Loading ...
Sorry, an error occurred while loading the content.

XP FIREWALL

Expand Messages
  • M.M.
    Hello, Recently installed Windows xp pro + sp2 (previously I had with sp1), noticed it has that security center and a firewall. Previously I had a separate
    Message 1 of 14 , Jan 9, 2008
    • 0 Attachment
      Hello,
      Recently installed Windows xp pro + sp2 (previously I had with sp1), noticed
      it has that security center and a firewall. Previously I had a separate
      firewall installed.
      I would like to ask if the Windows firewall is good enough or should I
      install again some other firewall program - and disable the original?
      Will appreciate your opinions.
      Many Thanks
      Mordechai
      m.mordechai@...


      [Non-text portions of this message have been removed]
    • sisterscape
      I immediately disabled the Windows firewall and installed ZoneAlarm. I don t think you can run another firewall with the one in Windows. ...
      Message 2 of 14 , Jan 9, 2008
      • 0 Attachment
        I immediately disabled the Windows firewall and installed ZoneAlarm. I
        don't think you can run another firewall with the one in Windows.


        --- "M.M." <m.mordechai@...> wrote:

        > Hello,
        > Recently installed Windows xp pro + sp2 (previously I had with sp1),
        > noticed
        > it has that security center and a firewall. Previously I had a
        > separate
        > firewall installed.
        > I would like to ask if the Windows firewall is good enough or should
        > I
        > install again some other firewall program - and disable the original?
        > Will appreciate your opinions.
        > Many Thanks
        > Mordechai
        > m.mordechai@...
        >



        ____________________________________________________________________________________
        Never miss a thing. Make Yahoo your home page.
        http://www.yahoo.com/r/hs
      • Brian Binder
        It s fine for in-bound security, but does little to nothing for things like worms or compromised programs that contact the Internet from your machine. So if
        Message 3 of 14 , Jan 9, 2008
        • 0 Attachment
          It's fine for in-bound security, but does little to nothing for things
          like worms or compromised programs that contact the Internet from your
          machine. So if that's important to you, you can add something else like
          Comodo, as an example.

          M.M. wrote:
          >
          >
          > Hello,
          > Recently installed Windows xp pro + sp2 (previously I had with sp1), noticed
          > it has that security center and a firewall. Previously I had a separate
          > firewall installed.
          > I would like to ask if the Windows firewall is good enough or should I
          > install again some other firewall program - and disable the original?
          > Will appreciate your opinions.
          > Many Thanks
          > Mordechai
          > m.mordechai@... <mailto:m.mordechai%40gmail.com>
        • David Smart
          One of my customers was using Zone Alarm, and it was a pain in the proverbial. He is happy with XP Home Windows FireWall on his laptop. I run Windows FireWall
          Message 4 of 14 , Jan 10, 2008
          • 0 Attachment
            One of my customers was using Zone Alarm, and it was a pain in the
            proverbial.

            He is happy with XP Home Windows FireWall on his laptop.

            I run Windows FireWall on my 2003 server for my cable connection, and XP Pro
            FireWall on the laptop I connect my cellular Internet modem to. I've never
            had problems with them.

            Regards, Dave S

            ----- Original Message -----
            From: "sisterscape" <sisterscape@...>
            To: <ntb-OffTopic@yahoogroups.com>
            Sent: Thursday, January 10, 2008 10:54 AM
            Subject: Re: [NTO] XP FIREWALL


            >I immediately disabled the Windows firewall and installed ZoneAlarm. I
            > don't think you can run another firewall with the one in Windows.
            >
            >
            > --- "M.M." <m.mordechai@...> wrote:
            >
            >> Hello,
            >> Recently installed Windows xp pro + sp2 (previously I had with sp1),
            >> noticed
            >> it has that security center and a firewall. Previously I had a
            >> separate
            >> firewall installed.
            >> I would like to ask if the Windows firewall is good enough or should
            >> I
            >> install again some other firewall program - and disable the original?
            >> Will appreciate your opinions.
            >> Many Thanks
            >> Mordechai
            >> m.mordechai@...
            >>
            >
            >
            >
            >
            > ____________________________________________________________________________________
            > Never miss a thing. Make Yahoo your home page.
            > http://www.yahoo.com/r/hs
            >
            >
            >
            > Yahoo! Groups Links
            >
            >
            >
          • Greg Chapman
            Hi Mordechai, ... It s fine for in-bound security, but does little to nothing for things like worms or compromised programs that contact the Internet from your
            Message 5 of 14 , Jan 10, 2008
            • 0 Attachment
              Hi Mordechai,

              Brian is right when he says:
              ---------------
              It's fine for in-bound security, but does little to nothing for things
              like worms or compromised programs that contact the Internet from your
              machine.
              ---------------

              so when...

              On 10 Jan 08 08:04 "David Smart" <smartware.consulting@...>
              said:
              > One of my customers was using Zone Alarm, and it was a pain in the
              > proverbial.

              You have to ask a bit more.

              Windows Firewall is utterly painless. It just sits there doing what it
              was designed to do and requires no training by the user.

              ZoneAlarm, or any full firewall that handles both inbound and outbound
              traffic, will, initially, appear to be a pain. Dialogue boxes will
              appear constantly warning you of activity and asking you for a
              decision about how to handle this type of traffic in the future.
              Perhaps that was the pain for David's client?

              Even after initial installation it will recognise every software patch
              and program update, and assume that it is an infected program and
              require confirmation that you are aware of the change. If you're
              computer/network naive then it can present you with questions that are
              meaningless gobbley gook, and you'll stab at them wildly never knowing
              whether you "played safe" or have done something "dangerous".

              > He is happy with XP Home Windows FireWall on his laptop.

              Whether David's client is better protected by a badly set up ZoneAlarm
              or by the "incomplete" Windows Firewall will depend entirely on the
              nature of the traffic passing between the Computer and the rest of the
              internet.

              > I run Windows FireWall on my 2003 server for my cable connection,
              > and XP Pro FireWall on the laptop I connect my cellular Internet
              > modem to. I've never had problems with them.

              Never having "problems" is pretty meaningless. It will depend
              entirely whether you would recognise a problem if you saw one.

              For example. the kind of software that "invades" a computer and then
              acts as someone else's proxy, so it's your machine that's doing the
              dirty to everyone else on the internet is, by its nature, designed to
              remain invisible, and cause "no problems" on the host computer. That
              doesn't mean there's not a problem for the rest of the world. This
              kind of program can come in attached to an e-mail and appear to a
              firewall (Windows or any other firewall) as legitimate traffic.
              (That's why you need effective anti-virus software running to stop
              this kind of thing.) Once in, Windows Firewall will not detect its
              precence, but it will sit there doing its worst.

              In the days of dialup connections the activity that these programs
              generated was obvious to the user. There'd be, for example, constant
              requests to connect to the internet, or on-line activity would appear
              to run very slowly. However, in the days of high-speed always-on
              broadband connections, such activity will be indetectable by the
              average user.

              So it all depends on what you, or others, do on your computer as to
              whether Windows Firewall is sufficient for your needs. Unfortunately,
              it's one of those Catch 22 questions, because, unless you understand
              the issues you can't setup a full firewall properly and if it's not
              set up right then it's not doing the job it was intended to do. If
              that's the case, you might just as well stick with Windows Firewall.

              Greg
            • hsavage
              ... Mordechai, Almost any of the reviews and/or opinions of the EXPERTS that test software and write the articles about firewall programs seem to be united
              Message 6 of 14 , Jan 10, 2008
              • 0 Attachment
                At , you wrote:
                > Hello,
                > Recently installed Windows xp pro + sp2 (previously I had with sp1),
                > noticedit has that security center and a firewall. Previously I had a
                > separate firewall installed.
                >
                > I would like to ask if the Windows firewall is good enough or should I
                > install again some other firewall program - and disable the original?
                >
                > Will appreciate your opinions.
                > Many Thanks
                > Mordechai
                > m.mordechai@...

                Mordechai,

                Almost any of the reviews and/or opinions of the "EXPERTS" that test
                software and write the articles about firewall programs seem to be
                united against the use of "Windows Firewall".

                From the never-ending number of reports of security holes in the
                Windows OS I tend to believe the "EXPERTS".

