Windows XP firewall against all others: what's wrong with ..

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Hi,

ZoneAlarm 5 crash with eMule.
Sygate Personal Firewall block my connection when modem adsl re-connect
(so first time is all ok, but if I lost connection and then reconnect, no
program seems can access to internet).
Kerio drives me crazy. Each 5 minutes it asks if eMule can accept on a
new port and so on.

I'm bored. I'm using only Windows XP firewall. What's wrong with it? Can
someone tell me a REAL trojan attack this firewall can't block?

Please help.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

> ZoneAlarm 5 crash with eMule.
> Sygate Personal Firewall block my connection when modem adsl
re-connect
> (so first time is all ok, but if I lost connection and then reconnect, no
> program seems can access to internet).
> Kerio drives me crazy. Each 5 minutes it asks if eMule can accept on a
> new port and so on.
>
> I'm bored. I'm using only Windows XP firewall. What's wrong with it?
Can
> someone tell me a REAL trojan attack this firewall can't block?
>
> Please help.

I think it can block the inbound attacks, but you can get a trojan by
downloading software too etc., antivirus not recognizing them all.
And once installed, when the trojan does its thing ... going outside, XP
ICF doesn't give a warning.

I have Sygate, works just fine. But if you had ZA before or any other
firewall installed, even while not running, problems might be cause of that.
ZA being hard to uninstall.

Never had any trojans though 😉

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"anonimo" <anonimo@anonimo.it> wrote in
news:S6_zc.480287$rM4.19802414@news4.tin.it:

> Hi,
>
> ZoneAlarm 5 crash with eMule.
> Sygate Personal Firewall block my connection when modem adsl
> re-connect
> (so first time is all ok, but if I lost connection and then reconnect,
> no program seems can access to internet).
> Kerio drives me crazy. Each 5 minutes it asks if eMule can accept
> on a
> new port and so on.
>
> I'm bored. I'm using only Windows XP firewall. What's wrong with
> it? Can
> someone tell me a REAL trojan attack this firewall can't block?
>
> Please help.
>
>
>

There is nothing wrong with XP's FW. Currently, the product doesn't have
outbound protection such as application control (stop trojans if you need
that). That will change with the release of SP 2 for XP and it will have
app control. The FW will also be able to get the TCP/IP connection first
at boot as well, which is a vulnerable area for PFW(s) that cannot get
there first.

There is another element on the XP O/S called IPsec which can be used to
supplement the XP FW. IPsec can stop inbound or outbound by port,
protocol or IP.

It's simple to implement with the AnalogX Secpol file.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm

IPsec is discussed on the XP link.

http://www.uksecurityonline.com/index5.php

You want to watch for Trojans, then use Active Ports (free) and put a
shout-cut for it in the Start-up folder and use it on a routine basis; it
will tell you what is connecting inbound and outbound.

http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and
_Rootkit_Tools_in_a_Windows_Environment.html

Duane

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

In article <Z54Ac.482938$rM4.19912910@news4.tin.it>, anonimo@anonimo.it
says...
> Thx to all for your responses. I always use Active Ports (I look at it each
> 5 minutes ;-) and I'm quite secure I don't have trojans installed. I want to
> know if Windows Firewall really blocks my ports against external attacks and
> you say yes. So it's good for me. I'll wait SP2 for XP.

The problem with only using the XP firewall is that if there is a hole
in the OS that lets something get past your pseudo-firewall then you
entire machine is compromised.

If you have something as simple as a router with NAT, you have a layer
that does not rely on you to configure it, and does not get corrupted
should your machine be compromised by a virus or worm.

If you have a DSL or Cable connection you would have a router/nat device
in front of your computer.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

> But if you had ZA before or any other
> firewall installed, even while not running, problems might be cause of
that.
> ZA being hard to uninstall.

Thx a lot, perhaps you are right and ZA 5 really could be on my system,
nevertheless I uninstalled it.