MS XP firewall enough? [merged threads]

Hello everyone! First time poster here.

I’m a computer novice who was interested in making sure my computer is secure. (My Zone Alarm Security Suite’s subscription recently expired.) I was told by a a local computer technician who is knowledgeable in these matters that my Windows Firewall is sufficient enough for my computer, but like anybody, I want a highly secured internet experience, and I heard good things about Comodo’s free firewall (although I’ve been warned about bugs with their latest version, and I’m seeing my warnings are warranted by reading some of the posts in this forum). My question is…since I really don’t want the headaches that some here are experiencing with Comodo, (and I do mean some, not all of you), would I be OK with just sticking with the protection provided by my Windows Firewall? In addition, after reading some of the rather technical questions/answers,etc. posted here, I’m not so sure that I would fully understand the complexities involved with operating such a robust firewall as Comodo. (Or perhaps operating the Comodo firewall isn’t as complicated as I’m making it out to be?) Is the Windows Firewall so far inferior that I should drop that right away and make the move over to Comodo? Or lastly, maybe I should just go with the free security suite that is being offered to me as a part of my internet service by my cable operator…the security software is provided by F-Secure (my cable providers claim that F-Secure is very good!)
Whew!! Sorry about the long post. Any tips/thoughs/suggestions? Thank you!

no its not enough.

you need CFP v3 and CMF v2 as your first line of defense online!
you can read about background info in my blog here www.melih.com (there are few articles about basic description of firewall, prevention vs detection etc)

thanks
Melih

Hi there Bunkman (:WAV)

The simple answer to your question is there is no simple answer! The level of security you require depends on what you plan to do online.If all you intend doing is general surfing on safe sites and e-mailing,then the inbuilt Windows firewall,will offer some protection as long as you have a robust Antivirus/antispyware protection in place.However the Windows firewall offers no outbound protection,so if any malware gets onto your system it’ll be able to contact the outside world with your data unhindered.

It’s true that CFP 3 requires a fair amount of interaction in order to have it running quietly,but it offers the type of protection that’s essential if you’re planning any high risk online activity such as P2P filesharing or torrent hunting,or any surfing that’s off the beaten track :wink:

Perhaps you might be more comfortable trying the old,version 2.4 Comodo firewall .Once you spend a short time configuring which programmes should be allowed net access it should just sit there fairly quiet,but offering a high degree of security in the background.

CFP v3’s Clean PC mode will save the day! if you don’t plan to install some new stuff - you will not get any alerts at all! Of course, apart from outbound/inbound connection requests.

To be honest, MS Firewall is actually enough. It offers some protection and stealths your port against hackers.
The only thing that MS Firewall doesn’t do is to offer outbound protection. That’s why we have software firewalls. So give Comodo Firewall Pro 2.4 a try! (V)

Cheers,
Ragwing

I think we should ask the question first:

Enough for what?

Melih

Hi Bunkman. Here’s my two cents worth. Expecting Microsoft Firewall to give you good protection is like trying to fight a major fire with a garden hose. :o I used to think that MS firewall was enough, and that cleaning the trash out of my computer was just a way of life. Now I have very little trash on my computer(s), if any at all.
Give Comodo Firewall 3.0 a try. Download and save 3.0 on your computer. Make sure MS firewall, or any other firewall, is turned off. Install 3.0. You can install just the firewall if you want. I would recommend the Defense + also. Just choose the defaults and you should be fine. You will be prompted for a reboot. When your computer comes back up after the reboot 3.0 starts learning, and small windows will start popping up in the lower right of the screen. Just let them go. Some larger windows may pop up, asking for permisisions to allow this or that. Just read the text–most likely these will be for very normal events. Once your computer settles down right click the 3.0 shield and open the Help section. It is very thorough.
I also recommend Comodo’s VEngine. This verifies websites for security–a VERY HANDY utility.
Good luck.

Thank you EVERYONE for your comments and suggestions.