                ·············································
                ºvº SL-01-73 -created- 2008.01.10 - 00.30.12

                Measure of SUCCESS:
                At age 50 is.....
                "Having money."
                ¤ ø ¤ hrs ø hsavage@...
              • Brian Binder
                I will comment on this particular comment, just for the benefit of the group. Keep in mind, that most firewall programs have vulnerabilities, whether they are
                Message 7 of 14 , Jan 10, 2008
                • 0 Attachment
                  I will comment on this particular comment, just for the benefit of the
                  group.

                  Keep in mind, that most firewall programs have vulnerabilities, whether
                  they are based on the security of the OS or a problem with their code in
                  specific. Even Zone Alarm falls prey to both, so if you aren't in a
                  habit of keeping Windows XP up to date on patches, your firewall will
                  fall prey to attacks from OS vulnerabilities over and over anyway...so
                  by using another firewall you aren't ensuring better protection if you
                  happen to be lax with updates - and I've seen that plenty.

                  What most experts agree on is that they wish Windows XP's firewall took
                  care of outbound connections, and it really doesn't. It attempts to
                  prevent you against being attacked by other machines on the Internet or
                  network, etc.

                  There is something that is also very important to mention when it comes
                  to every single firewall out there: "most people mis-use them", and
                  that's me, quoting myself.

                  I've gone to countless service calls, businesses, end users, etc. where
                  people have their machines so botched up because of things that they
                  have denied through their firewall. Rules for stopping parts of the
                  TCP/IP stack, rundll32.exe when it needs legitimate access, print
                  spoolers for network printer access, etc.

                  They deny so much "stuff" (because its use is unknown to them) that they
                  end up crippling the performance and functionality of their PC's.
                  Therein lies the reason (in many people's opinions, including my own)
                  that Microsoft continues to deny making a firewall that analyzes
                  outbound traffic. If you are unsure of the connection, most people
                  "play it safe" and block it.

                  Take this for what it's worth, but it's worth keeping in mind when
                  making a decision on what to do for your firewall situation.

                  hsavage wrote:

                  > Almost any of the reviews and/or opinions of the "EXPERTS" that test
                  > software and write the articles about firewall programs seem to be
                  > united against the use of "Windows Firewall".
                  >
                  > >From the never-ending number of reports of security holes in the
                  > Windows OS I tend to believe the "EXPERTS".
                • Scott Fordin
                  FWIW, I ve had good luck with both Panda Internet Security 2008 and Norton Internet Security 2008. Installing either of them will automatically give you the
                  Message 8 of 14 , Jan 10, 2008
                  • 0 Attachment
                    FWIW, I've had good luck with both Panda Internet Security 2008
                    and Norton Internet Security 2008. Installing either of them will
                    automatically give you the option to disable the Windows XP
                    firewall (do it) so there aren't two potentially conflicting
                    firewalls at work. I used to use ZoneAlarm, but became less than
                    thrilled with later versions, starting about two years ago.

