New Posts  All Forums:Forum Nav:

Windows Firewall

post #1 of 7
Thread Starter 
How effective is the windows firewall? I didn't hit Unblock and Limewire can still download. See screenshot.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core2 Duo E8400 3.0Ghz Gigabyte GA-EP45-UD3P EVGA 8800 GTS 2x OCZ 2Gb 
Hard DriveOptical DriveOSMonitor
2xSeagate Barracuda 7200.10 250Gb in RAID0 DVD-RW Windows 7 x64 RC1 Sceptre 20.1" 
KeyboardPowerCaseMouse
DCT Factory Enhanced K/B PC Power & Cooling 750w Ultra Wizard Black Mid-Tower M$ 5-Button Optical 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core2 Duo E8400 3.0Ghz Gigabyte GA-EP45-UD3P EVGA 8800 GTS 2x OCZ 2Gb 
Hard DriveOptical DriveOSMonitor
2xSeagate Barracuda 7200.10 250Gb in RAID0 DVD-RW Windows 7 x64 RC1 Sceptre 20.1" 
KeyboardPowerCaseMouse
DCT Factory Enhanced K/B PC Power & Cooling 750w Ultra Wizard Black Mid-Tower M$ 5-Button Optical 
  hide details  
Reply
post #2 of 7
Well i never used to think that windows Firewall was anygood But for such a small pathetic looking app it can keep some of the bad boys out. Even though what you describe above is dodgy lol.
post #3 of 7
Limewire has probably switched to a port already allowed in. Many P2P applications will allow themselves to run behind a firewall.
Main Rig
(15 items)
 
  
Reply
Main Rig
(15 items)
 
  
Reply
post #4 of 7
Its a good firewall, just so long as you have a hardware firewall as well (read: router). If you dont have a hardware firewall, get a better software firewall.
post #5 of 7
Quote from this website
Quote:
Windows XP Internet Connection Firewall blocks incoming attacks only
Windows XP ICF does not monitor the outgoing connections from your computer. This means, the trojans and other malicious programs, data-miners are not detected. Any information can be sent by a malware program from your computer, as you are not alerted about that. Consider using a third-party Application based firewall like ZoneAlarm from www.zonelabs.com . Sygate or Outpost Firewall. ZoneAlarm is truly an application based firewall which alerts you whenever a program accesses the internet. You can configure the rule if you want to allow Internet access to an application permanently or on a case-by-case basis. You can also configure if your application should act as a server or just an application.
To quickly monitor which processes are accessing the internet [established], open a Command Prompt window and type "NETSTAT -o". This shows the Process IDs which have established connections to a server. This is a quick way to identify is a Trojan is active. Next option is to use Port Scanners. TCPView, excellent utility from Sysinternals.com shows the TCP information to quickly track which application is doing what. Using these utilities add value to the system security, and this does not mean Firewalls are not necessary. Firewalls are a must. If a trojan accesses the internet [may be to steal your passwords, valuable information], ZoneAlarm or any other App-based firewall alerts you that a new program <programname.exe> is accessing the internet. Think well before allowing access to a program. Otherwise, the very purpose of a Firewall is defeated. If you see any suspicious names, search www.google.com using the keyword and find out what application is the file related to. Or, seek assistance from experts in Microsoft Newsgroup or any reputed online Technical support forum. Then decide whether to allow access or not.
Quote from this website
Quote:
Just so you know, WinXP's built-in firewall does not attempt to manage or restrict outbound connections at all. It appears to be a useful firewall for hiding the machine from the Internet (it has "stealth mode" unsolicited packet handling), but you will still need to use a good third-party personal firewall if you wish to manage and control outbound connections from your system.
So I assume that LimeWire must have initiated an outgoing connection and as such was not blocked by Windows Firewall.
I think that even when you download from a client, and although the packets they send you are incoming, you first connect to the client (which is also considered as an outgoing connection since it starts on your machine and targets the remote machine).
I think P2P software uses UDP to constantly refresh your rank on other client queues.
But they use TCP to establish a "connection oriented" link to another machine. This link remains open (and you receive downloaded data through it) as long as you are connected to them. And it is allowed by Windows Firewall because you initiate it and as such it is considered to be outgoing (and not blocked).

This might explain it.

Cheers.

