Re: OT: Laptop sufficent for Vista?

The message <VA.000014ec.1fd5d9a2@xxxxxxxxxxxxxxxx>
from Daniel James <wastebasket@xxxxxxxxxxxxxxxx> contains these words:

In article news:<313030303737303648C4361178@xxxxxxxxxxxxxxxx>, Johnny B
Good wrote:
... although you can configure winXP to _look_ like win2k,
there is one notable behaviour (when you prefer explorer to open each
folder in a seperate window), that gives the game away.
[snip]
... the winXP version of explorer [lacks] the intelligent default
window sizing for previously unaccessed folders ...

True. That's been discussed before and I'd forgotten. I never use the
setting that automatically creates more windows than I could ever
possibly want when I traverse the folder tree.

... winXP's built in firewall (which, btw, is a perfectly
adequate one) ...

As I said: it is just barely adequate. It does what's absolutely
required and no more. It is not sufficiently configurable to claim more
than that, and doesn't do the logging one would normally expect of
anything deserving of the name "firewall".

... is a major contributor to winXP's lethargic performance.

My own experience doesn't suggest that ... though I'm sure there is an
effect.

Possibly not as bad as I'm making out (but hey, I'm just trying to
justify why XP is a snail compared to 2k :-).

Third party firewall software (totally redundent on a winXP box,
imho) is an even worse drag and doesn't really offer any more
protection despite the claims made to the contrary.

Zone Alarm used to be OK, but has become intrusive bloatware. I use an
old version of it on my (Win2k) ThinkPad when I'm away from home. Other
third party firewalls may now be better ... I don't think any of the
major ones is actually worse than the XP firewall, except in terms of
bloat.

Anyone relying on a third party firewall to alert them to the
existence of malware attempting "To Phone Home", is,imho, living in
a fool's paradise since the really nasty malware is likely to be
quite capable of disabling such notifications (or, indeed, the
firewall protection itself).

Well, true up to a point ... you can't beat a router (a router with a
secure admin password uPnP disabled, so the malware can't just open the
ports it wants) at what a router does best ... but a s/w f/w is better
than no f/w at all, and a s/w f/w that /hasn't/ been subverted can
selectively block malware while allowing legitimate software to work,
which an external router can't.

... it would be far better to invest a smaller amount of CPU
time in a more direct form of protection such as a lightweight, but
competent, AV product and SpyBot S&D to close the major hole (the web
browser) by which such threats arrive onto the system.

You can't close that hole completely while software has bugs in it. All
you need is a page with a browse-by exploit of the browser (or some
browser plug-in) and all bets are off ... at least until spybot and the
AV software are updated to recognize the malware in question (and if
malware can be clever enough to disable a firewall it can certainly be
clever enough to disable an AV product).

I've seen plenty of examples of that last malware 'trick'. The plain
fact is that
no such protection can be totally relied on to be proof against such
threats. At the end of the day, it's up to the end user to be alert to
this situation and have some sort of contingency plan to hand.

The biggest disservice any such security software can do is to claim it
is "_your_one_stop_fit_'n'_forget_" solution to the problem. It is the
_forget_ nature that misleads the trusting into believing their PC is
always and forever protected provided they keep renewing the
subscription.

If you make it too easy to 'keep a PC protected', it's likely to fall
victim to the next rampant "Zero Day Threat" with disasterous
consequences. Although SpyBot's lack of total automation of its update
mechanism might be regarded as a downside by the uninitiated, the fact
that it needs minimal involvement (a once or twice a week check for
updates) helps keep the ever present threat reasonably uppermost in the
user's mind. Since security is as much a state of mind as much as the
deployment of any of the AV and internet security software, this is no
bad thing.

If you have to expose your notebook to the dangers of internet cafe
WiFi hotspots ...

It's not just internet cafe WiFi ... *any* direct internet connection
is a risk -- that includes all WiFi apart from your own router, all
dial-up connections, connections over mobile phone networks ... the
lot.

In which case, you're left with no choice other than to cross fingers
or forgo such services.

It's fairly difficult to do business in the modern world without using
some or all of those!

I was replying to Philip Herhily's comment that he liked XP for the
firewall, and all I said was that you do *need* to have a firewall
somewhere in your setup and that XP's is barely adequate.

I'd say that you were implying that third party firewall software
provides better protection.