                    Scott

                    Brian Binder wrote:
                    >
                    >
                    > I will comment on this particular comment, just for the benefit of the
                    > group.
                    >
                    > Keep in mind, that most firewall programs have vulnerabilities, whether
                    > they are based on the security of the OS or a problem with their code in
                    > specific. Even Zone Alarm falls prey to both, so if you aren't in a
                    > habit of keeping Windows XP up to date on patches, your firewall will
                    > fall prey to attacks from OS vulnerabilities over and over anyway...so
                    > by using another firewall you aren't ensuring better protection if you
                    > happen to be lax with updates - and I've seen that plenty.
                    >
                    > What most experts agree on is that they wish Windows XP's firewall took
                    > care of outbound connections, and it really doesn't. It attempts to
                    > prevent you against being attacked by other machines on the Internet or
                    > network, etc.
                    >
                    > There is something that is also very important to mention when it comes
                    > to every single firewall out there: "most people mis-use them", and
                    > that's me, quoting myself.
                    >
                    > I've gone to countless service calls, businesses, end users, etc. where
                    > people have their machines so botched up because of things that they
                    > have denied through their firewall. Rules for stopping parts of the
                    > TCP/IP stack, rundll32.exe when it needs legitimate access, print
                    > spoolers for network printer access, etc.
                    >
                    > They deny so much "stuff" (because its use is unknown to them) that they
                    > end up crippling the performance and functionality of their PC's.
                    > Therein lies the reason (in many people's opinions, including my own)
                    > that Microsoft continues to deny making a firewall that analyzes
                    > outbound traffic. If you are unsure of the connection, most people
                    > "play it safe" and block it.
                    >
                    > Take this for what it's worth, but it's worth keeping in mind when
                    > making a decision on what to do for your firewall situation.
                    >
                    > hsavage wrote:
                    >
                    >> Almost any of the reviews and/or opinions of the "EXPERTS" that test
                    >> software and write the articles about firewall programs seem to be
                    >> united against the use of "Windows Firewall".
                    >>
                    >> >From the never-ending number of reports of security holes in the
                    >> Windows OS I tend to believe the "EXPERTS".
                    >
                    >
                  • Alan C
                    I use Linux with its own open source iptables firewall on the internet. I don t use my Win beyond my LAN. (that s, for 4 to 5 years now or longer, my
                    Message 9 of 14 , Jan 10, 2008
                    • 0 Attachment
                      I use Linux with its own open source iptables firewall on the internet. I
                      don't use my Win beyond my LAN. (that's, for 4 to 5 years now or longer, my
                      personal solution to the Win internet security issue).

                      For emailing and web browsing my friends use the Linux of their dual boot
                      machine -- and its other OS is Win XP for use but except for rarely if ever
                      on the internet.

                      For their Win XP laptops and the one mentioned XP desktop, my friends just
                      some weeks ago installed Norton 2008 internet security suite and have had no
                      problem with it whatsoever.

                      For several or more years now, my friends have been using Norton -- in 2007
                      the Norton they purchased came with virus protection and its own personal
                      firewall which we used (turned off the XP built in firewall)

                      In 2006 the Norton they purchased was for virus protection only though it
                      also monitored and notified if and which firewall is on or off. I set up
                      this Norton on his XP laptop and I installed Zone Alarm and turned off the
                      builtin XP firewall. This setup lasted them without incident through 2006
                      up to the begin of 2007.

                      What originally prompted my friends to increase their security is his Win XP
                      laptop got (very -- as in totally, no longer useable anymore) severely
                      compromised when using just the builtin Win XP firewall. That was 2005 or
                      2006 when they first then subsequently bought the Norton.

                      Same laptop got very severely (wasted, again) compromised in 2007 (yes it
                      had the mentioned Norton on it then). Though they wouldn't admit to it --
                      they have a teenage son. I think the son and his teenage friends were
                      turned loose on this laptop on the internet -- without any adult
                      overseeing. I fixed it, saved their data, restored from a previous disk
                      image file, copied back their data, updated the Norton.

                      The only difference after that is "users of the laptop *must* get involved
                      here" (I let 'em have it, bang). They were more cautious/careful -- got
                      them through the remainder of 2007 without another incident. (just because
                      it has Norton on it is not a panacea).

                      Given if the users are educated enough and cautious enough, it is probable
                      that the builtin XP firewall would or could suffice. But I think this a
                      tall order due the huge amount and the height of sophistication of phishing
                      and social engineering taking place all of the time these days. All it
                      takes is one little slip up by the user -- which could get something
                      illegitimate installed that would then begin making outbound requests from
                      within -- the builtin XP firewall is now useless, totally worthless, at this
                      point.

                      Another point to mention is running with user versus administrator
                      privileges.

                      My friends are not at all much computer literate. I set up a user and asked
                      them to try it to see if it would do everything they need. They (very busy
                      people) just take the easiest path -- faster and easier to use the default
                      administrator account rather than try something new.

                      Due that lack of cooperation on their part and my time constraints, they
                      still run all their XP machines with admin privileges. (I'm certain that
                      this admin privilege contributed to their mentioned 2007 contamination).

                      --
                      Alan.


                      [Non-text portions of this message have been removed]
                    • Alan C
                      On Jan 10, 2008 11:15 AM, Alan C wrote: Another point to mention is running with user versus administrator ... Theoretically, if a user
                      Message 10 of 14 , Jan 10, 2008
                      • 0 Attachment
                        On Jan 10, 2008 11:15 AM, Alan C <acummingsus@...> wrote:

                        Another point to mention is running with user versus administrator
                        > privileges.