**Edit:
By the way... also check this link, it's interesting
Page 7
Quote:
11. What important components are missing or lacking in XP SP2 Windows Firewall?
While effective for some users, the latest release of the XP firewall still lacks several features that are
standard in other industry leading firewalls. The most critical shortcoming in the SP2 firewall is the lack
of robust configuration/management, reporting and logging as well as a lack of modular settings for use.
The following list details the functionality lacking in Windows Firewall that is typically found in a system
or host firewall:
Available only as part of the Windows XP platform. Support for other operating systems is
unavailable.
Supports only a limited set of protocols: TCP, UDP, and limited ICMP support.
Blocks only incoming communication: The default is all. All outgoing communication is always
allowed.
Includes only simple rule processing that is applied globally to all applications.
Relies primarily on an end-user configuration and administration model.
Does not filter unsolicited outbound traffic
Does not support blocked IP addresses
Does not have an easily accessible UI
Does not have a visual trace
Does not offer the ability to trust or ban specific IP addresses
Does not display intrusion alerts or settings
Does not automatically recognize trusted applications
Does not provide security levels
Does not allow alert customization
Does not have a traffic or application monitor
My System
(13 items)
 
  
CPUMotherboardOSMonitor
P4 630 3.0GHz Asus P5LD2-VM Windows XP Pro (SP2) Viewsonic VX-724 (LCD) 
PowerCaseMouse
Antec TruePower II 480W TT SViking (modded) Logitech G5 +TT Gamma Pad 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardOSMonitor
P4 630 3.0GHz Asus P5LD2-VM Windows XP Pro (SP2) Viewsonic VX-724 (LCD) 
PowerCaseMouse
Antec TruePower II 480W TT SViking (modded) Logitech G5 +TT Gamma Pad 
  hide details  
Reply
post #6 of 7
Thread Starter 
I do have a hardware firewall. But so your saying that if a virus or something got on my computer, as long as it started the connection, it could download whatever it wanted to?
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core2 Duo E8400 3.0Ghz Gigabyte GA-EP45-UD3P EVGA 8800 GTS 2x OCZ 2Gb 
Hard DriveOptical DriveOSMonitor
2xSeagate Barracuda 7200.10 250Gb in RAID0 DVD-RW Windows 7 x64 RC1 Sceptre 20.1" 
KeyboardPowerCaseMouse
DCT Factory Enhanced K/B PC Power & Cooling 750w Ultra Wizard Black Mid-Tower M$ 5-Button Optical 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core2 Duo E8400 3.0Ghz Gigabyte GA-EP45-UD3P EVGA 8800 GTS 2x OCZ 2Gb 
Hard DriveOptical DriveOSMonitor
2xSeagate Barracuda 7200.10 250Gb in RAID0 DVD-RW Windows 7 x64 RC1 Sceptre 20.1" 
KeyboardPowerCaseMouse
DCT Factory Enhanced K/B PC Power & Cooling 750w Ultra Wizard Black Mid-Tower M$ 5-Button Optical 
  hide details  
Reply
post #7 of 7
Quote:
Originally Posted by Hollowman8904
I do have a hardware firewall. But so your saying that if a virus or something got on my computer, as long as it started the connection, it could download whatever it wanted to?
If you are only running Windows XP's firewall and according to the quotes in my previous post that explain how Windows XP's firewall doesn't block outgoing connection attempts... yes that's what I'm saying.
Once the virus resides on your machine then any connections it initiates are considered to be outbound connections (as they start on your machine locally and target a remote machine).

Malware outgoing traffic will usually use TCP port 80 since it can get free access to the internet on about 90% of firewalls on this port. This is the reason why it is pretty hard to filter out only malware with only hardware firewall.
This is why you need a software based firewall that will limit outgoing access to port 80 to a certain number of uniquely identified and accepted applications.

Even with firewalls that only allow outbound connections to certain accepted programs, some malicious programs can still get access to the Internet.
How ? Well if your firewall doesn't have a way of identifying a file (making sure it is who it pretends to be) then the virus can simply rename itself to iexplore.exe, for example, and pretend to be Microsoft's Internet Explorer (which supposedly has a rule in your firewall allowing it to access the remote port 80... otherwise you wouldn't be able to browse the net) and thus get access to the external world.

Some good firewalls like "Tiny Personal Firewall" (which I use) uniquely identify programs by using a checksum method (an algorithm-based method of determining the integrity and authenticity of a digital data object) instead of just checking the program's file name.

IMO, the best is to have a combination of both a hardware and a software based firewall.
My System
(13 items)
 
  
CPUMotherboardOSMonitor
P4 630 3.0GHz Asus P5LD2-VM Windows XP Pro (SP2) Viewsonic VX-724 (LCD) 
PowerCaseMouse
Antec TruePower II 480W TT SViking (modded) Logitech G5 +TT Gamma Pad 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardOSMonitor
P4 630 3.0GHz Asus P5LD2-VM Windows XP Pro (SP2) Viewsonic VX-724 (LCD) 
PowerCaseMouse
Antec TruePower II 480W TT SViking (modded) Logitech G5 +TT Gamma Pad 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security