reading the 1st few of them. in any case, imo the program also should be able to analyse out-going data & detect any anomalies, instead of bombarding me with messages. but that level of AI seems a long way off..

-lanux128 (October 04, 2006, 10:20 PM)

I used to have Firefox ask me about every single cookie. I blocked tons of them and accepted few. Strangely I wasn't ever thoroughly annoyed at it, but it became a problem when my best friend and room mate (not exactly PC-literate) would browse the internet and ask me what to do with the popup.

He had a way of destroying computers just by using them for five minutes, and not actually do anything wrong. I could watch him and he wouldn't be doing anything I wouldn't do and all sorts of error messages would pop up or it would crash.

So when I got a new computer I decided it wasn't worth my time to decide to block every cookie or not.

[wr975]

due to lack of outbound control.

There is no outbound control.

See the tests here:  http://www.firewallleaktester.com/

After seeing it, I deinstalled Sunbelt Kerio and tried Comodo Firewall (too bad they tested such old version). But it made me pretty much insane in learning mode (AdMuncher + StrokeIt: code injection galore).

Then I wondered, why I'm torturing myself if a clever written software could bypass a firewall anyway. So I decided to stop using software firewalls (for outbound connections). My router is firewalling incoming connections quite OK (grc.com says stealth).

So when I got a new computer I decided it wasn't worth my time to decide to block every cookie or not.

Same here. I accept all cookies and configured my "system cleaner tool" (I'm using CrapCleaner) to erase cookies but keep certain ones. So whenever I "clean" my system, all unneeded cookies are gone.

[f0dder]

One problem with the Microsoft firewall: if you don't run a limited user account, it's very easy to disable the firewall or "poke holes" in it. Easier than with other firewalls, since there's an API for doing it.

Outbound protection is nice, though it's mainly useful for paranoid people. What you really want to concentrate about is not getting bad stuff on your computer, once it's there it's too late anyway. So, outbound protection will only help you getting frustrated because of popups and non-working windows (SMB/CIFS) filesharing.

You really ought to have a router doing NAT anyway, and never forward all traffic, only the traffic you need. And then you kinda don't need an inbound firewall either.

Recent Kaspersky antivirus now has "Behaviour blocking" built-in, by the way - pretty useful tool.

[mouser]

Outbound protection is nice, though it's mainly useful for paranoid people. What you really want to concentrate about is not getting bad stuff on your computer, once it's there it's too late anyway. So, outbound protection will only help you getting frustrated because of popups and non-working windows (SMB/CIFS) filesharing.

Actually i would disagree with this and say that
outbound protection is extremely enlightening if you are curious about what applications do, where they are connecting, and what could be going wrong.  in addition to preventing bad programs from doing bad things (which as f0dder alludes to is probably too late to help you much once installed), it can be extremely useful in identifying programs that are merely annoying in connecting home, etc.

[f0dder]

mouser, that's where the "paranoid" comes in (yeah, I personally find that interesting myself, but regular users don't really need it).

[Mizraim]

mouser, that's where the "paranoid" comes in (yeah, I personally find that interesting myself, but regular users don't really need it).

-f0dder (October 05, 2006, 05:09 PM)

Yeah... we're not all elite users like you!   

[f0dder]

mouser, that's where the "paranoid" comes in (yeah, I personally find that interesting myself, but regular users don't really need it).

-f0dder (October 05, 2006, 05:09 PM)

Yeah... we're not all elite users like you!   

-Mizraim (October 05, 2006, 05:40 PM)

Heh, I don't need it either - in fact I don't run any firewall software now because I find it to be a nuisance, and I'm protected well by my NAT'ing router. (And I'm not elite, really.(I'm just an elitist))

[JavaJones]

What do I do if my Windows Firewall has been asking me about allowing outgoing connections?

I used to recommend Sygate, but after it stopped being free I took a more serious look at the built-in XP firewall and you know, I kind of liked what I saw. It doesn't ask about things excessively, it provides reasonable protection, and as others have mentioned A: lots of routers and even cable/DSL modems provide firewalls these days and B: a lot of the stuff an outbound protecting firewall supposedly handles could and probably should be handled (on a different level) by something like Windows Defender.

Personally I think most firewall apps are really going waaay overboard. There are very, very few firewalls compatible with the needs of "Average Joe". All the added script blocking, ad blocking, redirect blocking, cookie blocking, etc. is just stupid IMO. As a computer consultant I have just had waaay too many people complain about this stuff. You put them back on the Windows firewall and hey, presto, no security problems and no annoyances. Good lord, if *Microsoft* can do it, why can't anyone else?

Speaking of excessive paranoia and cookies, has anyone ever actually had a problem with them? Tons and tons of applications detect and warn you about them, lots of people have things set to block them, etc, etc. and yet I've only found annoyance and less functional sites in doing that, and never had a problem just allowing them. I'm all for protecting privacy, but this stuff has never seemed like a major invasion to me. Maybe it's just because I'm not surfing naughty sites though.

- Oshyan

[AdIyhc]

.....You put them back on the Windows firewall and hey, presto, no security problems and no annoyances. Good lord, if *Microsoft* can do it, why can't anyone else?

Speaking of excessive paranoia and cookies, has anyone ever actually had a problem with them?........

-JavaJones (October 05, 2006, 07:19 PM)

All the extras 3rd party firewalls add is to justify the yearly subscriptions. More functions, more bugs/crashes.

As for cookies, I turn off cookies unless I need them and clear them upon exit. It isn't that hard/troublesome since browsers nowadays can do this automatically.