                        Theoretically, if a user is not allowed to install software (not even to a
                        user area of the disk) *and* if the user is not whatsoever allowed to change
                        any web browser security related settings.

                        Then, if the administrator (with a very secure admin password) had
                        adequately and sufficiently and securely enough "set up the machine for this
                        user" then the built in XP firewall should suffice alright (for this user)
                        given this case scenario. *And* that the administrator rarely, if ever,
                        logs on (does so only when needed for sys maintenance).

                        Linux is natively already oriented towards just such a case scenario as what
                        I just mentioned. Windows, on the other hand, for ages, ran contrary to my
                        mentioned case scenario.

                        Bill Gates for the longest time said "people want usability over security".

                        Thus the (Win) default account being the administrator privileged account.

                        AFAIK the native Linux firewall does just what (the same as) the built in
                        Win XP firewall does.

                        I think a person would need to purchase commercial software for their Linux
                        so as to get the type of checking that (for instance) Zone Alarm does
                        (monitoring of applications that might seek to do outbound request).

                        Linux is natively locked down like my mentioned case scenario whereby
                        "nothing illegitimate can get installed" and therefore there will be no
                        illegitimate outbound requests which makes it so that there is no need to
                        monitor apps that potentially can do outbound requests.

                        Perhaps I've been partially in the wrong by not (not enough anyways)
                        attempting to admin my friend's Win XP so as to make their Win comply with
                        my mentioned case scenario or what I've termed as the "Linux is natively
                        locked down." (takes too much time [need to learn etc.] is the excuse so
                        far for not making their Win to be like my mentioned case scenario or Like
                        Linux with respect to the security model).

                        --
                        Alan.


                        [Non-text portions of this message have been removed]
                      • Gerard Huijing
                        ... This remark re WinXP native firewall and Linux firewalls may be a bit confusing, but maybe you mean something quite different than what the message appears
                        Message 11 of 14 , Jan 13, 2008
                        • 0 Attachment
                          Alan C wrote:
                          >
                          > AFAIK the native Linux firewall does just what (the same as) the built in
                          > Win XP firewall does.
                          >


                          This remark re WinXP native firewall and Linux firewalls may be a bit
                          confusing, but maybe you mean something quite different than what the
                          message appears to say.

                          The firewalls in the Linux distributions I know of come with a set of
                          preconfigured rules that regulate both incoming and outgoing traffic. In
                          other words, they are two-way firewalls and Windows' own firewall, in XP
                          at least, is not. This the reason why I have immediately switched it off
                          and use a proper (software) firewall instead, in my case Agnitum Outpost.

                          Cheers,
                          Gerard
                          --
                          Gerard (E.G.P.) Huijing
                          2312 ZD Leiden
                          Netherlands
                          inboxgen@...
                        • Alan C
                          ... ? ... What Linux distros are you refer to since I know some distro that do not even ship with a firewall (one must provide their own firewall). I use
                          Message 12 of 14 , Jan 13, 2008
                          • 0 Attachment
                            On Jan 13, 2008 6:52 AM, Gerard Huijing <inboxgen@...> wrote:

                            > Alan C wrote:
                            > >
                            > > AFAIK the native Linux firewall does just what (the same as) the built
                            > in
                            > > Win XP firewall does.
                            > >
                            >
                            >
                            > This remark re WinXP native firewall and Linux firewalls may be a bit
                            > confusing, but maybe you mean something quite different than what the
                            > message appears to say.
                            >
                            > The firewalls in the Linux distributions I know of come with a set of
                            > preconfigured rules that regulate both incoming and outgoing traffic. In
                            > other words, they are two-way firewalls and Windows' own firewall, in XP
                            > at least, is not. This the reason why I have immediately switched it off
                            > and use a proper


                            ?


                            > (software) firewall instead, in my case Agnitum Outpost.


                            What Linux distros are you refer to since I know some distro that do not
                            even ship with a firewall (one must provide their own firewall).

