Old 11th November 2006, 13:28   #1
Koopa
16-Bit Moderator
 
Koopa's Avatar
 
Join Date: Apr 2004
Posts: 4,341
How secure is Windows XP Firewall?!



I guess, no more words are needed.
Koopa is offline   Reply With Quote
Old 11th November 2006, 14:14   #2
ujay
Forum King
 
ujay's Avatar
 
Join Date: Jul 2001
Location: London
Posts: 6,072


Is that Laurel & Hardy I see pulling up at the kerb.

UJ
ujay is offline   Reply With Quote
Old 12th November 2006, 01:31   #3
swingdjted
DRINK BEER NOW
(Forum King)
 
swingdjted's Avatar
 
Join Date: Feb 2006
Location: Northern West Virginia
Posts: 9,990
Send a message via AIM to swingdjted Send a message via Yahoo to swingdjted
Shit, I'd be careful with that one. It may have rained the past night, meaning I'd get my pants wet trying to pass through that.

Don't forget to live before you die.
swingdjted is offline   Reply With Quote
Old 16th November 2006, 16:48   #4
MegaRock
Forum King
 
MegaRock's Avatar
 
Join Date: Jul 2003
Location: Inside my water bong
Posts: 6,855
Send a message via ICQ to MegaRock Send a message via Yahoo to MegaRock
Hey, someone needs to pick up the doggy doo in the yard as well. That's a safety hazard.

Megarock Radio - St. Louis Since 1998!
Tune In Now!
Corporate Radio Sucks! No suits, all rock!
MegaRock is offline   Reply With Quote
Old 21st November 2006, 16:27   #5
shakey_snake
Forum Domo
 
shakey_snake's Avatar
 
Join Date: Jan 2004
Location: Everyone, get over here for the picture!
Posts: 4,313
XP's firewall isn't any worse than any other software firewall.
If you want real protection you need to sit behind an NAT router.


elevatorladyelevatorladyelevatorladyelevatorladyelevatorladylevitateme
shakey_snake is offline   Reply With Quote
Old 21st November 2006, 16:28   #6
k_rock923
\m/
(Forum King)
 
k_rock923's Avatar
 
Join Date: Jul 2003
Location: /bin/bash
Posts: 7,850
Send a message via AIM to k_rock923
it's sure not as good as iptables.

Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway.
k_rock923 is offline   Reply With Quote
Old 21st November 2006, 16:44   #7
shakey_snake
Forum Domo
 
shakey_snake's Avatar
 
Join Date: Jan 2004
Location: Everyone, get over here for the picture!
Posts: 4,313
ok so...
XP's firewall isn't any worse than any other windows software firewall.


elevatorladyelevatorladyelevatorladyelevatorladyelevatorladylevitateme
shakey_snake is offline   Reply With Quote
Old 21st November 2006, 17:02   #8
k_rock923
\m/
(Forum King)
 
k_rock923's Avatar
 
Join Date: Jul 2003
Location: /bin/bash
Posts: 7,850
Send a message via AIM to k_rock923
Except that it doesn't do anything for outbound traffic.

Neither does a NAT router, for that matter.

Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway.
k_rock923 is offline   Reply With Quote
Old 21st November 2006, 19:10   #9
shakey_snake
Forum Domo
 
shakey_snake's Avatar
 
Join Date: Jan 2004
Location: Everyone, get over here for the picture!
Posts: 4,313
No software firewall can fix a compromised system.
Monitoring outbound traffic is for NRA members with carpal tunnel (aka people with a illogical obsesesson for protection who like to close pop-ups).


elevatorladyelevatorladyelevatorladyelevatorladyelevatorladylevitateme
shakey_snake is offline   Reply With Quote
Old 21st November 2006, 19:21   #10
k_rock923
\m/
(Forum King)
 
k_rock923's Avatar
 
Join Date: Jul 2003
Location: /bin/bash
Posts: 7,850
Send a message via AIM to k_rock923
It's a symptom of malware infection. If my system had caught some malware and it was phoning home, I'd sure want to know about it.

Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway.
k_rock923 is offline   Reply With Quote
Old 21st November 2006, 19:49   #11
shakey_snake
Forum Domo
 
shakey_snake's Avatar
 
Join Date: Jan 2004
Location: Everyone, get over here for the picture!
Posts: 4,313
but an outbound-monitoring-firewall is no guarantee you'll know about it (because it too may be compromised)

But you sure are guaranteed to be bothered by any number of legitiment programs you run.
Not a particularly valuable trade-off, IMO.


elevatorladyelevatorladyelevatorladyelevatorladyelevatorladylevitateme
shakey_snake is offline   Reply With Quote
Old 21st November 2006, 19:56   #12
k_rock923
\m/
(Forum King)
 
k_rock923's Avatar
 
Join Date: Jul 2003
Location: /bin/bash
Posts: 7,850
Send a message via AIM to k_rock923
It's my job to worry about such things.

Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway.
k_rock923 is offline   Reply With Quote
Old 21st November 2006, 20:41   #13
Sawg
Forum King
 
Join Date: Jun 2000
Location: Phoenix, AZ
Posts: 7,456
Send a message via ICQ to Sawg Send a message via AIM to Sawg Send a message via Yahoo to Sawg
I find an outbound monitoring software firewall is good for catching malware trying to phone home, or even non-malware trying to phone home without permission. And it was less of a system strain to run a firewall all the time instead of an Antivirus scanner.

| Brought to you by ^V ^C | The one... the original... no seriously!
Sawg is offline   Reply With Quote
Old 21st November 2006, 20:49   #14
swingdjted
DRINK BEER NOW
(Forum King)
 
swingdjted's Avatar
 
Join Date: Feb 2006
Location: Northern West Virginia
Posts: 9,990
Send a message via AIM to swingdjted Send a message via Yahoo to swingdjted
All of the firewalls I have tried have proven ineffective at blocking fire.

Fucking ripoff.

Don't forget to live before you die.
swingdjted is offline   Reply With Quote
Old 21st November 2006, 21:52   #15
zootm
Forum King
 
zootm's Avatar
 
Join Date: Jan 2002
Location: the nether reaches of bonnie scotland
Posts: 13,375
Quote:
Originally posted by shakey_snake
No software firewall can fix a compromised system.
There is no system in existence which can fix all problems; a software firewall will block a large number of attack vectors and will be capable of monitoring traffic generated by any system which does not specifically subvert the software or the API it uses, which is pretty good without extra hardware.

zootm is offline   Reply With Quote
Old 22nd November 2006, 14:18   #16
Mattress
Forum King
 
Mattress's Avatar
 
Join Date: Jun 2003
Location: Milwaukee
Posts: 4,577
I run neither a software firewall or anti-virus. Rarely ever have any problems.
Mattress is offline   Reply With Quote
Old 22nd November 2006, 22:00   #17
k_rock923
\m/
(Forum King)
 
k_rock923's Avatar
 
Join Date: Jul 2003
Location: /bin/bash
Posts: 7,850
Send a message via AIM to k_rock923
Correct. Good browsing habits will avoid almost any problem. However, it never hurts to be safe.

Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway.
k_rock923 is offline   Reply With Quote
Old 22nd November 2006, 22:34   #18
Mattress
Forum King
 
Mattress's Avatar
 
Join Date: Jun 2003
Location: Milwaukee
Posts: 4,577
I do a pandascan every 45 months
Mattress is offline   Reply With Quote
Old 23rd November 2006, 08:49   #19
rockouthippie
Banned
 
rockouthippie's Avatar
 
Join Date: Jun 2004
Location: Oregon
Posts: 11,002
Quote:
Originally posted by k_rock923
Correct. Good browsing habits will avoid almost any problem. However, it never hurts to be safe.
The thing is "Where there's an activex control, they'res a way". So yeah....

If you want to run your computer and don't want to spend $100 a year for virus packages, Firefox is the bullet.

