Best free firewall

Hi,
Whats the best firewall for Windows XP pro, thats free?
Or stay with the XP firewall?

Re: Best free firewall

Please read the links below. It's a good read and as long as you're not
running a Web Server or similar on XP you'll be fine.

http://samspade.org/d/persfire.html

http://samspade.org/d/firewalls.html

Wayne McGlinn
Brisbane, Oz

"mcv" wrote in message
news:drbk0t$m58$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
> Hi,
> Whats the best firewall for Windows XP pro, thats free?
> Or stay with the XP firewall?
>
>
>

Re: Best free firewall

mcv ask:
> Whats the best firewall for Windows XP pro, thats free?

Nothin? at all.

> Or stay with the XP firewall?

Yeah, + http://ntsvcfg.de/ntsvcfg_eng.html (there are also some links to
good English written tips in http://ntsvcfg.de/linkblock_eng.html)

HTH & HAND
Wolfgang

Re: Best free firewall

mcv wrote:
> Whats the best firewall for Windows XP pro, thats free?
> Or stay with the XP firewall?

Stay with it.

Yours,
VB.
--
Netzwerkgrundlagen anhand Windows lernen zu wollen ist doch wie seine
ersten sexuellen Erfahrungen mit einer Prostituierten zu sammlen: Die
Leidenschaft fehlt, das wirklich Wichtige lernt man dabei nicht, und die
Chance sich einen Schädling einzufangen ist hoch. (Lukas Graf in d.c.s.m)

Re: Best free firewall

Victek wrote:
>> Hi
>> Im looking for at freeware firewall i can use instead of the on that
>> is in XP Pro. Which one is the best and does not use a lot of
>> resources.
>> TY in advance.
>
> It seems that everyone forgot to answer your question in the heat of
> battle . Have a look at ZoneAlarm and PC Tools Firewall Plus. Both
> are freeware and will make the status of your connections a lot more
> obvious.
>
> www.pctools.com
>
> www.checkpoint.com
>
>
There's also Online Armor at
http://www.tallemu.com/online_armor_test_results.html

They also have a paid version with more options - keylogger
in particular. But if you're running a good AV and a good
Anti-Spyware, the free version is probably adequate.

Louise

Re: Best free firewall

louise wrote:


> There's also Online Armor at
> http://www.tallemu.com/online_armor_test_results.html


You mean the one which has a privilege service opening 6 invisible windows,
rendering it trivially prone to shatter attacks?

You mean the one which even crashes on the standard WHQL driver tests?

Re: Best free firewall

goarilla wrote:

> Sebastian G. schreef:
>> louise wrote:
>>
>>
>>> There's also Online Armor at
>>> http://www.tallemu.com/online_armor_test_results.html
>>
>> You mean the one which has a privilege service opening 6 invisible
>> windows, rendering it trivially prone to shatter attacks?
>>
>
> it opens 6 invisible windows you mean ???


Yes, that's what Spy++ shows me. Sending a WM_SHOW message to them makes
them visible.

> it forks 6 graphical invisible processes?


No, it runs 6 invisible windows in the privileged service process.

> shatter attacks ? got any good links relating to that


Google is your friend, but well, the principle of shatter attacks is very
simply: First you send a WM_SETTEXT message to the windows which allows you
to place arbitrary bytes in the target process memory. Then you send a
WM_TIMER message with a callback address pointing into the memory space you
wrote.


> PS: Can you give me the links pertaining to winipfw patches, my machine
> died :( and i'm thinking off rebuilding
> my sister's pc which i'm currently on.


You've got mail.

Re: Best free firewall

Sebastian G. schreef:
> louise wrote:
>
>
>> There's also Online Armor at
>> http://www.tallemu.com/online_armor_test_results.html
>
>
> You mean the one which has a privilege service opening 6 invisible
> windows, rendering it trivially prone to shatter attacks?
>

it opens 6 invisible windows you mean ??? it forks 6 graphical invisible
processes?
shatter attacks ? got any good links relating to that

> You mean the one which even crashes on the standard WHQL driver tests?

PS: Can you give me the links pertaining to winipfw patches, my machine
died :( and i'm thinking off rebuilding
my sister's pc which i'm currently on.

