[Dshield] Opinons on XP Internet Connection Firewall (ICF) sought

Johannes B. Ullrich jullrich at sans.org
Sun Apr 4 18:29:20 GMT 2004


> > ICF is an excellent personal firewall and will prevent most attacks 
> > from the Internet. However, the lack of granular control makes ICF 
> > much too restrictive for power users. So, as they say, you can’t live 
> > with it, you can’t live without it.

well, I agree with that assessment. ICF is great for 80% of the users,
while the remaining 20% may want to look for something else (e.g.
Zonealarm). 

From a DShield perspective, I like that ICF generate rather nice and
easy to parse logs. I hope they are not going to mess with them with
SP2 (can someone who has the beta check?)

ICF is a great tool for a stand alone system. 

One caveat: ICF has an API that will allow software to open/close
ports for you. ICF is not intended to protect you from outbound
connections! Once you have your malware installed, ICF won't help
you much. But while other firewalls go through great lenghts to avoid
outbound connections, they can usually be bypassed.
 


-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040404/c767f5e7/attachment.bin


More information about the list mailing list