Using IE with a virus scanner is possibly risky. Using IE with no virus protection is instant death. Firewalls will stop incoming attacks, but it won't stop an infected computer from transmitting private information.

Rather than running the windows firewall I prefer to set the firewall manually in the TCP/IP filter. I trust that more than windows firewall and it's less of a nuisance.

And you're right, it's sure not ipchains. This gets really obvious in the windows 2003 server dedicated machine I lease.
rockouthippie is offline   Reply With Quote
Old 23rd November 2006, 16:01   #20
k_rock923
\m/
(Forum King)
 
k_rock923's Avatar
 
Join Date: Jul 2003
Location: /bin/bash
Posts: 7,850
Send a message via AIM to k_rock923
Server 2003 really is a good OS though. We use it on almost all of the windows servers here and it works very well.

Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway.
k_rock923 is offline   Reply With Quote
Old 24th November 2006, 02:35   #21
shakey_snake
Forum Domo
 
shakey_snake's Avatar
 
Join Date: Jan 2004
Location: Everyone, get over here for the picture!
Posts: 4,313
Quote:
Originally posted by zootm
There is no system in existence which can fix all problems; a software firewall will block a large number of attack vectors and will be capable of monitoring traffic generated by any system which does not specifically subvert the software or the API it uses, which is pretty good without extra hardware.
"pretty good" isn't worth my rampant clicking or system resources, though. And I very highly doubt it's worth a computer novice's time (considering how long it'd take them to learn a new program, and how effective they'd be with it anyways)


elevatorladyelevatorladyelevatorladyelevatorladyelevatorladylevitateme
shakey_snake is offline   Reply With Quote
Old 24th November 2006, 03:07   #22
k_rock923
\m/
(Forum King)
 
k_rock923's Avatar
 
Join Date: Jul 2003
Location: /bin/bash
Posts: 7,850
Send a message via AIM to k_rock923
pretty good is a lot better than zero

Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway.
k_rock923 is offline   Reply With Quote
Old 28th November 2006, 02:44   #23
gameplaya15143
Major Dude
 
gameplaya15143's Avatar
 
Join Date: Apr 2005
Location: Earth
Posts: 753
Quote:
Originally posted by rockouthippie
Firewalls will stop incoming attacks, but it won't stop an infected computer from transmitting private information.
I don't know what crap you are using (must be windows firewall), but mine blocks both directions. Nothing goes in or out without my permission.
gameplaya15143 is offline   Reply With Quote
Old 28th November 2006, 02:55   #24
mikm
Major Dude
 
mikm's Avatar
 
Join Date: May 2001
Location: somewhere else
Posts: 1,255
Assuming your firewall hasn't been compromised/fooled.

powered by C₂H₅OH
mikm is offline   Reply With Quote
Old 28th November 2006, 10:12   #25
zootm
Forum King
 
zootm's Avatar
 
Join Date: Jan 2002
Location: the nether reaches of bonnie scotland
Posts: 13,375
Quote:
Originally posted by shakey_snake
"pretty good" isn't worth my rampant clicking or system resources, though. And I very highly doubt it's worth a computer novice's time (considering how long it'd take them to learn a new program, and how effective they'd be with it anyways)
The system resources are so minimal as to be completely negligible on any computer released in the past 10 years or so. And for a novice, it can be very beneficial. They need to learn one guideline (don't trust anything when you don't know what it is) and two buttons ("trust", "don't trust"), especially when so few programs actually need incoming connections. I'm not sure there's anything other than software that I wrote myself on my home machine which requires seeing any of the firewall user interface. If a user actually reads prompts (which novice users often do, bizarrely) this is an easy thing to learn. Furthermore blocking incoming connections by default can block a huge number of undisclosed and unpatched vulnerabilities leading from programs expecting connection through loopback.

This is a tremendous return on investment for the system resource and training cost.

zootm is offline   Reply With Quote
Old 29th November 2006, 03:41   #26
rockouthippie
Banned
 
rockouthippie's Avatar
 
Join Date: Jun 2004
Location: Oregon
Posts: 11,002
In other words.

