Desktop firewalls: Windows XP vs 3rd party

0 pts.
Tags:
Desktop vs network-based firewalls
Firewalls
Forensics
Incident response
Intrusion management
Microsoft Windows
Network security
VPN
Windows XP
Wireless
For those with more experience with Windows XP, what do you think of the native personal firewall software? We recently upgraded a remote user to Windows XP from Windows 2000 Pro (actually, he got a new laptop). He connects to the Internet over DSL and we installed a free ZoneLabs firewall when he was running 2KPro. What?s the verdict on the quality of the XP/IE firewalls? Should we install another 3rd party firewall or just go with the native stuff?
ASKED: May 11, 2005  7:09 PM
UPDATED: May 17, 2005  9:26 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

The Windows XP SP2 firewall does a great job, however, it is probably not the best choice because it locks EVERYTHING down and if the user is not too experienced with firewalls they can have a lot of problems with different programs. On the other hand, ZoneLabs visually allows the user to choose whether to allow a program or service to get past the firewall or not. Hope this helps…

Discuss This Question: 7  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Cptrelentless
    Zonealarm is really buggy and I've heard of quite a few conflicts with this software. I'd recommend the kerio personal firewall over this any day. The windows firewall is fine if you have a secure hole to the outside, like a NAT router. All firewalls are only as good as the person configuring them, though. If in doubt, block it.
    0 pointsBadges:
    report
  • Worker1
    Is this user behind a router? If not I would spend the $50 or so and purchase a product. I've used zone alarm without too much problem but do agree it can be buggy and cause conflicts with other programs. Also be careful with freeware for business use. It is usually illegal. How does the user connect to the corporate network? Thats also a major concern. Does the VPN do split tunnelling?
    0 pointsBadges:
    report
  • Pedwards17
    I'm by no means a Microsoft-basher, but I would prefer to use a 3rd party firewall. I'd rather not trust Microsoft to protect me from vulnerabilities that they may have created. I've used both Norton's and Trend Micro's personal firewalls, and I prefer Trend's. I also tried ZoneAlarm's firewall a few years ago (both the free and the pro versions), and I found them to be buggy. Zone's tech support was awful, too.
    0 pointsBadges:
    report
  • Thomasmac
    The XP firewall allthough good does not block outgoing! So yes I would go with something else !There is so much adware and spyware out there and if the person uses it also for personal use IE browseing the web at home he should have something that blocks outgoing and be TAUGHT to use the firewall to the Comapanie's best advantage! Also install antispy ware and adware products on the box and shown how to use them ! I have found that education is the best defense ! Most of it is guite simple once the person is shown how !
    0 pointsBadges:
    report
  • Sonyfreek
    My biggest qualm with the MS firewall is that you cannot set a range of source or destination ports to accept TCP/UDP connections on. I still cannot figure out how to set it to allow connections from any port (ephemeral) to something like TCP 137 or 445. Maybe I'm missing something, but it seems like a dumbed down firewall. It makes no sense why I can't have fine grained control over it. Lastly, it does not allow you to block outgoing traffic. Having said so, I'd choose other personal firewalls over the MS firewall. SF
    0 pointsBadges:
    report
  • Poppaman2
    I agree that the MS firewall is OK as such (ie: for a home user who "just wants to turn it on and go - don't know/care about all that geek stuff"...), but should be disabled and supplanted by a third party product for business use. Having said that, I have tested many of the major products available: a brief summary of my findings AS RELATES TO MY ENVIRONMENT follows (remember - your mileage may vary... The findings and opinions are my own exclusively and are not those of my employer): Norton/Symantec - OK for business use. Best configured to deny all, and in verbose mode (ie: learning mode) to develop the ACL. A bit of a hassle for the end user for about the first two weeks. Think of Norton as a Hummer (see my comment below regarding Sygate...) Zone Labs/Zone Alarm - buggy. Has a tendency to break remote access/control and VPN applications. Although the Pro version is better than the freeware, I still feel that there are other, better products out there. Black Ice Defender - locked my cursor in the 0,0 position. Repeated attempts to address the issue myself and through Black Ice technical support were unsuccessful. An in-person (and informal) meeting with one of their engineers (at a trade show) brought promises of attention but no further communication. This was in preparation for a 300 seat rollout, so this speaks ill for the company. Resolution of the issue was only accomplished after a bare drive re-install of my OS (Windows XP). I do not suggest the use of this product. Tiny Personal Firewall - incompatible with my environment. No other information available - has a good industry reputation, though. Sygate - The most robust personal firewall I have tested; also part of a remote access suite, so it is very flexible, if you need that type of administration. One of the industry magazines (I do not remember which one, or I would attribute the statement) likens Sygate Personal Firewall to an M1A1 Abrams tank. This is my personal choice. Be aware, however that it may be a bit involved for a non-technical person to use. I strongly suggest that it be configured after installation by launching all installed programs and applying the appropriate rules (ie: set up the ACL first...)prior to rollout to the end user.
    0 pointsBadges:
    report
  • Poppaman2
    I agree that the MS firewall is OK as such (ie: for a home user who "just wants to turn it on and go - don't know/care about all that geek stuff"...), but should be disabled and supplanted by a third party product for business use. Having said that, I have tested many of the major products available: a brief summary of my findings AS RELATES TO MY ENVIRONMENT follows (remember - your mileage may vary... The findings and opinions are my own exclusively and are not those of my employer): Norton/Symantec - OK for business use. Best configured to deny all, and in verbose mode (ie: learning mode) to develop the ACL. A bit of a hassle for the end user for about the first two weeks. Think of Norton as a Hummer (see my comment below regarding Sygate...) Zone Labs/Zone Alarm - buggy. Has a tendency to break remote access/control and VPN applications. Although the Pro version is better than the freeware, I still feel that there are other, better products out there. Black Ice Defender - locked my cursor in the 0,0 position. Repeated attempts to address the issue myself and through Black Ice technical support were unsuccessful. An in-person (and informal) meeting with one of their engineers (at a trade show) brought promises of attention but no further communication. This was in preparation for a 300 seat rollout, so this speaks ill for the company. Resolution of the issue was only accomplished after a bare drive re-install of my OS (Windows XP). I do not suggest the use of this product. Tiny Personal Firewall - incompatible with my environment. No other information available - has a good industry reputation, though. Sygate - The most robust personal firewall I have tested; also part of a remote access suite, so it is very flexible, if you need that type of administration. One of the industry magazines (I do not remember which one, or I would attribute the statement) likens Sygate Personal Firewall to an M1A1 Abrams tank. This is my personal choice. Be aware, however that it may be a bit involved for a non-technical person to use. I strongly suggest that it be configured after installation by launching all installed programs and applying the appropriate rules (ie: set up the ACL first...)prior to rollout to the end user.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following