SP2/firewall

Discussion in 'Computer Security' started by JOHANNA NORDMYR, Jan 21, 2005.

  1. I´ve just recently installed the SP2 and decided to use the firewall
    included, instead of Norton´s. As far as I can tell it seems to be working
    okay, but some of the icons are giving me a headache... At some websites
    "integrety report" pops up. Why??
    JOHANNA NORDMYR, Jan 21, 2005
    #1
    1. Advertising

  2. JOHANNA NORDMYR

    winged Guest

    JOHANNA NORDMYR wrote:
    > I´ve just recently installed the SP2 and decided to use the firewall
    > included, instead of Norton´s. As far as I can tell it seems to be working
    > okay, but some of the icons are giving me a headache... At some websites
    > "integrety report" pops up. Why??
    >
    >

    I believe from what I can tell from your description that the feature is
    part of SP2 not related to the firewall. I believe the report indicates
    that an activeX control was modified since the control was signed by its
    publisher using authenticode.

    That said, You never mentioned why you chose to goto the windows
    firewall when you had Norton available. While the Sp2 firewall is
    better than nothing, Symantec firewall is tough to beat especially one
    of the newer Symantec products. It is a better firewall than Windows
    for multiple reasons. I do understand how to constraint the Sp2
    Firewall with firewall rule sets, but I am lazy and like the ease of use
    Symantec gives for building pipes, restricting code and scripts. While
    I also have these restrictions on my browser, I prefer them never to get
    past my entry point in most situations.

    Winged
    winged, Jan 22, 2005
    #2
    1. Advertising

  3. JOHANNA NORDMYR

    Adrian Guest

    On 21 Jan 2005 20:42:05 EST, winged <> wrote:

    >JOHANNA NORDMYR wrote:
    >> I´ve just recently installed the SP2 and decided to use the firewall
    >> included, instead of Norton´s. As far as I can tell it seems to be working
    >> okay, but some of the icons are giving me a headache... At some websites
    >> "integrety report" pops up. Why??
    >>
    >>

    >I believe from what I can tell from your description that the feature is
    >part of SP2 not related to the firewall. I believe the report indicates
    >that an activeX control was modified since the control was signed by its
    >publisher using authenticode.
    >
    >That said, You never mentioned why you chose to goto the windows
    >firewall when you had Norton available. While the Sp2 firewall is
    >better than nothing, Symantec firewall is tough to beat especially one
    >of the newer Symantec products. It is a better firewall than Windows
    >for multiple reasons. I do understand how to constraint the Sp2
    >Firewall with firewall rule sets, but I am lazy and like the ease of use
    >Symantec gives for building pipes, restricting code and scripts. While
    >I also have these restrictions on my browser, I prefer them never to get
    >past my entry point in most situations.
    >
    >Winged


    Here Here,

    Symantec also does not have the flaws that are no doubt in the SP2
    firewall. Microsoft will eventually patch them, but you wouldn't want
    a cracker to find the vulnerabilities first.

    The only reason I would ever use the windows firewall is because it
    annoys you with an icon saying it is off all the time, but if you tell
    it that you are using Symantec/Zonealarm/any other commercial program,
    it stops that too.

    Adrian

    P.S. If it is the activeX problem, you should have a little yellow
    strip at the top of the IE window, right click on that to choose what
    to do.
    Adrian, Jan 22, 2005
    #3
  4. Run a scan on your system with the MS SP2 firewall on. It has more holes
    than swiss cheese.

    "JOHANNA NORDMYR" <> wrote in message
    news:7KfId.15699$...
    > I´ve just recently installed the SP2 and decided to use the firewall
    > included, instead of Norton´s. As far as I can tell it seems to be working
    > okay, but some of the icons are giving me a headache... At some websites
    > "integrety report" pops up. Why??
    >
    ROBERT S AMP BA Drake, Jan 22, 2005
    #4
  5. JOHANNA NORDMYR

    winged Guest

    ROBERT S AMP BA Drake wrote:
    > Run a scan on your system with the MS SP2 firewall on. It has more holes
    > than swiss cheese.
    >
    > "JOHANNA NORDMYR" <> wrote in message
    > news:7KfId.15699$...
    >
    >>I´ve just recently installed the SP2 and decided to use the firewall
    >>included, instead of Norton´s. As far as I can tell it seems to be working
    >>okay, but some of the icons are giving me a headache... At some websites
    >>"integrety report" pops up. Why??
    >>

    >
    >
    >

    You can control, very specifically, very manually all communication that
    the SP2 Firewall is allowed. The control panel applet under the
    exception tab allows constraint by program and port. I am not sure why
    the applet portion of the system deems I need remote desktop, remote
    assistance and UPNP exposed to the world (by default) nor why they
    insist I expose ping replies. I have gone to some efforts just to ensure
    those very services were not exposed.

    If you were using (for example) SP2 Firewall, under the exceptions tab,
    you could restrict the ports and the addresses your e-mail client was
    allowed to view. Doing this breaks over the web viewing functionality
    (this is also the "behavior" of my e-mail client (Thunderbird)) but for
    me, this is not a bad thing as it also breaks many compromise scenarios
    (I don't allow scripting in mail)(OK I am retentive). Additionally one
    "can" control the XP Firewall via a rule file.

