[prev in list] [next in list] [prev in thread] [next in thread]
List: patchmanagement
Subject: RE: Microsoft XP SP2
From: "Jerry Bryant" <jbryant () microsoft ! com>
Date: 2004-06-25 23:00:01
Message-ID: 7966E118ADE2494C975356BCE1D5459F0295B4F9 () RED-MSG-41 ! redmond ! corp ! microsoft ! com
[Download RAW message or body]
Susan, you are correct. The documentation we have available is quite
extensive. To answer Andrew's question: if a program (like internet
checkers for example) tries to open a port on your system with the
purpose of listening for an incoming connection, that is what WF will
warn you about. If you accept this, the port will be opened and it will
then be closed when the requesting application quits. Even if you add
this program to your exceptions list, the port will only be opened when
the program requests it. Otherwise it remains closed. You will not get
this pop up when you use a program such as FrontPage to publish to a
remote location. In other words, we are not blocking programs trying to
access the network. Only programs that are trying to open up a port
which allows the network to connect back to you.
Hope that helps.
Jerry Bryant
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no
rights.
-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:sbradcpa@pacbell.net]
Sent: Wednesday, June 23, 2004 6:30 PM
To: Patch Management Mailing List
Subject: Re: Microsoft XP SP2
Ah, good point but even though that may not be blocking to you...it's
still better than the Linksys box that lets it go out no matter what and
thus in my mind does "block". And my point to everyone that we need to
understand the build in different levels that it has.
Bottom line I think we all need to take the time to read the
documentation and not necessarily go by "I heard", "I read". [including
myself] :-)
Jerry Bryant wrote:
>Windows Firewall in XP SP2 does not do any outbound blocking. What it
>does do, and what people commonly mistake as outbound blocking, is ask
>you to approve or deny any program that tries to open a port to listen
>on. This is typical of a program that acts like a server.
>
>See the exceptions list section of this page for more details:
>http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk
.
>mspx#XSLTsection130121120120
>
>Another key feature of the Windows Firewall is boot time security. The
>new static filtering policy at boot time permits only DNS, DHCP and
>Netlogon. The Windows Firewall policy is then applied after logon and
>stays in affect until after the IP stack is shut down.
>
>There are lots of other cool features in WF such as:
>
>
>
>>Improved user interface
>>On by default on all network interfaces
>>Global and per-interface configurations
>>Exceptions list
>>Local subnet restrictions
>>Command line and better group policy management
>>Multiple profiles and RPC support
>>Unattended setup
>>
>>
>
>I recommend a complete read of the documentation about WF here (in
>addition to all the other information about SP2):
>
>http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2chngs
.
>mspx
>
>
>Jerry Bryant
>Microsoft Corporation
>This posting is provided "AS IS" with no warranties, and confers no
>rights.
>
>-----Original Message-----
>From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
>[mailto:sbradcpa@pacbell.net]
>Sent: Tuesday, June 22, 2004 11:12 PM
>To: Patch Management Mailing List
>Subject: Re: Microsoft XP SP2
>
>Click on the firewall in the control panel and you can see the
>settings.....
>
>http://www.winsupersite.com/images/reviews/xp_sp2_winfirewall_01.gif
>
>See the three settings in there especially the "on with no exceptions"
>option?
>
>Bob Daamen wrote:
>
>
>
>>Mike,
>>
>>I agree with you, that if the firewall does do outbound blocking, that
>>having this firewall is a good thing. A lot better than nothing. And
>>firewalls that keep asking questions can prove to be a pain in the
neck
>>
>>
>as
>
>
>>well. All those people calling the helpdesk......
>>
>>I'm starting to question the article at Ziff-Davis that says the
>>
>>
>firewall
>
>
>>does NOT do outbound blocking.
>>Hmmm....strange.
>>
>>No one from Microsoft monitoring this list?
>>
>>Bob
>>
>>-----Original Message-----
>>From: Mike [mailto:mike@superiorholidayadventures.ca]
>>
>>I have been testing SP2 RC2 for about a week now and it has asked me a
>>
>>
>few
>
>
>>times (maybe three times in total) if I want to allow a program
>>
>>
>outbound
>
>
>>network access. It doesn't ask me nearly as much as ZoneAlarm does,
>>
>>
>and has
>
>
>>never asked about any MS programs (IE, SERVICES, etc. My guess is
that
>>
>>
>it's
>
>
>>configured with a base set of rules to explicitly trust (all?)
>>
>>
>Microsoft
>
>
>>programs.
>>
>>It seems like a very rudimentary firewall and IMO that's a good thing.
>>Not for the technical side of things, but MS may see themselves in
>>
>>
>court
>
>
>>again if they make the product too good and end up competing against
>>(read: stifling) other popular firewalls.
>>
>>Mike Fetherston
>>
>>
>>
>>
>>
>>>-----Original Message-----
>>>
>>>By the way,
>>>
>>>Has anyone in the group noticed yet that the Windows Firewall is
>>>
>>>
>>>
>>>
>>blocking
>>
>>
>>
>>
>>>incoming traffic only?
>>>It doesn't do outbound blocking.....
>>>
>>>To my opinion that disqualifies the firewall as it will render
useless
>>>
>>>
>>>
>>>
>>as
>>
>>
>>
>>
>>>soon as a virus/worm has surpassed this level of defense.
>>>
>>>Read about it here
>>>
>>>
>>>
>>>
>>>
>>http://techupdate.zdnet.com/techupdate/stories/main/personal_firewall_
o
>>
>>
>b
>
>
>>so
>>
>>
>>
>>
>>>le
>>>te.html
>>>
>>>Bob
>>>
>>>This e-mail and any attachment is for authorised use by the intended
>>>recipient(s) only. It may contain proprietary material, confidential
>>>information and/or be subject to legal privilege. It should not be
>>>
>>>
>>>
>>>
>>copied,
>>
>>
>>
>>
>>>disclosed to, retained or used by, any other party. If you are not an
>>>intended recipient then please promptly delete this e-mail and any
>>>attachment and all copies and inform the sender. Thank you.
>>>
>>>---
>>>To unsubscribe send a blank email to leave-
>>>patchmanagement@patchmanagement.org
>>>
>>>
>>>
>>>
>>---
>>To unsubscribe send a blank email to
>>leave-patchmanagement@patchmanagement.org
>>
>>This e-mail and any attachment is for authorised use by the intended
>>
>>
>recipient(s) only. It may contain proprietary material, confidential
>information and/or be subject to legal privilege. It should not be
>copied, disclosed to, retained or used by, any other party. If you are
>not an intended recipient then please promptly delete this e-mail and
>any attachment and all copies and inform the sender. Thank you.
>
>
>>---
>>To unsubscribe send a blank email to
>>
>>
>leave-patchmanagement@patchmanagement.org
>
>
>>
>>
>>
>>
>
>
>
--
http://www.sbslinks.com/really.htm
---
To unsubscribe send a blank email to
leave-patchmanagement@patchmanagement.org
---
To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic