XP Firewall Recomendations

jackz4000

New Member
Never used XP. I am going to setup XP Home on my new laptop tomorrow. Says XP has a firewall. How good is it? I had planned to install Mcafee Firewall & Anti-virus. Can I run both the XP and Mcafee Firewalls? Or do I get rid of one? Which one? Better and less resource hungry Firewalls and Anti-virus recomendations? Thanks, Jack

Its for an '04 Dell D600 lappy, 1.6mgz Centrino, 512mb, 40gb HD, PC2700.
 

Doom_Machine

New Member
xp's firewall will not intercept outgoing traffic, so say if you had a keylogger or whatever, it will still beable to send out, go ahead and use your mcafee firewall.
hardware firewall would be best for resources..i use nvidia's
 

Nini

New Member
Use the McAfee one or Download a different firewall like Zonealarm , and use one of those instead of the windows firewall.
 

loque

New Member
xp's firewall will not intercept outgoing traffic, so say if you had a keylogger or whatever, it will still beable to send out, go ahead and use your mcafee firewall.
That's not strictly true. With Service Pack 2, the Windows Firewall will block apps and popup a message if they create a listening socket, which many trojans do since they want to accept incoming connections.

The only thing the Windows Firewall doesn't do is monitor apps creating outgoing connections.
 

SirKenin

banned
Whatever you do, don't install that Mcaffee garbage. That's all it is. Go for Avast! and Zone Alarm if you don't trust the firewall in SP2.
 

jackz4000

New Member
Thanks, I'll definitely try Avast and Zonealarm. Never cared much for the Mcafee, especially the Anti-Virus, too intrusive and hungry and would glitch. I'll be happy to see Mcafee go.

I have XP Pro Svc Pack 1. Will using that firewall be enough to use to download Zonealarm and Avast and the XP Updates? Then I would just uninstall the XP Firewall? Cheers, Jack

Absolutely love this board. So much good information and posters.
 

Burgerbob

Active Member
There is no firewall with SP1, or so i am informed. Just hurry and get your Zone Alarm, then download SP2.
 

tlarkin

VIP Member
if you are on a broadband internet connection I recomend getting a router with built in firewall and NAT, which will be much better security over just a software firewall. Anyone who works in network security will tell you layered security is the best way, and have a machine that is outside your network taking the hits first is much more secure than letting things be protected by the software on that machine.

and if you are using wireless don't bother buying any router that doesn't support WPA security. Things like WEP and mac address filtering can be easily broken with readily availbed downloadble utilities that anyone can access.
 

loque

New Member
There is no firewall with SP1, or so i am informed.
You have been misinformed. ICS has been in XP since the beginning (even with no service packs applied). It was renamed Windows Firewall and improved with some outbound filtering capability in SP2 though.
 

soccerdude

New Member
if you are on a broadband internet connection I recomend getting a router with built in firewall and NAT, which will be much better security over just a software firewall. Anyone who works in network security will tell you layered security is the best way, and have a machine that is outside your network taking the hits first is much more secure than letting things be protected by the software on that machine.

and if you are using wireless don't bother buying any router that doesn't support WPA security. Things like WEP and mac address filtering can be easily broken with readily availbed downloadble utilities that anyone can access.

How can they be broken? I dont want to know programs but is it really that easy?
 

tlarkin

VIP Member
Easy with available downloadable tools. For instance check this out

http://www.remote-exploit.org/index.php/Auditor_main

put it this way, a 12 year old can download this and run it, and think they are a haxor. I work in the IT field and network security is part of my job, I never recomend anything but routers with NAT and WPA for all my clients. Layered security is best, havign the firewall on your system is good, but it by no means the best of safest method of security.
 

jackz4000

New Member
Well tlarkin, that was a scary link. When I look at my firewall logs I am a bit aghast with all the hits my ports get in just the couple hours my computer is on in one day. Sooner or later.....they gotta get to me.

I don't have a router for my computers yet, just swap out ethernet cables to the modem. I've been putting off a router for a couple of reasons. I like the convenience of wireless, but I live on the side of a mountain and the DSL company tells me I will be broadcasting my wifi all over the place, hence good security is mandatory. And for some reason I like the security of an ethernet cable...call me crazy...but I do. OTOH....I dread wiring the whole house. It will be a big job with lottsa wallfishing all over this old house.

NAT hardware firewall? Any good recommendations at a decent price for a poor farm boy in Vermont? 2 lines of defense make good sense to me, Cheerio, Jack
 

loque

New Member
NAT hardware firewall? Any good recommendations at a decent price for a poor farm boy in Vermont? 2 lines of defense make good sense to me, Cheerio, Jack
That's a great school of thought. The more levels of security, the better. One thing you'll notice when you eventually put your machines behind a NAT router is that the firewalls on the machines suddenly go silent. This is obviously because any "unsolicited" traffic such as port scans and the like are filtered at the router, before they reach any of the machines.

I'd go as far to say that you don't need a software firewall on your machines if you're sure you won't be getting infected with keyloggers etc, but the extra protection can't hurt. Personally, I don't run software firewalls on any of my machines, though I do enable the Windows Firewall on my laptop if I go mobile with it.

You can get wired NAT routers and wired and wireless NAT routers. If you aren't planning on using wireless then obviously you don't need one or you can disable the Wi-Fi radio. If you do go wireless then securing it is as simple as enabling WPA and using a strong password like those based on raw material from here. Set it and forget it.

I don't live in the U.S. so I'm not sure what they cost over there, but Netgear or Belkin are the most commonly used and the Netgear WRT-54G can be picked up fairly cheaply.
 
Top