Results 1 to 11 of 11
  1. #1
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    The Windows Firewall in XP Service Pack 2

    I wonder whether anybody has come across any comments by any of the manufacturers of software firewall, such as Agnitum, Sygate, Norton, or Zone Alarm (to name but four) relating to what they are going to do when the new Microsoft "Windows Firewall", the successor to the Internet Connection Firewall, is enabled by default [/i]very early[/i] in the boot process?

    I quote from p3 of Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2 (a 'fascinating' read at 61 pages):

    QUOTE
    Startup Security
    In Windows XP (prior to SP2), ICF is active on the connections on which it is enabled when the Internet Connection Firewall (ICF)/Internet Connection Sharing (ICS) service is started successfully. Therefore, when a computer running Windows XP (prior to SP2) is started, there is a delay between when the computer is active on the network and when the connections are protected with ICF. This delay makes the computer vulnerable to attacks during startup.

    In Windows XP SP2, there is a startup Windows Firewall policy to perform stateful packet filtering, which allows the computer to perform basic networking startup tasks using Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) to configure the computer and communicate with a domain controller to obtain Group Policy updates. Once the Windows Firewall (WF)/Internet Connection Sharing (ICS) service is started, it uses its configuration and removes the startup policy. The startup policy settings cannot be configured.

    There is no Windows Firewall startup security if Windows Firewall is disabled.
    UNQUOTE

    I was reminded how necessary it is to have a firewall protecting you when, as soon as I has gone into my userid having powered on the PC a few days ago, Norton Firewall immediately told me that one of the wretched BackDoor-type Trojans was attacking me!

    If you already have a non-Microsoft firewall, then it appears to me that there are four possible scenarios:
    1. <LI>abandon the third-party firewall, and just use the new Microsoft "Windows Firewall" exclusively<LI>turn off the Microsoft "Windows Firewall", and be unprotected for the short period from power on/reboot until the third-party firewall starts up (probably much the same as you do now)<LI>enable the Windows Firewall, and allow it to run as well as the third-party firewall (not usually recommended to have TWO firewalls running!)<LI>leave the Windows Firewall enabled until it is turned off by your third-party firewall - if it does this, or you do it manually (but what happens on the next restart of the machine?)
    Does anyone have any views on this?

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  2. #2
    Gold Lounger Rebel's Avatar
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    3,024
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: The Windows Firewall in XP Service Pack 2

    John,
    According to the Sygate web site, the Personal Firewall Pro (purchased edition) has this covered.
    <font color=d2691e>Secure System Start-up</font color=d2691e>
    "Sygate Personal Firewall Pro is the first personal firewall that integrates meaningful operating system layer protection, guarding the legitimacy of outbound traffic. Sygate Personal Firewall Pro blocks any traffic generated before its own service starts up, eliminating the brief security policy vacuum. Sygate Personal Firewall Pro can automatically terminate known attacks such as Trojans, Denial of Service (DoS) Zombies. Sygate Personal Firewall Pro also has defense mechanisms that prevent malicious code/and or users from disabling or exiting the personal firewall."
    I'm not sure about the other products, but if this protection is not included in current versions, I'm sure it will be in future.
    John
    A Child's Mind, Once Stretched by Imagination...
    Never Regains Its Original Dimensions

  3. #3
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: The Windows Firewall in XP Service Pack 2

    John,
    I'll probably stay with Sygate at home and turn off WF. At work - TBD. I'll have to see how it affects everything else. The main factor at home is probably that the WF does not control any outbound communication. So, if I happen to get some 'nasty' installed that wants to 'phone home' WF will let it whereas all the thrid party firewalls that I know of will block the initial outbound attempt by default.

    Joe
    Joe

  4. #4
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: The Windows Firewall in XP Service Pack 2

    John

    > Sygate Personal Firewall Pro blocks any traffic generated before its own service starts up

    Interesting - I can't see how it can do that before its service loads... Something must be doing the checking, and very early in the boot process, too!!

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  5. #5
    Gold Lounger Rebel's Avatar
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    3,024
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: The Windows Firewall in XP Service Pack 2

    Maybe a registry entry somewhere? In the Options menu, there is an option to "Block all traffuc while the service is not loaded" but allow initial DHCP and NetBIOS traffic (to allow getting an IP address and logging on to the network). The free version is configured to allow this initial traffic, but the option to "Block all traffic while the service is not started" is not available. Looks like the purchased version is the way to go if we want this early initial protection.
    John
    A Child's Mind, Once Stretched by Imagination...
    Never Regains Its Original Dimensions

  6. #6
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: The Windows Firewall in XP Service Pack 2

    On the forums for Outpost Firewall, there have been reports of some odd interactions with a run of beta builds (2135-2144?), but it might be fixed now, or maybe not:

    Oupost 2.1 is closed in XP SP2 beta latest release - 06-04-2004
    (Build 2138) Even if I closed the XP firewall, the icon tray for Outpost shuts down in few seconds. ...it appears in tray for about 5-10 seconds, than disappears, but looking at running processes, it's still running, but you can not access it.

    Outpost does not work with Windows XP SP2 RC2 build 2135 and above - 06-15-2004
    Outpost works again for me as well now that I am using build 2149. Yippee!!!

    I think the vendor (Agnitum) is likely to do its own assessment and update after SP2 becomes final. (Assuming it isn't final yet.)

  7. #7
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: The Windows Firewall in XP Service Pack 2

    John

    I'd be tempted to think that Microsoft can get in even quicker than any application software with loading their Windows Firewall, even if the third-party firewall is loaded from an HKLM...Run key in the registry! But that's pure supposition. It would be nice to find a real expert in this area, or a technical discussion somewhere.

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  8. #8
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: The Windows Firewall in XP Service Pack 2

    John,
    I've been trying to stay up with XP SP-2 and have yet to see an in-depth article of the type you want. MS has made quite a foew documents available but nothing to the 'expert' level.

    Joe
    Joe

  9. #9
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: The Windows Firewall in XP Service Pack 2

    Joe

    I would imagine that one (if not all) of the software firewall manufacturers will have to come out with something technical about how their own firewall is at least as protective as Microsoft's Windows Firewall just after boot time...

    If not, these few seconds of vulnerability could be a reason for someone not buying their product??

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  10. #10
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: The Windows Firewall in XP Service Pack 2

    John,
    As you mentioned above Sygate Personal Firewall Pro already claims to to that. BTW, Sygate probably makes some networking service (not sure which one ) dependent on its service when SPF Pro is installed. Then, no outbound traffic can start until the SPF service is loaded. I'm not sure if this makes it worth $39.95 USD to me.

    Joe
    Joe

  11. #11
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: The Windows Firewall in XP Service Pack 2

    For me, the utter reliability of Sygate along with the other features the pro version offers made it worth the purchase price. The fact that it protects at boot time during those few seconds seems more like a bonus to me.
    -Mark

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •