 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
 |
|
Did this article help you? Donate via PayPal to say thanks..
Taking Back Windows XP
Firewalls should work both ways
(Originally carried by BugNet in March 2002)
Microsoft describes Windows XP as the most secure version of Windows ever. One reason for this claim -- this is the first version of Windows that ships with a built-in firewall.
The name of the firewall is ICF, or Internet Connection Firewall. Find
it on any dial-up or broadband connection by clicking Start, Connect
To, Show All Connections. Right click one of the connections, and select
Properties. Go to the Advanced tab of the Properties dialog, to find
the ICF, as shown in Figure 1. By default, ICF is on for any new connections,
and the “Protect My Computer…” box is checked.
The job of a firewall is to keep unauthorized users (in other words, hackers or crackers) out of your computer system. The ICF does a good job of this. When tested against something like Shield’s Up at the Gibson Research Corporation’s web site, it proved to be in full stealth mode. It not only kept intruders from breaking in, the bad guys couldn’t even tell it was there. There have also not been any reports of security problems with ICF, either
Do You Want a Two Way Firewall?
While ICF does a good job of keeping others out, it is designed to only work in one direction. Any program already on your computer can make a connection without ICF caring, one way or another. That’s not a bug, that’s the way Microsoft designed it. That’s because many different parts of Windows XP are trying to reach out and touch someone – what we’ve referred to as the “XP Phone Home” effect.
Many third-party firewalls, however, monitor connections in both directions. Some programs, such as Internet Explorer or Netscape, obviously need to connect on the Internet, and thus need to pass through the firewall. On the other hand, what if some piece of spyware has managed to sneak on to the computer? When it tries to make contact to report its results, the firewall will ask if that’s OK. Obviously, it isn’t, and now you’ve got a chance to stop it. The same thing with one of the Internet worm programs – if it suddenly tries to contact all the people in your Outlook Express address book, you’ve got a chance to stop it. Many firewalls, such as ZoneAlarm, can be configured to automatically let some programs through, while always stopping other programs, as shown in Figure 2.
Moreover, it’s great at letting you know all the ways that Windows XP is trying to make contact. Using a firewall makes you aware that something called the Universal Plug and Play service is trying to listen via the Internet; it lets you know when Windows Media Player or Real Networks Real Player is trying to make contact with someone, (which may be of greater concern with February’s news of privacy concerns with WMP’s use of log files); it could let you know if Windows XP is automatically trying to search for Windows updates; and it can let you know what kind of pest Windows Messenger really is.
The three most popular personal firewalls are:
- Zone Labs Zone Alarm: there is a free version for personal use, as well as a commercial version, Zone Alarm Pro.
- Symantec Norton Personal Firewall which you can often purchase bundled with Norton AntiVirus in a package called Norton Internet Security.
- ISS BlackICE: make sure that you get the latest release, which guards against the buffer overflow that we discuss this month in our Security Roundup (in March 2002 BugNet).
After installing one of these, it will probably be best to turn off ICF. Having both running probably won’t give increased security, and having two services running consumes more computer resources. There is also a chance of some sort of conflict developing between the two firewalls. After installing the new firewall, turn off ICF by unselecting the box shown in Figure 1.
(The need for a firewall has only gotten bigger since this article was written in March, 2002)