                            I use Slackware and Debian. And I maintain a CentOS 4.6 box for my friends.

                            Ok, I should have limited my comment in my former post, more specifically to
                            "Linux distros that I myself use" because what I said now absolutely
                            applies.

                            proper? I definitely agree with you on that one for Win XP but not for the
                            Linux distros that I use.

                            What's "proper" is what's needed according to the overall or bigger picture
                            context.

                            Perhaps you missed my point?

                            My point was: if it's not even possible for something illegitimate to get
                            installed -- then -- there will never ever be any illegitimate outbound
                            requests therefore a "proper" firewall in this case is one with
                            characteristics just like the native Win XP firewall since in this (Linux or
                            *maybe* a tightened Windows system) case there is no need, not ever, to
                            monitor for potential illegitimate as to the or any outbound requesting sort
                            of apps

                            IOW (due the overall or bigger picture construct, I used the Linux (*distros
                            that I use*) security model as an example) if there can't be, not even the
                            possibility of illegitimate outbound then there's no need to monitor (using
                            firewall) for something that cannot happen.

                            Greater separation of user versus root or administrator. Run all the time
                            as a "user".

                            User is not privileged enough to install software nor alter any www related
                            security things.

                            User can't do anything but use. For anything else, root or administrator
                            must be logged onto. (as in separate accounts to log onto, each of the
                            mentioned separate account with drastically different in the way of
                            privileges or the amount of power of what is allowed to do).

                            So, once again, what sort of firewall is needed is dependent upon how tight
                            or how loose you are, security wise, in the mentioned overall or bigger
                            picture. That was the point that I was attempting to make.

                            But my intention here is not to advocate that "thus and such requires the
                            use of (whatever)"

                            But, to me, (mainly, anyways, the intention or point that I attempt here to
                            get across) that the concept of computer security that there are many many
                            components or ingredients that can make for and which can also make for the
                            lack of computer security. (a software) Firewall is *only one* of such
                            components or ingredients.

                            Even the built in Win XP firewall "monitors" outbound -- it does so for the
                            purpose to only allow back in what had been initially requested from within
                            -- oh, well, too bad if it was an "illegitimate outbound request that was
                            initiated from within (no protection)"

                            So, such built in XP firewall monitors outbound and inbound.

                            So does your mentioned Agnitum.

                            The difference is that the Agnitum also monitors for the potential of
                            "illegitimate requests that are outbound requests that are initiated from
                            within".

                            --
                            Alan.


                            [Non-text portions of this message have been removed]
                          • Gerard Huijing
                            ... Fedora, and openSUSE. I have used several other distributions in the past (ZenWalk, Vector among others) I will stick to the first two: they have a
                            Message 13 of 14 , Jan 13, 2008
                            • 0 Attachment
                              Alan C wrote:
                              >
                              >
                              > What Linux distros are you refer to since I know some distro that do not
                              > even ship with a firewall (one must provide their own firewall).
                              >
                              > I use Slackware and Debian. And I maintain a CentOS 4.6 box for my friends.

                              Fedora, and openSUSE. I have used several other distributions in the
                              past (ZenWalk, Vector among others)
                              I will stick to the first two: they have a configuration file that
                              regulates inbound and outbound traffic. It is configured on the basis
                              of choices offered by the install program. ("Do you want this machine to
                              provide ftp services?" etc.).

                              If I tested my service ports after I had installed (which I alway did),
                              e.g. with Gibson Shields Up, the report would be with SUSE: all ports
                              stealthed (DROP) except 113 (IDENT) which was closed (REJECT). ICMP echo
                              requests from outside to the firewall were rejected. I could choose to
                              stealth 113, and change the other rule: DROP the pings). I always did
                              that too. Mine is a stand alone PC and I had no problems (although the
                              documentation says that changing these settings can have adverse effects).

                              When you install SUSE or Fedora that configuration file (essentially a
                              script for iptables) is also generated. On those grounds I would say
                              that a firewall is in place to start off with.

                              > proper? I definitely agree with you on that one for Win XP but not for the
                              > Linux distros that I use.

                              I used "proper" because I have read so many criticisms of the XP
                              firewall saying exactly that: "Yes, indeed XP has its own firewall but
                              it's not a *proper* one: it only monitors inbound".

                              >
                              > What's "proper" is what's needed according to the overall or bigger picture
                              > context.

                              I quite agree.

                              > Even the built in Win XP firewall "monitors" outbound -- it does so for the
                              > purpose to only allow back in what had been initially requested from within
                              > -- oh, well, too bad if it was an "illegitimate outbound request that was
                              > initiated from within (no protection)"

                              Precisely! It's the unnoticed illegitimate ones I am worried about.
                              Thank you for the more precise description of what is going on in XP
                              firewall BTW.

                              Your point was, very much in a nutshell: the situation WinXP plus native
                              FW is comparable to Linux 'sec' with some essential qualifications
                              regarding the whole implementation of the OS, which make Linux so much
                              safer to start with.

                              I quite agree, again. I know that the situation in ArchLinux or FreeBSD
                              is like the one you have in mind. You have to install and configure your
                              firewall yourself, from scratch.

                              I quite enjoy trying to figure out iptables rules myself (after all I
                              can only screw up my own PC), but I am also very happy that openSUSE and
                              Fedora give me some safe settings to start off with.


                              Cheers,
                              Gerard





                              --
                              Gerard (E.G.P.) Huijing
                              2312 ZD Leiden
                              Netherlands
                              inboxgen@...
                            • Alan C
                              ... Red Hat 8.0 was my first Linux. Then Red Hat 9.0. Then Fedora Core 1 and 2. Then I tried Slackware 9.0 or 10.0. I liked it. But then I hated it. But
                              Message 14 of 14 , Jan 13, 2008
                              • 0 Attachment
                                On Jan 13, 2008 2:29 PM, Gerard Huijing <inboxgen@...> wrote:

                                > Alan C wrote:
                                > >
                                > >
                                > > What Linux distros are you refer to since I know some distro that do not
                                > > even ship with a firewall (one must provide their own firewall).
                                > >
                                > > I use Slackware and Debian. And I maintain a CentOS 4.6 box for my
                                > friends.
                                >
                                > Fedora, and openSUSE. I have used several other distributions in the
                                > past (ZenWalk, Vector among others)
                                > I will stick to the first two: they have a configuration file that
                                > regulates inbound and outbound traffic. It is configured on the basis
                                > of choices offered by the install program. ("Do you want this machine to
                                > provide ftp services?" etc.).


                                Red Hat 8.0 was my first Linux. Then Red Hat 9.0. Then Fedora Core 1 and
                                2.

                                Then I tried Slackware 9.0 or 10.0. I liked it. But then I hated it. But
                                then I liked it.

                                It was all about how much Unix/Linux acclimated I was back then.

                                Near 2001 'till now be near 7 years since I first began my Linux foray.

                                Since Slackware 10.2, Slackware has been my first go to distro (it's
                                Slackware 12.0 now) (I no longer have the hate periods -- it's now all "I
                                like it").

                                It a very fun distro to customize to your own personal liking. (lots of
                                community support for this distro). Once got (grasp) Slackware, am now
                                acclimated to the Unix/Linux way.

                                Slackware ships without a firewall. I use:

                                http://www.slackware.com/~alien/efg/

                                (rather powerful, loads many security related kernel modules).

                                I also use:

                                http://firehol.sourceforge.net/

                                I once used a Debian package of that one on Debian.

                                Debian is just for practice -- to keep me on my toes. I boot it only about
                                20% of the time. Slack gets the other 80%.

                                My friend's CentOS gives me some akin the direction of Fedora/Red Hat.
                                After a while (no rush) I may put Debian or Slackware on my friend's box (so
                                I don't have to scratch my head about CentOS things when I work on it).

                                <snipped>

                                I quite enjoy trying to figure out iptables rules myself (after all I
                                > can only screw up my own PC), but I am also very happy that openSUSE and
                                > Fedora give me some safe settings to start off with.


                                I stay away from iptables rules (never end up with enough time to dedicate
                                to it so as to learn it). I'm thankful that many various configurator tools
                                for the task exist.

                                --
                                Alan.


                                [Non-text portions of this message have been removed]
                              Your message has been successfully submitted and would be delivered to recipients shortly.