[app103]

He had a way of destroying computers just by using them for five minutes, and not actually do anything wrong. I could watch him and he wouldn't be doing anything I wouldn't do and all sorts of error messages would pop up or it would crash.

-Deozaan (October 05, 2006, 02:00 AM)

That's known as Negative Electrostatic Charisma (NEC). It's when you are cursed by the computer gods and freaky things happen that shouldn't...with no reasonable explanation.

My dad says it comes from doing something that offends the computer gods and in retaliation they put this curse upon you for the rest of your life, and to all your offspring (it becomes genetic).

It's the only explanation I can give for why pc's running win2k have a BSOD if my daughter gets within a foot of them....and why portable CD players go crazy and spin disks at hyperspeed when she uses them....and digital cameras shorting out when she turns them on.

I was almost believing it skipped a generation and then remembered how I was stuck using a P1 that said "NEC Ready" on the case for 3 years (oh, the irony!), because my P3 died immediately after I hit the backspace key in notepad. 

Oh, yeah...and my dad...

Windows forgot his pass was supposed to work, for a day...locked him out of the pc...then remembered the next and worked just fine. Only 1 of a series of weird experiences I have seen happen to my dad.

[Deozaan]

He had a way of destroying computers just by using them for five minutes, and not actually do anything wrong. I could watch him and he wouldn't be doing anything I wouldn't do and all sorts of error messages would pop up or it would crash.

-Deozaan (October 05, 2006, 02:00 AM)

That's known as Negative Electrostatic Charisma (NEC). It's when you are cursed by the computer gods and freaky things happen that shouldn't...with no reasonable explanation.

My dad says it comes from doing something that offends the computer gods and in retaliation they put this curse upon you for the rest of your life, and to all your offspring (it becomes genetic).

-app103 (October 06, 2006, 04:27 AM)

This is the Shawn from the podcast #2, whose first computer memory was looking up porn on the internet, so. . . Maybe that angered the computer gods. 

[Carol Haynes]

Speaking of excessive paranoia and cookies, has anyone ever actually had a problem with them? Tons and tons of applications detect and warn you about them, lots of people have things set to block them, etc, etc. and yet I've only found annoyance and less functional sites in doing that, and never had a problem just allowing them. I'm all for protecting privacy, but this stuff has never seemed like a major invasion to me. Maybe it's just because I'm not surfing naughty sites though.

-JavaJones (October 05, 2006, 07:19 PM)

You are probably right on cookies - however if you want to keep the number of them down to a dull roar (ie. just the useful ones that keep you logged in to useful site) use CrapCleaner to remove your cookies regularly. You can specify which ones to keep and it works with IE and Firefox without problems - it will also let you clear up a lot of other rubbish too. Worth a look to keep things tidy.

[kimmchii]

Speaking of excessive paranoia and cookies, has anyone ever actually had a problem with them? Tons and tons of applications detect and warn you about them, lots of people have things set to block them, etc, etc. and yet I've only found annoyance and less functional sites in doing that, and never had a problem just allowing them. I'm all for protecting privacy, but this stuff has never seemed like a major invasion to me. Maybe it's just because I'm not surfing naughty sites though.

-JavaJones (October 05, 2006, 07:19 PM)

You are probably right on cookies - however if you want to keep the number of them down to a dull roar (ie. just the useful ones that keep you logged in to useful site) use CrapCleaner to remove your cookies regularly. You can specify which ones to keep and it works with IE and Firefox without problems - it will also let you clear up a lot of other rubbish too. Worth a look to keep things tidy.

-Carol Haynes (October 06, 2006, 06:00 AM)

or just use a HOSTS file, all those cookies will be blocked, no need cleaning.

[dk70]

https://addons.mozilla.org/firefox/44/ is the best or at least the most simple way for Firefox users. Icon in status bar changes color according to cookie allowed or not. Hard to block your way out of cookie "problem". Right click and there will be options of "allow, session, block, remove". Disable by default certainly can break some site and features, have to go through a "learning mode". I just got Visa card today and so thought I might as well sign up at pay-pal. Got kicked back to registration page over and over - no cookie means no registration though it said I punched in wrong verification number. Had just installed Permit cookies yesterday so still adjusting.

[JavaJones]

I know there are a ton of ways to deal with cookie management, some easy, some harder and/or more in-depth. What I'm asking is *why bother*? No one has yet said why anyone should really care, or talked about a bad experience or example of badness related to cookies. It seems to just sort of be accepted that "it's bad, mmmkay?" and so everyone uses all these products to handle it. I don't get it. I don't bother and have never had a problem.

- Oshyan

[mouser]

i used to have cookie blocker till i realized it was just an annoyance.
i think if you are worried about tracking the most reasonable solution is to have something that accepts all cookies, but then deletes most when you exit/start browser.  blocking cookies by default is a good recipe for not being able to navigate modern websites.

[kimmchii]

blocking cookies by default is a good recipe for not being able to navigate modern websites.

-mouser (October 06, 2006, 03:56 PM)

i have a huge host file, 42K entries and i have never had website nagivation problems. 99.99% of tracking cookies/sites/adverts are all blocked.

[f0dder]

blocking cookies by default is a good recipe for not being able to navigate modern websites.

-mouser (October 06, 2006, 03:56 PM)

i have a huge host file, 42K entries and i have never had website nagivation problems. 99.99% of tracking cookies/sites/adverts are all blocked.

-kimmchii (October 06, 2006, 04:09 PM)

Again, the question is: why?