    This is how one can manage a network of XP firewalled computers. By
    regulating the firewall rules you can control the network user
    permissions. This is easily managed both dynamically via SMS or similar
    central management tool, or via bootup login script. The rules are
    refreshed on bootup by specifically and dynamically concantinating the
    rule file. For example you "can" have certain blocks (port or address)
    that you wish to apply across a domain, concantinating rules that apply
    to a specific user. But this finite level of control you can enforce is
    somewhat of a pain to manage for a home network.

    The firewall can be competent. If you use the SP2 firewall, Ensure you
    check the default settings under the exceptions tab. Pretty scary.

    I have found this useful for restricting the actions of say Internet
    Explorer (i.e. It only talks to Microsoft and God on the Root OS).

    For me on a home network, I just prefer the easier interface of Symantec
    in many scenarios. The filter tools with Symantec that automatically
    strip various scripting from HTML Strings. (yes I do believe layering
    security on a system is good practice. I seldom work outside of a
    virtual machine so one can constrain very closely how the root OS is
    allowed to operate. There is a performance hit taken for operating this
    way but it does allow one to constrain the exposure based on the
    computer task at hand. It does require keeping each of the VM's (and
    the base OS's updated) but I find the VM's suitable for testing purposes
    for me, others mileage will vary.

    One may have a VM configuration which uses the SP2 firewall only. Its
    useful for testing. With machines these days of having lots of
    horsepower and RAM there seems to be no problem switching between a
    LINUX VM an XP VM and simultaniously runing multiple copies of each OS.
    This also allows you to test behaviours between various configurations
    fairly quickly. If you manage your VM's properly you can have a whole
    network of configurations. You can layer VM's as well depending on the
    level of analysis required (sometimes required to run a test web server
    and test behaviours of various configurations locally before
    publishing. You can run a VM stack or proxy filter effectively ahead of
    the root OS stack. This is extremely useful when looking at a buffer
    overflow exploit. You can run over 10 VM's simultaneously inside of 2
    GB RAM. (LINUX VM's require less processing and space overhead). This
    is ample for simulating most network environmental behaviours.

    VM's are very good at looking at exploit behaviours. VM's are very
    useful for establishing internal IDS for monitoring of machine intra
    computer comunication without exposing the processes to the Internet.
    By just closing and restarting the VM (without saving the VM) you can
    return it to it's pristine state, without the time factor involved in
    rebuilding or reconfiguring the system.

    This relates to some people high concern with privacy as if one does not
    save the VM session all data which was saved inside of the VM is
    destroyed. For the truly paranoid I suppose one could rewrite the cache
    on the base system but guess I am not paranoid enough. One can
    compromise a VM and examine the compromise behaviours within an isolated
    environment. One can save data from some VM's to the base OS. Shucks,
    thought everyone did this :p

    But yes, depending on implementation, the XP firewall can meet
    requirements especially if one is layering communication filters and
    using IDS. I find the IDS and general use of Symantec easy, but I am
    well aware all user requirements are not the same.

    It ALL depends on ones requirements, DOOM 3 does not work real well
    inside of a VM, but I don't play games that require that level of
    performance often. Everyones mileage and requirements vary.

    Winged
    winged, Jan 22, 2005
    #5
  6. JOHANNA NORDMYR

    Don Kelloway Guest

    "ROBERT S AMP BA Drake" <> wrote in message
    news:bbyId.11932$HT6.2347@trnddc04...
    > Run a scan on your system with the MS SP2 firewall on. It has more holes
    > than swiss cheese.
    >
    > "JOHANNA NORDMYR" <> wrote in message
    > news:7KfId.15699$...
    >> I´ve just recently installed the SP2 and decided to use the firewall
    >> included, instead of Norton´s. As far as I can tell it seems to be
    >> working okay, but some of the icons are giving me a headache... At some
    >> websites "integrety report" pops up. Why??
    >>


    Not if you take the time to configure it appropriately for your needs.

    All too often people forget that *every* firewall requires some level of
    configuration. The Windows XP SP2 Firewall is no exception. Of course if
    you don't understand what your needs are and you don't know how to configure
    the firewall properly that's understandable. Then again installing it with
    all of it's default settings and failing to consider that one or more is not
    necessary is never wise either.

    --
    Best regards, from Don Kelloway of Commodon Communications
    Visit http://www.commodon.com to learn about the "Threats to Your Security
    on the Internet".
    Don Kelloway, Jan 23, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Keven
    Replies:
    1
    Views:
    527
  2. Father Jack Hackett
    Replies:
    5
    Views:
    1,115
  3. Yogi

    Novell Client 4.92 SP2 and Windows XP SP2

    Yogi, Jul 21, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    5,002
    Toolman Tim
    Jul 22, 2005
  4. =?Utf-8?B?SmFja04=?=

    MDAC 2.8 SP2 for W2K3 R2 x64 SP2

    =?Utf-8?B?SmFja04=?=, Jun 4, 2007, in forum: Windows 64bit
    Replies:
    2
    Views:
    3,723
    Steve Foster [SBS MVP]
    Jun 7, 2007
  5. =?Utf-8?B?QmrDuHJu?=

    Adminpak SP2 , Windows Server x64 SP2

    =?Utf-8?B?QmrDuHJu?=, Aug 29, 2007, in forum: Windows 64bit
    Replies:
    2
    Views:
    3,443
    =?Utf-8?B?QmrDuHJu?=
    Sep 3, 2007
Loading...

Share This Page