In a whole lot of people's opinion XP's built in firewall sucks. M$ <> security. Bar_Rony, your criticizing ZA because there was a hole a month ago!?!? Windows holes are discovered daily, it seems sometimes! I can't point you to links, but google XP firewall and read some comparative reviews - XP's firewall not only sucks, but throughly sucks! Not to mention that I can't help but believe that big Uncle Bill has stuck in some back door ... I mean hole ... on purpose.merlin said:well, Bar_Rony, not trying to step on your toes, but in my opinion, XP's firewall kinda sucks. I've played around with it and had nothing but trouble. And from most opinions here I concluded that most people that use it have nothing but trouble. Do you know what the actual security hole for ZA was ? and I think if it was a month or two ago, they probably have it patched, so you can probably run an update to fix it.....besides, every other program out there has a some kind of security flaw...thats why we have bugs, patches fixes...whole nine yards
eheh.. well=).. i was sure xp built in was good, guess i was wrong, though i haven't seen any exploit for it yet.Pseudocyber said:In a whole lot of people's opinion XP's built in firewall sucks. M$ <> security. Bar_Rony, your criticizing ZA because there was a hole a month ago!?!? Windows holes are discovered daily, it seems sometimes! I can't point you to links, but google XP firewall and read some comparative reviews - XP's firewall not only sucks, but throughly sucks! Not to mention that I can't help but believe that big Uncle Bill has stuck in some back door ... I mean hole ... on purpose.
I'm using Zone Alarm Pro on my personal and work machines. Using a Linksys "firewall" NAT router - I put firewall in quotes because it's not a real firewall - it does't do stateful packet inspection but only Network Address Translation (NAT) and port forwarding.
At work, we have real firewalls - Checkpoint and PIX.
http://www.pcmag.com/article2/0,4149,2230,00.aspThe Internet Connection Firewall (ICF) included with Microsoft Windows XP is a good start, but it's no substitute for the type of products we review in this story. You enable Windows XP's firewall from the Control Panel's Network Connections applet by choosing the Properties sheet for your Internet connection, going to the Advanced tab, and checking the Internet Connection Firewall checkbox.
Although the ICF does a pretty good job of blocking and hiding your ports from unwelcome probes, it lacks the ability to control programs on your system that are trying to send information out to the Internet. It also doesn't show any information about potential security threats, nor does it give you any means for tracking down their sources.
Although in our testing, ICF itself does a good job of blocking your ports from inbound attacks, the Windows XP operating system hampers some of the firewalls we review from doing so. The same programs had no problem blocking ports under Win 98.
http://www.securityfocus.com/infocus/1620Windows ICF may cause some problems, especially for corporate users and power users who need more control of their firewall. Some of the problems listed below may be difficult for some users to accept.
ICF breaks a lot of applications. This is arguably a good feature for a firewall, after all, firewalls are designed to stop traffic. However, the inability to create granular access rules and specify “trusted” hosts encourages users to just shut it off. ICF doesn’t support RPC, so message notification in Outlook will not function properly. In addition, services such as file sharing won’t work.
ICF does not perform any outbound filtering. This is by design; however, it makes ICF useless against Trojans and other malicious applications that “phone home”.
ICF lacks real-time notification of attacks. ICF can be configured to log allowed or denied traffic in a file; however, no real time notification is available.
The ability of applications to dynamically open ports requires administrative-level privileges. If you’re applying the "Principle of Least Privileges" and your account is only a “limited” account, the applications you run will not be able to take advantage of the ICF programmatic API and open up ports dynamically.
ICF is an excellent security tool for most people. It blocks most attacks from the Internet. And it works automagically with applications that are aware of the ICF API. It has support for industry standard protocols like FTP, H.323, and PPTP. However, if you are a corporate user and/or a power user, you’ll probably want another personal firewall that allows more granular control. Without the granular control, power users are forced to disable the firewall in order to get some applications to work. My advice: use ICF if it works for you; if you have been forced to turn off the firewall (like I have), go out and buy a personal firewall with more buttons that you can tweak. For more information on alternative firewalls, the following SecurityFocus article is an excellent discussion: Securing Privacy, Part Two: Software Issues.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-059.aspMicrosoft Security Bulletin MS01-059 Print
Unchecked Buffer in Universal Plug and Play can Lead to System Compromise
Originally posted: December 20, 2001
Updated: May 09, 2003
Who should read this bulletin: Customers using Microsoft® Windows® ME or XP, or who have installed the Windows XP Internet Connection Sharing client on Windows 98 or 98SE.
Impact of vulnerability: Run code of attacker’s choice.
Maximum Severity Rating: Critical
Recommendation: Microsoft strongly urges all Windows XP customers to apply the patch immediately. Customers using Windows 98, 98SE or ME should apply the patch if Universal Plug and Play support is installed and running.
Microsoft Windows 98
Microsoft Windows 98SE
Microsoft Windows ME
Microsoft Windows XP
http://hackinthebox.org/article.php?sid=9935Microsoft XP Firewall ICF Crumbles from L33tdawg
Wed May 21 @ 10:45 (Reads: 231)
Microsoft has released a knowledge base article in which the Redmond based company admits that their integrated firewall solution, which customers have inadvertently been encouraged to use, lacks the ability to block suspicious data traffic using Internet Protocol version 6 (IPv6). This is a small but embarrasing statement by Microsoft, which has been working on IPv6 since 1998. Not only Windows XP is affected by the issue but the recently released Windows Server 2003 versions are as well. IP version 6 (IPv6) is a new version of the Internet Protocol, designed as the successor to IP version 4 (IPv4) which allows expanded addressing capabilities, header format simplification and improved support for extensions and options among a variety of other new features.