Windows Firewall, enabled by default in XP Service Pack 2, is expected to make it harder for worms like Blaster or Sasser to spread to XP desktops in future, by blocking incoming potentially malicious traffic.
Competing vendors are now warning that Windows Firewall, is limited in the amount of security it provides. Their own firewall products are mostly being redesigned to deactivate the Microsoft firewall.
With Windows Firewall, it’s our opinion that it’s better than no firewall, but probably not a whole lot better, said Chad Harrington, director of enterprise products at Zone Labs, a unit of Check Point Software Technologies Ltd.
ZoneAlarm and Personal Firewall Plus from McAfee Inc will now both automatically turn off Windows Firewall and turn it back on again when uninstalled. Symantec Corp’s Norton Personal Firewall will have this as the default install option.
McAfee senior director product and partner management Brent Lyman said that running two firewalls together creates unnecessary redundancy. Lab tests show the two can work together, but deployment in the field can be unpredictable, he said.
Symantec’s director of product management Laure Garcia-Manrique said: Not for compatibility reasons, but for performance reasons, we recommend that users do not run two firewalls on the same system.
McAfee’s Lyman pointed out that Windows Firewall will not have all the same levels of protection as most commercial personal firewalls. It does not, for example, allow users to control which applications can have internet access.
Zone’s Harrington said that Windows Firewall can stop applications from listening on ports, accepting unsolicited incoming connections, but it cannot stop an application initiating a session from the desktop and receiving replies.
Some application developers have designed ways to circumvent this into their software, he said. An instant messaging application that was prevented from listening for incoming connections could instead create an HTTP connection to an internet server, he said.
Microsoft has also opened APIs that allow programs to turn the firewall off, or add themselves to the exceptions list. It can be easily disabled by malware, said Harrington. [Windows Firewall] may give a false sense of security.
He also claimed the software treats other computers on the same subnet as trusted, which could cause issues for, for example, cable modem users who share the same pipe. You’re not firewalled from your neighbors, Harrington said.
Another customer-facing component of SP2 is the Security Center, an interface that shows the user the status of their security software. McAfee, Zone, Trend and Computer Associates all said their software is compatible with this.
Garcia-Manrique said Symantec’s software has tamper-prevention features that prevents third-party applications from reading its status, but that it will ship a patch sometime this week that will allow Security Center compatibility.