Your computer wont notice a firewall in operation.

Most users won't notice the firewall software much because they don't run servers.

Don't load software when you don't have good reason to trust it.

Firewall software doesn't usually require that you know anything. It's not worth it to learn to do this "by hand" for most people.

Leave it on, because "pretty good is a lot better than zero"

About the only exceptions you're gonna need from filesharing software is bittorrent type stuff. The temptation will be to switch the firewall off rather than configure it right.

Don't. You are broadcasting your IP all over. If you ever needed security software, it's when you are making yourself public, as with gameservers, bittorrent etc.

You'd be amazed at how many computers are wide open. Type in their IP and you're looking at their hard disk. No router, no firewall

Last edited by rockouthippie; 29th November 2006 at 03:59.
rockouthippie is offline   Reply With Quote
Old 29th November 2006, 08:33   #27
swingdjted
DRINK BEER NOW
(Forum King)
 
swingdjted's Avatar
 
Join Date: Feb 2006
Location: Northern West Virginia
Posts: 9,990
Send a message via AIM to swingdjted Send a message via Yahoo to swingdjted
^Mine was like that till the computer teacher at my school visited for a get-together last year and bitched me out for it. Now all's well.

Don't forget to live before you die.
swingdjted is offline   Reply With Quote
Old 29th November 2006, 13:49   #28
Mattress
Forum King
 
Mattress's Avatar
 
Join Date: Jun 2003
Location: Milwaukee
Posts: 4,577
Quote:
Originally posted by rockouthippie
You'd be amazed at how many computers are wide open. Type in their IP and you're looking at their hard disk. No router, no firewall
Eh... wouldn't you need to have configured IIS or something for this to happen?
Mattress is offline   Reply With Quote
Old 29th November 2006, 13:57   #29
zootm
Forum King
 
zootm's Avatar
 
Join Date: Jan 2002
Location: the nether reaches of bonnie scotland
Posts: 13,375
Quote:
Originally posted by Mattress
Eh... wouldn't you need to have configured IIS or something for this to happen?
You'd have to share something of note. On an unpatched XP system (I'm talking pre-SP1, circa 2001) if the user enables the "Guest" account, the "SharedDocs" folder will be visible.

zootm is offline   Reply With Quote
Old 29th November 2006, 23:05   #30
rockouthippie
Banned
 
rockouthippie's Avatar
 
Join Date: Jun 2004
Location: Oregon
Posts: 11,002
Usually you can print on their printer too.....

For curiousity, I had this program that would scan IP blocks for open windows shares. You wouldn't get through 8 bits of the internet and not find a computer that was sharing stuff that you would figure the owner wouldn't want to share.

Without giving a hacking class, the vulnerability zootm mentions here was easily exploitable to gain full control of the machine.

But yeah, 2001 would be about right.... some of these holes are probably plugged, even if you were stupid enough not to use a router.

Last edited by rockouthippie; 29th November 2006 at 23:27.
rockouthippie is offline   Reply With Quote
Old 30th November 2006, 00:25   #31
zootm
Forum King
 
zootm's Avatar
 
Join Date: Jan 2002
Location: the nether reaches of bonnie scotland
Posts: 13,375
Quote:
Originally posted by rockouthippie
Usually you can print on their printer too.....
The printer needs to be explicitly shared too.

Quote:
Originally posted by rockouthippie
But yeah, 2001 would be about right.... some of these holes are probably plugged, even if you were stupid enough not to use a router.
I don't think there's any unpatched exploitable ones at the moment. Windows Firewall will stop internet access of shares anyway.

zootm is offline   Reply With Quote
Old 30th November 2006, 01:21   #32
k_rock923
\m/
(Forum King)
 
k_rock923's Avatar
 
Join Date: Jul 2003
Location: /bin/bash
Posts: 7,850
Send a message via AIM to k_rock923
[nitpick]

A real router lets all traffic pass to the IP. Only a NAT router stops unknown traffic.

[/nitpick]

Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway.
k_rock923 is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Community Center > The Bitchlist

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump