re: MSFT SP2 firewall v. other firewalls
kidl,
Thanks for that article.
While it contains enough information to fill an encyclopedia,
its written in Simple Speak.
The thecow might put the link into this threads header
for easy reference in the months ahead of us.
Below I did a few Copies & Pastes from the article that highlights
how well the article was written, and hopefully useful to us.
I place the very end at the top.
The article is segmented as follows:
- Improved Internet Explorer
- Enhancements to Outlook Express
- Windows Firewall
---
From: rrufff
Has anyone taken a look at the new MSFT firewall
and decided whether it is good enough to take the place
of ZoneAlarm or other firewalls?
---
To:rrufff
From: kidl
Doesn't sound like it's a true replacement:
abcnews.go.com
---
Recommendations
While SP2 won't make us impervious to attacks, it's a big step forward in many areas and should be considered a must-have update. SP2 provides more efficient patching, a stronger and easier firewall, a pop-up blocker, and several other improvements, including many under the hood.
Unfortunately, all this protection doesn't come small.
Depending on how up to date your patches are, the SP2 download will probably be between 100MB and 300MB. That's definitely too big for dial-up users. And it's enough to make a lot of people stick with the status quo, which is a bad, bad thing. Consumers should be able to order a CD, however, around the same time SP2 becomes available for download via Windows Update.
Copyright © 2004 Ziff Davis Media Inc. All Rights Reserved.
Copyright © 2004 ABCNEWS Internet Ventures.
---
Though the final lists of supported applications aren't
yet available, SP2 will monitor a number of third-party antivirus and firewall products and warn users if they are turned off or out of date.
---
Although these won't make a visible difference in your day-to-day experience, they're important steps toward keeping you safer. Now we'll take a detailed look at three areas where SP2's changes will be apparent: Windows Firewall, Internet Explorer, and Outlook Express.
---
Windows Firewall
If all Windows XP users had enabled the operating system's
Internet Connection Firewall (ICF), they would have been protected from worms like Nimda, Blaster, and Sasser. But the ICF was disabled by default, and its low profile meant many users never noticed it. In addition, when users did enable it, the ICF blocked desired tasks like sharing a network printer, except for those users expert enough to open specific ports manually.
Microsoft has learned something from experience:
The Windows Firewall in SP2, which replaces the ICF,
is substantially easier to use and configure, and offers
greater security — and it's enabled by default.
And protection now begins the moment the computer boots up.
During the boot process, the firewall watches network traffic
by using stateful packet inspection (SPI), checking every
incoming data packet against the record of outgoing requests
for data. If any incoming packet doesn't match a request,
Windows Firewall discards it.
---
A complete lockdown by Windows Firewall would provide total protection — but block file and printer sharing, instant
messaging, remote access, and other useful functions. Windows
Firewall automatically offers to enable file and printer sharing,
restricted by default to the local network. A number of other
common exceptions are predefined in the configuration dialog.
---
This program-specific exceptions feature is not the same as the "program control" offered by third-party personal-firewall products such as Norton Internet Security (NIS) and ZoneAlarm Security Suite. Those products also prevent unknown programs from sending traffic out to the Internet; Windows Firewall does not.
But the first time an unauthorized program tries to open itself to receiving incoming packets, Windows Firewall pops up a notice similar to those you'd see from NIS or ZoneAlarm. Users can unblock the program, keep blocking it without further notices, or block it without changing its "first-time" status.
---
Two distinct profiles are available: a domain profile for use when the computer is connected to the corporate network, and a standard profile (typically more restrictive) to be used when the computer is connected outside the company, for example when an employee is traveling. In addition, traveling users can check a box to suspend all exceptions temporarily while retaining the settings. For example, you could disable file sharing and Remote Desktop when connected to an unsafe public network and easily restore them upon your return to the office.
---
... has included a programmatic interface for Windows Firewall that allows an application to do things like set FirewallEnabled to FALSE, add itself to the list of AuthorizedApplications, or change the configuration of GloballyOpenPorts. Our concern here is that a malicious application could turn off Windows Firewall or, more likely, mark itself as an authorized application. Corporate administrators can disable some or all local configurations, which will prevent programs from making changes; but ultimately, Microsoft maintains, individuals still have to be smart about what apps they run.
---
Although Windows Firewall is a big improvement over ICF, it still doesn't provide all the protection that you'd get from a third-party firewall, even a free one. It won't stop malicious programs from connecting to the Internet. When a program tries to open a port, Windows Firewall won't help users decide whether to allow it. And it can't notify users of intrusion attempts. We still recommend using Windows Firewall only until you can add a third-party personal firewall. But those who don't heed (or never hear) this advice will at least be significantly better protected under Windows XP SP2 than they were before.
---
Improved Internet Explorer
While Internet access is indispensable for modern business and home computers, it also enables attacks by spyware, viruses, pop-ups, and other intruders. Security enhancements in Windows XP SP2's Internet Explorer (it's still Version 6) will help keep them out
---
Enhancements to Outlook Express
These days, your in-box is a dangerous place to visit.
One oh-so-sincere message may persuade you to launch
an unsafe attachment. Another may steal personal information the moment you preview it. Since Outlook Express comes free with the operating system, it's the e-mail client of choice for a large segment of the population. In SP2, Outlook Express offers significantly better protection against unsafe attachments and personal-information theft
---
- stop - |
