G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

The router has a built in firewall on the hardware. Is it safe enough not
installing another firewall but with just the window SP2 firewall? Does
adding a 3rd party fire wall provide better protection?

If the computer is left on to receive fax and the brower is not opened, will
it still expose to hackers? Internet cable connection is on.
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Your router, and XP's firewall only stop inbound traffic. They don't stop outbound traffic. 3rd party firewalls do both.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"kenlo" <kenlo@discussions.microsoft.com> wrote in message news:CBA01781-7735-4F28-AC79-4ECE0C9BA07B@microsoft.com...
> The router has a built in firewall on the hardware. Is it safe enough not
> installing another firewall but with just the window SP2 firewall? Does
> adding a 3rd party fire wall provide better protection?
>
> If the computer is left on to receive fax and the brower is not opened, will
> it still expose to hackers? Internet cable connection is on.
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

kenlo wrote:
> The router has a built in firewall on the hardware. Is it safe enough not
> installing another firewall but with just the window SP2 firewall? Does
> adding a 3rd party fire wall provide better protection?
>
> If the computer is left on to receive fax and the brower is not opened, will
> it still expose to hackers? Internet cable connection is on.


No, WinXP's built-in firewall won't cause any problems in this
case, nor will it provide any added protection.

If you use a router with NAT, it's still a very good idea to use a
3rd party software firewall. Like WinXP's built-in firewall,
NAT-capable routers do nothing to protect the user from him/herself
(or any "curious," over-confident teenagers in the home). Again --
and I cannot emphasize this enough -- almost all spyware and many
Trojans and worms are downloaded and installed deliberately (albeit
unknowingly) by the user. So a software firewall, such as Sygate or
ZoneAlarm, that can detect and warn the user of unauthorized out-going
traffic is an important element of protecting one's privacy and
security. (Remember: Most antivirus applications do not even scan for
or protect you from adware/spyware, because, after all, you've
installed them yourself, so you must want them there, right?)

I use both a router with NAT and Sygate Personal Firewall, even
though I generally know better than to install scumware. When it
comes to computer security and protecting my privacy, I prefer the old
"belt and suspenders" approach. In the professional IT community,
this is also known as a "layered defense." Basically, it comes down
to never, ever "putting all of your eggs in one basket."

WinXP's built-in firewall is adequate at stopping incoming attacks,
and hiding your ports from probes. What WinXP SP2's firewall does not
do, is protect you from any Trojans or spyware that you (or someone
else using your computer) might download and install inadvertently.
It doesn't monitor out-going traffic at all, other than to check for
IP-spoofing, much less block (or at even ask you about) the bad or the
questionable out-going signals. It assumes that any application you
have on your hard drive is there because you want it there, and
therefore has your "permission" to access the Internet. Further,
because the Windows Firewall is a "stateful" firewall, it will also
assume that any incoming traffic that's a direct response to a
Trojan's or spyware's out-going signal is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even the commercially
available Symantec's Norton Personal Firewall is superior by far,
although it does take a heavier toll of system performance then do
ZoneAlarm or Sygate.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In article <CBA01781-7735-4F28-AC79-4ECE0C9BA07B@microsoft.com>,
kenlo@discussions.microsoft.com says...
> The router has a built in firewall on the hardware. Is it safe enough not
> installing another firewall but with just the window SP2 firewall? Does
> adding a 3rd party fire wall provide better protection?

What router is it - if it's a Linksys it doesn't have a firewall, it
just has NAT - in fact, MOST of the routers under $200 are just simple
NAT devices that only protect as part of the normal 1:Many NAT methods -
which is not the same as a firewall.

In most cases, a simple NAT router will block all of the "unsolicited"
inbound traffic that you need to block. It will NOT block anything
outbound by default - so anything you install (even if you don't know
it) can phone home and get instructions or other programs to install on
your computer.

> If the computer is left on to receive fax and the brower is not opened, will
> it still expose to hackers? Internet cable connection is on.

If the computer is connected to the Internet by any means, even if it's
not logged it as a user, it's still possible to crack it. With most
routers and NAT, as long as the machine is not compromised already,
running a good AV software in real-time, and you use a non-IE browser,
and you DO NOT RUN AS AN ADMINISTRATOR level account, you can be
reasonably secure.


--

spam999free@rrohio.com
remove 999 in order to email me
 

TRENDING THREADS