Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > SP2/firewall

Reply
Thread Tools

SP2/firewall

 
 
JOHANNA NORDMYR
Guest
Posts: n/a
 
      01-21-2005
Iīve just recently installed the SP2 and decided to use the firewall
included, instead of Nortonīs. As far as I can tell it seems to be working
okay, but some of the icons are giving me a headache... At some websites
"integrety report" pops up. Why??


 
Reply With Quote
 
 
 
 
winged
Guest
Posts: n/a
 
      01-22-2005
JOHANNA NORDMYR wrote:
> Iīve just recently installed the SP2 and decided to use the firewall
> included, instead of Nortonīs. As far as I can tell it seems to be working
> okay, but some of the icons are giving me a headache... At some websites
> "integrety report" pops up. Why??
>
>

I believe from what I can tell from your description that the feature is
part of SP2 not related to the firewall. I believe the report indicates
that an activeX control was modified since the control was signed by its
publisher using authenticode.

That said, You never mentioned why you chose to goto the windows
firewall when you had Norton available. While the Sp2 firewall is
better than nothing, Symantec firewall is tough to beat especially one
of the newer Symantec products. It is a better firewall than Windows
for multiple reasons. I do understand how to constraint the Sp2
Firewall with firewall rule sets, but I am lazy and like the ease of use
Symantec gives for building pipes, restricting code and scripts. While
I also have these restrictions on my browser, I prefer them never to get
past my entry point in most situations.

Winged

 
Reply With Quote
 
 
 
 
Adrian
Guest
Posts: n/a
 
      01-22-2005
On 21 Jan 2005 20:42:05 EST, winged <(E-Mail Removed)> wrote:

>JOHANNA NORDMYR wrote:
>> Iīve just recently installed the SP2 and decided to use the firewall
>> included, instead of Nortonīs. As far as I can tell it seems to be working
>> okay, but some of the icons are giving me a headache... At some websites
>> "integrety report" pops up. Why??
>>
>>

>I believe from what I can tell from your description that the feature is
>part of SP2 not related to the firewall. I believe the report indicates
>that an activeX control was modified since the control was signed by its
>publisher using authenticode.
>
>That said, You never mentioned why you chose to goto the windows
>firewall when you had Norton available. While the Sp2 firewall is
>better than nothing, Symantec firewall is tough to beat especially one
>of the newer Symantec products. It is a better firewall than Windows
>for multiple reasons. I do understand how to constraint the Sp2
>Firewall with firewall rule sets, but I am lazy and like the ease of use
>Symantec gives for building pipes, restricting code and scripts. While
>I also have these restrictions on my browser, I prefer them never to get
>past my entry point in most situations.
>
>Winged


Here Here,

Symantec also does not have the flaws that are no doubt in the SP2
firewall. Microsoft will eventually patch them, but you wouldn't want
a cracker to find the vulnerabilities first.

The only reason I would ever use the windows firewall is because it
annoys you with an icon saying it is off all the time, but if you tell
it that you are using Symantec/Zonealarm/any other commercial program,
it stops that too.

Adrian

P.S. If it is the activeX problem, you should have a little yellow
strip at the top of the IE window, right click on that to choose what
to do.

 
Reply With Quote
 
ROBERT S AMP BA Drake
Guest
Posts: n/a
 
      01-22-2005
Run a scan on your system with the MS SP2 firewall on. It has more holes
than swiss cheese.

"JOHANNA NORDMYR" <(E-Mail Removed)> wrote in message
news:7KfId.15699$(E-Mail Removed)...
> Iīve just recently installed the SP2 and decided to use the firewall
> included, instead of Nortonīs. As far as I can tell it seems to be working
> okay, but some of the icons are giving me a headache... At some websites
> "integrety report" pops up. Why??
>



 
Reply With Quote
 
winged
Guest
Posts: n/a
 
      01-22-2005
ROBERT S AMP BA Drake wrote:
> Run a scan on your system with the MS SP2 firewall on. It has more holes
> than swiss cheese.
>
> "JOHANNA NORDMYR" <(E-Mail Removed)> wrote in message
> news:7KfId.15699$(E-Mail Removed)...
>
>>Iīve just recently installed the SP2 and decided to use the firewall
>>included, instead of Nortonīs. As far as I can tell it seems to be working
>>okay, but some of the icons are giving me a headache... At some websites
>>"integrety report" pops up. Why??
>>

>
>
>

You can control, very specifically, very manually all communication that
the SP2 Firewall is allowed. The control panel applet under the
exception tab allows constraint by program and port. I am not sure why
the applet portion of the system deems I need remote desktop, remote
assistance and UPNP exposed to the world (by default) nor why they
insist I expose ping replies. I have gone to some efforts just to ensure
those very services were not exposed.