Right when I was going to take the easier way out and just stick with my MS firewall, I read Grayhairs comments, and now I’m leaning towards going with Comodo Firewall 3.0. It’s just that I read the FAQ’s and all of the technical questions on the bulletin board, and it can get a bit intimidating to someone who isn’t a seasoned pro on handling the potential decisions to be made when faced with a prompts from the firewall, and the procedures necessary to get back on track when I come up against those roadblocks. For example, I found this link on the forum https://forums.comodo.com/frequently_asked_questions_faq_for_comodo_firewall/emule_and_bittorent_tuttorials-t411.0.html I’m sorry. It hurts to admit this, but I have no idea what this subject is about! It’s reading topics like this that make me stand back and wonder if I need to know all of this before I download Comodo. (This was just a small sample of the topics being discussed that make me scratch my head.) I’m actually a halfway intelligent person, but this is an area that I’m a little wet behind the ears. Hopefully, I’m making myself somewhat clear. I just am afraid that my somewhat smooth internet experiences that I have currently will turn into a less smooth ordeal (not that this is a bad thing if it keeps out all of the harmful things that could infect my computer).

It should be noted that as far as what I’m doing, I’m not really into the P2P sharing (although I have done some in the past). I’m primarily just surfing the net, doing research, watching some videos, etc. With that being said, can someone almost have too much protection than might really be necessary? I have a feeling that your anwer will obviously be no, you can’t have too much protection, but I thought I would throw that question out there anyway.

Again, thanks for your advice everyone. I would like to see if there might be any more responses from any of you, and then I will sleep on this, and decide here in the next couple of days.

Is MS’s firewall enough?

Yes, in the same way that a stick is “enough” to protect you in the real world against a simple attack.

Unfortunately the nature of threats on the internet is ever changing and a simple one directional firewall like Microsoft’s just isn’t enough. It is good in as far as it goes, the problem is that it just doesn’t go far enough. That, and the fact tht it only goes in one direction (no outbound checking).

Ewen :slight_smile:

Hey Bunkman, don’t feel intimidated by all the posts on this forum. A lot of the stuff on here flies right over my head too. (:WIN)

Before you start with Comodo maybe you could post some basic information about your computer. Such as, are you using Windows 2000, XP (Service Pack 2?), Vista? What anti-virus software do you have? Any other security software? If you are not sure how to find this information just ask. There are a lot of good people here willing to assist you, and make this as painless as possible. I’ll check back and offer whatever help I can, and maybe some others will too.

(:WAV)

Hey bunkman,

Don’t worry about feeling intimidated - everyone starts somewhere. :wink: The only dumb question is the one that doesn’t get asked. Ask away - there’s a ton of great people on here with loads of experience and too much time on their hands. :wink:

In answer to your question, yes, it is possible to have too much security. There is a line between security and secrecy but where you sit in relation to that line is, to a large extent, determined by what you do online. If you do a lot of e-commerce, then it is definitely better to err on the side of caution. If you are just surfing aimlessly, then security is not such a high priority (but still a high priority nonetheless).

Having said that, I believe that all of us have a responsibility to ensure that our PCs are not insecure and contributiing, however inadvertently, to the overall delinquency of the internet. By that, I mean that we should all make sure our PCs are not harbouring bots, trojans and other forms of malware that are used remotely for malicious purposes.

The two best software components you can use to achieve this are 1) a bi-directional firewall to monitor incoming and outgoing connections (this is where MS’s one has its pants pulled down) and 2) an anti-virus/spyware/malware package to check the files on your system. Which of these you choose to protect your PC with is really your decision and there are many good choices out there. My systems at home are protected by CFP V3 and CAVS Beta 2, but these are only my choices, based on my preferences and experience. You need to find a security solution that you are comfortable with, provides a good level of security and still allows you to do the work you need/want to do.

The aforementioned Comodo products may be just the thing for you. Or maybe one is perfect but you don’t like the other. The key is that you end up with a security layer that protects you but still lets you do the things you need to do.

Hope this helps,
Ewen :slight_smile:

Just to follow up Bunkman,you shouldn’t really have any problems using CFP3 if all you’re doing is ‘normal’ surfing etc.You can disable the defence+ component if you want to keep things really straightforward.Although even that shouldn’t cause issues in most circumstances.

Perhaps you could post,as mentioned previously,some information on your system setup and security software?,this would help as to the best solution for you.

the setup and surfing habbits - that’s all we need to perscribe a remedy :-))))) for example, if you heavily surf the web, frequently go to somewhat dangerous sites (e. g. ■■■■■ sites, xxx sites), use dangerous software (i myself intentionally download malware and watch it’s actions inside a virtual machine) - then you’ll absolutely need Defence+. If you surf the web, read email, visit all these useless social websites (facebook, livejournal etc) and are scared of installing something new (even a game) - then the basic CFP firewall will suffice. However, you’ll still need to properly configure it.

