I am sick and tired of Zone Alarm causing serious errors on my system so I have been trialling different firewalls.
Outpost was the firewall most recently recommended and is the one I currently have installed on my PC. I have been running it for three days and so far I rather like this firewall. Its user friendly and fairly easy on resources. I noticed that today's log reported that I had been subjected to a number of port scans and one rst attack, all from the same IP address (a fake one). I hadnt done this on this PC before but I decided I would check my defences at GRC.
I had my shields tested and no problem there. My ports were probed and to my horror, I discovered that I had two open ports. Port 135 (Remote Procedure Call) and Port 5000 (Universal Plug and Play service). I downloaded Steve's UnPlug n' Pray utility which solved my problem with Port 5000. I had previously disabled WinXP's firewall but I reenabled it. This solves my problem with Port 135. So far so good. No conficts yet but I guess its early days.
Full Version: WinXP Security
I had used Outpost when it first came out. I used it on 98 and it took me a while to figure out why I couldn't access the web. It seems as though Outpost had decided to deny IE access. It did this without any help from me and it did it quite often.
I also installed Gibson's UPnP when he first released it. This was long before MS decided to do SP1. Funny how 3rd party software is more on time and to the point than MS. Well it's not really funny.
I also installed Gibson's UPnP when he first released it. This was long before MS decided to do SP1. Funny how 3rd party software is more on time and to the point than MS. Well it's not really funny.
Thanks for the info. I was pnp vulnerable too, but not anymore 
You are welcome Ricky. I guess I should have checked with GRC before but I just assumed (because I had a firewall installed) that all ports were stealth.
XP is a security nightmare - ZA reported over 100 hits in the first two hours online this morning.
On my Win95B system I got this at GRC:
Note that this is without a firewall of any kind - the setup has no file/printer sharing, TCP/IP only bound to the NIC and vnbt.386 renamed. I uninstalled ZA on this system because I didn't get a single probe in over a year!
On my Win95B system I got this at GRC:
| QUOTE |
| Your Internet port 139 does not appear to exist! One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion. Unable to connect with NetBIOS to your computer. All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet. |
Note that this is without a firewall of any kind - the setup has no file/printer sharing, TCP/IP only bound to the NIC and vnbt.386 renamed. I uninstalled ZA on this system because I didn't get a single probe in over a year!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.