As I detailed in my preview of Windows XP SP2 this update includes improved Internet Explorer security and a built-in pop-up ad blocker, new security features for Outlook Express, disables the Windows Messenger Service (used for some forms of spam) by default, adds the Windows Security Center and improves the Internet Connection Firewall (ICF), now dubbed the Windows Firewall among other things. The question is "is the Windows Firewall sufficient" though?
The bottom line answer is "no". The Windows Firewall is much better than its Internet Connection Firewall (ICF) predecessor, but still no match for a 3rd-party personal firewall solution such as ZoneAlarm.
Shortcomings of Windows Firewall
First of all, the Windows Firewall does not monitor or block outbound traffic. According to a PCWorld article, Microsoft technical specialist David Overton argues that "it is not the firewall's place to stop malicious code from sending outbound packets--Microsoft contends that companies should use perimeter technologies to examine outbound traffic."
However, most 3rd-party personal firewall solutions do just that. While most would agree that a primary role of a firewall is to simply deny unauthorized traffic from entering the system or network, personal firewalls also generally monitor how programs interact with the operating system and which programs attempt to initiate outbound network or Internet communications and either alert the user or block the traffic when suspicious activity occurs. This can be helpful in thwarting many types of malware attacks that may attempt to open ports or communicate with outside servers without the user's knowledge or consent.
According to the PCWorld article Overton pointed out that if malicious code gets past the firewall it is the role of antivirus software to handle it. "He says Windows Firewall is designed to stop malicious transmissions to the PC, rather than protecting the PC once it's been infected."
The Windows Firewall also relies on API's which can be disabled. The major 3rd-party personal firewall vendors such as ZoneLabs and McAfee are building SP2-compatible versions of their software which are capable of disabling the Windows Firewall when they are installed and turning it back on when they are uninstalled. An attacker might use this "functionality" to turn the firewall off and render it useless. In the PCWorld article ZoneLabs states that "its own products are locked down in such a way that third-party applications can't disable firewall protection without uninstalling the software."
Should You Use Windows Firewall In Conjunction With a 3rd-Party Firewall?
Again, I would say the answer to this is "no". Personal firewalls sometimes require a significant amount of tweaking and configuration to make them as secure as possible without impacting your ability to communicate on the network or use the programs you wish to use the way you need to use them. Adding a second firewall on the same system can greatly confuse things and make it exceptionally difficult to determine where any connection problems might lie or what you need to change to make it work.
The new Windows Security Center will alert you if it does not detect an active personal firewall program. However, you can disable the Windows Firewall and instead run a 3rd-party program. Software from vendors such as Trend Micro are recognized by Security Center so that Security Center will understand that you are in fact protected.
Is The Windows XP SP2 Firewall Sufficient?
The answer to this is a little more difficult. I give it a "yes" and "no". A vast majority of users don't understand computer security or how firewalls work and have never enabled ICF nor would they install a 3rd-party application. For these users I think Windows Firewall is a tremendous improvement. Having a stateful host firewall that will block unsolicited Internet traffic and that is turned on by default can only help most people. It is also a step up that it is more customizable and configurable than its predecessor.
The downside is that users who choose to rely on it need to understand its shortcomings and not fall for any false sense of security. It may do what it does well, but it is not protecting nearly as well as most 3rd-party personal firewall solutions. Those who know enough to enable or disable the Windows Firewall or comprehend enough to open ports and customize the configuration would be much better served to install a 3rd-party program such as ZoneLabs Zone Alarm which is available for free for personal use.
Source: http://netsecurity.about.com/od/firewalls/a/aa081804b.htm
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.