Deploying Windows Firewall Settings for XP SP2 (Update)

Advertisement (Why?)

Windows XP Service Pack 2 (SP2), currently a Release Candidate in Beta testing, includes significant enhancements to the Windows Firewall component, previously known as the Internet Connection Firewall (ICF). Windows Firewall is a stateful host-based firewall that discards unsolicited incoming traffic, providing a level of protection for computers against malicious users or programs.

To provide better protection for computers connected to any kind of network (such as the Internet, a home network, or an organization network), Windows XP SP2 enables Windows Firewall on all network connections by default. This new behavior can impair some types of communications. This article describes how to deploy the appropriate configuration settings for Windows Firewall on an organization network so that it is enabled and providing protection, and so that communications are not impaired.

Download: Deploying Windows Firewall Settings for Microsoft® Windows® XP with Service Pack 2

View: Manually Configuring Windows Firewall in Windows XP Service Pack 2

View: Windows XP Service Pack 2: A Developer's View

Project 2002 Service Pack 1 (SP1)
Project 2002 Service Pack 1 (SP1) provides the latest updates to Microsoft Project 2002. SP1 contains significant security enhancements as well as stability and performance improvements. This service pack contains all previously released updates to Project 2002.

Project 2002 Service Pack 1 (SP1) for Multilingual User Interface Pack
Project 2002 Service Pack 1 for Multilingual User Interface Pack ensures that Microsoft Project 2002 Service Pack 1 performs with complete functionality when you use a Project 2002 Multilingual User Interface Pack.

SharePoint Portal Server 2001 Service Pack 3 (SP3): KB837017
SharePoint Portal Server 2001 Service Pack 3 (SP3) is a cumulative service pack that provides updates based on the Microsoft Trustworthy Computing Initiative, and the latest fixes for customer-reported issues. SP3 is divided into five parts to ease downloads. All five parts are required. We strongly encourage customers to install SP3 on all Microsoft SharePoint Portal Server servers.

Visio 2002 Service Pack 2 (SP2)
Visio 2002 Service Pack 2 (SP2) provides the latest updates to Microsoft Visio 2002. SP2 contains significant security enhancements as well as stability and performance improvements. This service pack applies to any level of Microsoft Visio 2002. It contains all updates included in Visio 2002 Service Release 1 (SR1), in addition to updates released after SR1.

(6 replies) #1 naap51stang on 24 Mar 2004 - 04:36

Haven't read it, but is it necessary to even turn this on, if one is running an external firewall,
be it of the software or hardware variety?

#1.1 Milliamp on 24 Mar 2004 - 05:00

There is no such thing as an external firewall of the software veriety. If you are running a NAT box then that pretty much takes care of all incomming connection attempts.

#1.2 Octol on 24 Mar 2004 - 05:28

If you have a software firewall like ZoneAlarm, you don't need the ICF. If you have a hardware firewall, that'll keep traffic out, but it won't keep anything in (like a trojan trying to 'call home'), which is why you should still run a software firewall like ZoneAlarm. If you don't have anything, you definitely need to enable the ICF.

#1.3 Jon on 24 Mar 2004 - 09:05

QUOTE

If you have a hardware firewall, that'll keep traffic out, but it won't keep anything in

And the incorrect statement of the year award goes to... Octol!

#1.4 shao on 24 Mar 2004 - 15:16

sounds fine to me.
Some software firewalls are process based, and only allow specific user control processes to talk out from the pc, which is exactly what he meant.
Of course, any firewall, either hardware of software doesn't imply a safe policy of allowing specific traffic running over specific ports. Especially as more and more services are running over firewall safe ports - 21, 80, 8080, 443, etc.

#1.5 bsarmir on 24 Mar 2004 - 21:16

I Guess he's talking about a NAT firewall, which will only block unrequested incoming--nothing outgoing.

#1.6 KXM on 25 Mar 2004 - 01:26

Let's keep in mind, the Win Firewall runs at boot start, where as a third-party fire wall doesn't run till windows has finished booting. Not a big gap in time, but one worth turning it on.

(2 replies) #2 DaCoOlNeSs on 24 Mar 2004 - 04:40

lol, can someone summarize this and tell me how to turn it off, geez, that is WAYYYY too long to read

#2.1 gameguy on 24 Mar 2004 - 04:45

You can't be serious... There's an icon in the Control Panel

#2.2 Mav Phoenix on 24 Mar 2004 - 05:23

^lol

so true.

#3 sodapop on 24 Mar 2004 - 06:42

I know this is a noobish question to ask but, I have an Airport extreme. I think that has a firewall in it.

Am I right? I mean thats what I need right?

#4 mayamaniac on 24 Mar 2004 - 07:34

Is this new Windows Firewall based on Tiny Firewall like the orginal simple ICF one that came with winXP? Or did MS developed this on their own?

(4 replies) #5 j823777 on 24 Mar 2004 - 13:15

OK it's an improvement and will shield MS from the embarrassment of the likes of Blaster - but there's still no application filtering.

As Octol correctly stated - in general neither a home user's hardware firewall nor Windows firewall will know or care what application initiated an outbound connection (such as call-home malware). It will simply see it as a solicited connection and therefore allow the reverse communication from the malware client (or server depending how you want to look at it

) out there on the internet.

IMHO before you connect to any public network: turn off the Windows Firewall, install a personal firewall with application filtering including DLL injection & process spoofing/chaining detection (and an anti-virus package while you're at it...and a startup monitor if you're paranoid like me

#5.1 Jon on 24 Mar 2004 - 13:30

As Octol correctly stated - in general neither a home user's hardware firewall nor Windows firewall will know or care what application initiated an outbound connection

Nope, that isn't what Octol stated, he didn't specify home users. And a properly configured home router DOES block out bound connections (depending on the port obviously), you should know better.

#5.2 j823777 on 24 Mar 2004 - 14:09

Ok we're getting a bit pedantic now. I thought it too obvious to state that the owner of the 'call-home' malware would have set it to use a common port

#5.3 Jon on 24 Mar 2004 - 15:50

Personally I don't think the firewall is the right place to prevent this, it's been clearly proven that most users have no clue what traffic they are invited to block or permit, it's a case of way too much information. Look at how well blaster spread, and how many users of personal firewalls became infected. They can't be relied upon to configure it correctly.

A *FAR* simpler solution for the user is scheduled AV / adware scans from properly congifured software (ie: set to update frequently).

Assuming a user understands the concepts of firewalling, ports and IP addressing is stupidity and totally unfair. Give an app a sensible name, even on a port that they recognise, and chances are they'll permit the traffic.

#5.4 chacho on 24 Mar 2004 - 23:10

or they could make another wizard! yay!

(2 replies) #6 dropkick murphys on 24 Mar 2004 - 20:18

Who uses the crappy built-in firewall anyways

#6.1 KXM on 25 Mar 2004 - 01:29

Not many use the crappy ICF, but SP2's Windows Firewall isn't as bad as you'd think. It's still not a good replacement of a third-party one. But it'll work in a pinch.

#6.2 ~*McoreD*~ on 26 Mar 2004 - 05:14

The new Windows Firewall shouldn't be that bad. I will dump Norton Internet Security and give this a shot.

#7 ~*McoreD*~ on 26 Mar 2004 - 05:27

Test your Windows Firewall from here: http://grc.com/x/ne.dll?rh1dkyd2.

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Neowin.net