If you were using (for example) SP2 Firewall, under the exceptions tab,
you could restrict the ports and the addresses your e-mail client was
allowed to view. Doing this breaks over the web viewing functionality
(this is also the "behavior" of my e-mail client (Thunderbird)) but for
me, this is not a bad thing as it also breaks many compromise scenarios
(I don't allow scripting in mail)(OK I am retentive). Additionally one
"can" control the XP Firewall via a rule file.

This is how one can manage a network of XP firewalled computers. By
regulating the firewall rules you can control the network user
permissions. This is easily managed both dynamically via SMS or similar
central management tool, or via bootup login script. The rules are
refreshed on bootup by specifically and dynamically concantinating the
rule file. For example you "can" have certain blocks (port or address)
that you wish to apply across a domain, concantinating rules that apply
to a specific user. But this finite level of control you can enforce is
somewhat of a pain to manage for a home network.

The firewall can be competent. If you use the SP2 firewall, Ensure you
check the default settings under the exceptions tab. Pretty scary.

I have found this useful for restricting the actions of say Internet
Explorer (i.e. It only talks to Microsoft and God on the Root OS).

For me on a home network, I just prefer the easier interface of Symantec
in many scenarios. The filter tools with Symantec that automatically
strip various scripting from HTML Strings. (yes I do believe layering
security on a system is good practice. I seldom work outside of a
virtual machine so one can constrain very closely how the root OS is
allowed to operate. There is a performance hit taken for operating this
way but it does allow one to constrain the exposure based on the
computer task at hand. It does require keeping each of the VM's (and
the base OS's updated) but I find the VM's suitable for testing purposes
for me, others mileage will vary.

One may have a VM configuration which uses the SP2 firewall only. Its
useful for testing. With machines these days of having lots of
horsepower and RAM there seems to be no problem switching between a
LINUX VM an XP VM and simultaniously runing multiple copies of each OS.
This also allows you to test behaviours between various configurations
fairly quickly. If you manage your VM's properly you can have a whole
network of configurations. You can layer VM's as well depending on the
level of analysis required (sometimes required to run a test web server
and test behaviours of various configurations locally before
publishing. You can run a VM stack or proxy filter effectively ahead of
the root OS stack. This is extremely useful when looking at a buffer
overflow exploit. You can run over 10 VM's simultaneously inside of 2
GB RAM. (LINUX VM's require less processing and space overhead). This
is ample for simulating most network environmental behaviours.

VM's are very good at looking at exploit behaviours. VM's are very
useful for establishing internal IDS for monitoring of machine intra
computer comunication without exposing the processes to the Internet.
By just closing and restarting the VM (without saving the VM) you can
return it to it's pristine state, without the time factor involved in
rebuilding or reconfiguring the system.

This relates to some people high concern with privacy as if one does not
save the VM session all data which was saved inside of the VM is
destroyed. For the truly paranoid I suppose one could rewrite the cache
on the base system but guess I am not paranoid enough. One can
compromise a VM and examine the compromise behaviours within an isolated
environment. One can save data from some VM's to the base OS. Shucks,
thought everyone did this

But yes, depending on implementation, the XP firewall can meet
requirements especially if one is layering communication filters and
using IDS. I find the IDS and general use of Symantec easy, but I am
well aware all user requirements are not the same.

It ALL depends on ones requirements, DOOM 3 does not work real well
inside of a VM, but I don't play games that require that level of
performance often. Everyones mileage and requirements vary.

Winged

 
Reply With Quote
 
Don Kelloway
Guest
Posts: n/a
 
      01-23-2005
"ROBERT S AMP BA Drake" <(E-Mail Removed)> wrote in message
news:bbyId.11932$HT6.2347@trnddc04...
> Run a scan on your system with the MS SP2 firewall on. It has more holes
> than swiss cheese.
>
> "JOHANNA NORDMYR" <(E-Mail Removed)> wrote in message
> news:7KfId.15699$(E-Mail Removed)...
>> Iīve just recently installed the SP2 and decided to use the firewall
>> included, instead of Nortonīs. As far as I can tell it seems to be
>> working okay, but some of the icons are giving me a headache... At some
>> websites "integrety report" pops up. Why??
>>


Not if you take the time to configure it appropriately for your needs.

All too often people forget that *every* firewall requires some level of
configuration. The Windows XP SP2 Firewall is no exception. Of course if
you don't understand what your needs are and you don't know how to configure
the firewall properly that's understandable. Then again installing it with
all of it's default settings and failing to consider that one or more is not
necessary is never wise either.

--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your Security
on the Internet".


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Advertisments