XP Firewall

Myth - “The Windows XP Firewall is not good enough because it lacks outbound filtering.”

Reality - "I believe there are a lot of incorrect assumptions and outright myths about outbound filtering. I really like the Firewall in Windows XP Service Pack 2 (SP2). It is lightweight, centrally manageable, does the job well, is unobtrusive, and does something very critical: it protects the system at boot. That last one is crucial; we have seen many systems in the past get infected during boot even with a firewall turned on. Any outbound host-based firewall filtering in Windows XP is really just meaningless as a security feature in my opinion. True, it stops some malware, today, but only because current malware has not been written to circumvent it. There simply are not enough environments that implement outbound rules for the mass market malware authors to need to worry about it. In an interactive attack the attacker can circumvent outbound filters at will. To see how, consider this. Circumventing outbound host-based firewall filters can be accomplished in several ways, depending on the scenario of the actual attack. First, the vast majority of Windows XP users run as administrators, and any malware running as an administrator can disable the firewall entirely. Of course, even if the outbound filter requires interaction from the user to open a port, the malware can cause the user to be presented with a sufficiently enticing and comprehensible dialog, that explains that without clicking “Yes” they will not ever get to see the “dancing pigs”. See, the problem is that when the user is running as an administrator, or the evil code runs as an administrator, there is a very good chance that either the user or the code will simply disable the protection. Of course, the user does not really see that dialog, because it is utterly meaningless to users. That is problem number one with outbound filtering. Given the choice between security and sufficiently enticing rewards, like “dancing pigs”, the “dancing pigs” will win every time. If the malware can either directly or indirectly turn off the protection, it will do so. The second problem is that even if the user, for some inexplicable reason clicked “No. Bug me again” or if the evil code is running in using a low-privileged account, such as Network Service, the malware can easily step right around the firewall other ways. As long as the account the code is running as can open outbound connections on any port the evil code can simply use that port. Ah, but outbound Firewalls can limit outbound traffic on a particular port to specific process. Not a problem, we just piggy back on an existing process that is allowed. Only if the recipient of the traffic filters based on both source and destination port, and extremely few services do that, is this technique for bypassing the firewall meaningful. The key problem is that most people think outbound host-based firewall filtering will keep a compromised asset from attacking other assets. This is impossible. Putting protective measures on a compromised asset and asking it not to compromise any other assets simply does not work. Protection belongs on the asset you are trying to protect, not the one you are trying to protect against! Asking the bad guys not to steal stuff after they have already broken into your house is unlikely to be nearly as effective as keeping them from breaking into the house in the first place

http://mywebpages.comcast.net/SupportCD/XPMyths.html

interesting you can find that snippet if you scroll down towards the bottom of that page

bullsh-t.

Asking the bad guys not to steal stuff after they have already broken into your house is unlikely to be nearly as effective as keeping them from breaking into the house in the first place
They can get in, but what if they can't get out?))))
Not a problem, we just piggy back on an existing process that is allowed.
that's what leaktesting is all about - it prevents malware from using trusted processes to phone home.
As long as the account the code is running as can open outbound connections on any port the evil code can simply use that port.
it can't, if the firewall/HIPS stands on it's way.
If the malware can either directly or indirectly turn off the protection, it will do so.
Directly it can't - at least with CFP. 'cos to kill CFP it displays zillions of popups before it can do it's job. However, [url=https://forums.comodo.com/general_discussion_off_topic_anything_and_everything/note_to_kaspersky_users-t16532.0.html]check this out[/url]. That hypothetic malware could break some firewalls that don't offer HIPS features and special features like protected files, safelist and other stuff. BUT. Nothing is foolproof. Greatest security software will fail if handled improperly. There are a lot of threads out there about users compromising their own machines.

Outbound protection may not be for everybody, but CFP is not so easy to leak. :wink:

The bad guys are unlikely to nick owt if BOclean has given it em with both barrels ;D

I think one thing that would be nice to be implemented in CFP 3 is to have a message on the Post Boot Screen saying “CFP 3 is enabled and actively protecting the system”

would make a world of difference :wink:

I have recently installed Comodo Firewall Pro on to a friends PC and inadvertently left the Windows XP Firewall running, should I return and turn it off or will they run together without any adverse effect?
Is the performance of Comodo diminished or inhibited when running in conjunction with the XP Firewall?

It’s never recommend to run two firewalls at the same time, so yes, you should turn it off.