Re: Best free firewall

Sebastian G. schreef:
> goarilla wrote:
>
>> Sebastian G. schreef:
>>> louise wrote:
>>>
>>>
>>>> There's also Online Armor at
>>>> http://www.tallemu.com/online_armor_test_results.html
>>>
>>> You mean the one which has a privilege service opening 6 invisible
>>> windows, rendering it trivially prone to shatter attacks?
>>>
>>
>> it opens 6 invisible windows you mean ???
>
>
> Yes, that's what Spy++ shows me. Sending a WM_SHOW message to them makes
> them visible.
>
>> it forks 6 graphical invisible processes?
>
>
> No, it runs 6 invisible windows in the privileged service process.
>
>> shatter attacks ? got any good links relating to that
>
>
> Google is your friend, but well, the principle of shatter attacks is
> very simply: First you send a WM_SETTEXT message to the windows which
> allows you to place arbitrary bytes in the target process memory. Then
> you send a WM_TIMER message with a callback address pointing into the
> memory space you wrote.
>

sounds like abusing shared memory

>
>> PS: Can you give me the links pertaining to winipfw patches, my
>> machine died :( and i'm thinking off rebuilding
>> my sister's pc which i'm currently on.
>
>
> You've got mail.

does process explorer give you the same information about invisible windows
eg if it's a process that has invisible windows you can click window and
bring it to the front
because there is a lot of Spy++ info on google but it seems to be
MSDN/VS related

WM_SHOW etc... syntax seems to be very similar to *Nix window managers
coincidence ?

Re: Best free firewall

goarilla wrote:


> sounds like abusing shared memory


No, it's not shared memory. The problem is a shared Desktop object, which
allows any process to send IPC messages to another process, and the default
implementation of this IPC mechanism executing callbacks.

Of course, Microsoft explicitly told the developers to never open windows in
a privileged process, and separating all UI functionality into an
unprivileged client. Seems like the developers of this security software
never bothered to read the most basic security documentation.

> does process explorer give you the same information about invisible windows
> eg if it's a process that has invisible windows you can click window and
> bring it to the front


No. Process Explorer only cares for visible windows, which is a sensible
design decision.

> because there is a lot of Spy++ info on google but it seems to be
> MSDN/VS related


Because it's a tool from VS. But it's available for free in the trials of
VS, and possibly also in the Express editions.

But there's also a freeware with the name "Winspector" which does the same.

> WM_SHOW etc... syntax seems to be very similar to *Nix window managers
> coincidence ?

Maybe. Window managers on Unix don't have an equivalent of DefaultWndProc
(every window is responsible for doing its own UI), and messaging rather
works by polling than pushing. But unless you use the X11 security
extension, it's generally true that graphical application can send arbitrary
events to other applications.

Re: Best free firewall

Sebastian G. schreef:
> goarilla wrote:
>
>
>> sounds like abusing shared memory
>
>
> No, it's not shared memory. The problem is a shared Desktop object,
> which allows any process to send IPC messages to another process, and
> the default implementation of this IPC mechanism executing callbacks.
>
> Of course, Microsoft explicitly told the developers to never open
> windows in a privileged process, and separating all UI functionality
> into an unprivileged client. Seems like the developers of this security
> software never bothered to read the most basic security documentation.
>
>> does process explorer give you the same information about invisible
>> windows
>> eg if it's a process that has invisible windows you can click window
>> and bring it to the front
>
>
> No. Process Explorer only cares for visible windows, which is a sensible
> design decision.
>
>> because there is a lot of Spy++ info on google but it seems to be
>> MSDN/VS related
>
>
> Because it's a tool from VS. But it's available for free in the trials
> of VS, and possibly also in the Express editions.
>
> But there's also a freeware with the name "Winspector" which does the same.
>
>> WM_SHOW etc... syntax seems to be very similar to *Nix window managers
>> coincidence ?
>
> Maybe. Window managers on Unix don't have an equivalent of
> DefaultWndProc (every window is responsible for doing its own UI), and
> messaging rather works by polling than pushing. But unless you use the
> X11 security extension, it's generally true that graphical application
> can send arbitrary events to other applications.
wow this is yet again a buttload of info but i use MIT-MAGIC-COOKIE ...
am i vulnerable to scatter attacks ?