Re: Windows Firewall questions

Hi Jorie

This thread has given me great information. Thanks Vic for your
questions
and thanks Bruce for the answers. But, what is NAT on a router?

I hope Bruce sees this thread again and answers because he is a fountain
of information!
In the mean time, I did some research after viewing his reply and
good-ol' Google explains NAT:

http://www.google.com/search?num=50&hl=en&lr=lang_en&safe=active&q=defin
e%3Anat

If the address link fails, goto google and type DEFINE:NAT <enter> and
what appears is the acronym "network address translation". Don't ask me
what it does because I only have a vague concept but what you can do (as
I did) is look up your specific modem/router on the web (or your
instruction manual, or tech. rep.) and find out if it has NAT
capability.

I looked up the one here (Siemens Speedstream 6520) and lo, it has NAT!
So Windows firewall is now disconnected. Went to the Symantec link Bruce
gave and we passed the security check with flying colors. I'll keep the
firewall off for a while and monitor closely for intrusions. Don't know
if you'd want to do the same as it is risky today! Lotta' screw-balls
out there but with my low-end PC I take chances and disable a LOT of
'overhead' stuff!

Let us know how you make out investigating NAT on you setup
All the best
Vic
___
"Jorie" <Jorie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7636A89D-121E-40EA-B390-78E47D4C4AE6@xxxxxxxxxxxxxxxx
This thread has given me great information. Thanks Vic for your
questions
and thanks Bruce for the answers. But, what is NAT on a router?

"Bruce Chambers" wrote:

Vic wrote:
Hi Bruce

Wow, your reply is very informative, and I realize there is a LOT
to
know about setting up firewalls.

You asked:

What version of WinXP are you running? I've never seen nor heard
of a
version of WinXP whose built-in firewall offers to announce
inbound
attempts at attacks. (There is an option to be notified if an
application on your computer tries something unexpected, but this
is
something completely different.)


It's XP Home SP2. When you said an APPLICATION doing something
funny
could trigger the warning popup it struck a cord. THAT is when I
saw
popups. Guess I was under the impression the firewall warned of
unexpected 'visitors' attempting access from the internet!

How can I know if the firewall IS stopping unsolicited inbound
attempts?



You can't, really, except the the absence of the sort of malware
that
firewalls prevent. That's one of the weaknesses of WinXP's built-in
firewall; one has to take its proper functioning on faith.





My system is pretty low end for XP. It's an OLD Tyan S1590 mobo
w/AMD
550mhz CPU, 384mb memory. Because of that I've always hesitated to
run a
firewall, concerned about sluggish performance!

If I may ask, being the job Windows Firewall does seems 'minimal'
and I
have no concerns about funny business going on over the home
network,
does it really make sense to have it on? I know the DSL
modem/router
(Siemens SpeedStream) has a built-in 'firewall' blocking ports.


As the WinXP firewall provides no additional protection over a
router
with NAT, it could be turned off without any loss of protection. So
long as that router is guaranteed not to ever fail, that is.



I've
done NUMEROUS checks for security on various websites including
http://grc.com/default.htm (click on SHIELDS-UP) which checks a
multitude of things. All ports come up STEALTH (green) and the PC
always
gets a good bill of health, though not perfect.


The last time I checked the "Shields Up" page, it neglected to
check some of the very ports used by Blaster/Welchia, et al. Has
that
oversight been corrected?

Anyway, another site for testing is:

Symantec Security Check
http://security.symantec.com/ssc/home.asp

Additionally, Gibson is a very poor source for computer
security
advice. Gibson has been fooling a lot of people for several years,
now,
so don't feel too bad about having believed him. He mixes just
enough
facts in with his hysteria and hyperbole to be plausible.
Despicably,
Gibson is assuming a presumably morally superior pose as a White
Knight
out to rescue the poor, defenseless computer user, all the while
offering solutions that do no good whatsoever.

Perhaps you should read what real computer security specialists
have to say about Steve Gibson's "security" expertise. You can
start here:
http://www.grcsucks.com/


In your opinion does it
make sense to turn off Windows Firewall and install another (e.g.
Zonealarm or Sygate Personal Firewall)?



Yes. it does. That's what I do for my own machines.


I know you believe in many layers of defense ... but how about on
a
low-end PC with an operator who is conservative and VERY cautious
about
sites visited?



Well, you are the single most important component of any
computer
security plan. There are several essential components to computer
security: a knowledgeable and pro-active user, a properly
configured
firewall, reliable and up-to-date antivirus software, and the prompt
repair (via patches, hotfixes, or service packs) of any known
vulnerabilities.

The weakest link in this "equation" is, most often, the
computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many
people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should
be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer.
All
too few people keep their antivirus software current, install
patches
in a timely manner, or stop to really think about that cutesy link
they're about to click.

Firewalls and anti-virus applications, which should always be
used
and should always be running, are important components of "safe
hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.

To learn more about practicing "safe hex," start with these
links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

List of Antivirus Software Vendors
http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

Home PC Firewall Guide
http://www.firewallguide.com/

Scumware.com
http://www.scumware.com/



Thanks again for your input, you guys are a tremendous help!
Vic




You're welcome.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand
Russell



.

Loading