Not better protection /per se/ but more configurable protection and
logging.

If the said firewalling is done efficiently, then it becomes a
worthwhile feature to have.

If you are connecting your computer directly to the internet a firewall
is essential -- as long as it works -- whether it is done efficiently
not.

The price paid for such direct connections. No argument over such a
need in that circumstance. However, for a home lan connected machine,
you can offload the firewall onto the gateway router (strong password
and UPnP disabled).

Firewalling code embedded into the OS kernel should be the most
efficient, but I don't trust microsoft to get this right.

Most efficient and most effective ... if done right (on which point I
agree).

Even so, turning off winXP's firewall in favour of an add on third
party one seems ludicrous to me, knowing how much of a drag such
code has on the system.

It's not my experience that third party firewalls impact performance
significantly more than the XP one (if at all) ... but I haven't made
careful measurements, and I haven't tried the crap ones! When I set up
XP for others I tend to leave them with the XP firewall unless I know
that they are likely to appreciate the superior flexibility and
reporting facilities of another product. I used to recommend the free
ZA over the firewall in original XP, but I think the XP one now does
the job OK (since about SP1) and ZA has become a bloatfest.

WinXP's firewall has improved considerably over each successive SP
update. SP2 further improved the firewall behaviour so that it doesn't
unduly interfere with resource sharing over the LAN as it most
definitely used to do with pre SP1 (which was most likely the main
reason it wasn't enabled by default until SP2).

I use (an old) ZA myself on my laptop because it runs Win2k and so
doesn't have a built-in firewall. I'm not sure what I'd do if I changed
to XP -- probably use the XP firewall, but I'd take a longer and more
careful look at the available third-party offerings before making up my
mind.

... microsoft's abuse of their customers' trust (eg the Windows
Genuine (dis)Advantage tool and the sneaking in of the IE7
update as a critical update).

I agree that the IE7 thing is bad.

OTOH I do have some sympathy with MS over "Genuine (Dis)advantage" ...
it's not that they don't trust their /customers/ but rather that not
all their /users/ actually are customers.

Actually, I too see the need for WGA. In fact, imposing copyright
protection measures at the point of deployment rather than at the making
of backup copies of the install media is a far more sensible strategy.

Then again: security patches for Windows don't only benefit the user of
the patched machine, but also all the users whose machines don't get
probed, portscanned, spammed, and infected by that machine because it
has been patched and so can't be made part of a botnet. Withholding
security updates from users whose OS is unlicensed (or doesn't appear
to be licensed) does a disservice to the whole internet not just the
user of the unlicensed OS.

Microsoft's policy regarding unlicensed installs (which, btw, they
include as part of their sales figures) of allowing automated critical
patches and updates is the only option they had, otherwise they would
have been accused of such a disservice. To have done otherwise would
have been a very bad move on the PR front.

--
Regards, John.

Please remove the "ohggcyht" before replying.
The address has been munged to reject Spam-bots.

.

Relevant Pages

  • Re: Malware
    ... it does not show that it includes Malware protection but the Security Centre shows that the Malware protection is on all the time and only disappears when I get the warning on the Taskbar. ... The warning disappears if I restart the computer and then the Security Centre show that the Malware protection is on. ... It is still considered by everyone whose opinion matters to me an "adequate" firewall. ...
    (microsoft.public.windows.vista.security)
  • Re: Cant Firewall/Remote
    ... worm protection that will block inbound connections. ... will not start in Safe Mode but then the Windows Firewall might. ... some basic network troubleshooting such as try pinging your computer by IP ... I already scanned for malware and viruses, ...
    (microsoft.public.windowsxp.security_admin)
  • Presentation: Bypassing client application protection techniques with notepad
    ... Bypassing client application protection techniques ... Kerio Personal Firewall 4.0 ... Last years were revolutionary for network services infrastructure ...
    (NT-Bugtraq)
  • Presentation: Bypassing client application protection techniques with notepad
    ... Bypassing client application protection techniques ... Kerio Personal Firewall 4.0 ... Last years were revolutionary for network services infrastructure ...
    (Bugtraq)
  • [Full-Disclosure] Presentation: Bypassing client application protection techniques with notepad
    ... Bypassing client application protection techniques ... Kerio Personal Firewall 4.0 ... Last years were revolutionary for network services infrastructure ...
    (Full-Disclosure)