[Dshield] Opinons on XP Internet Connection Firewall (ICF) sought
Johannes B. Ullrich
jullrich at sans.org
Sun Apr 4 18:29:20 GMT 2004
> > ICF is an excellent personal firewall and will prevent most attacks
> > from the Internet. However, the lack of granular control makes ICF
> > much too restrictive for power users. So, as they say, you can’t live
> > with it, you can’t live without it.
well, I agree with that assessment. ICF is great for 80% of the users,
while the remaining 20% may want to look for something else (e.g.
From a DShield perspective, I like that ICF generate rather nice and
easy to parse logs. I hope they are not going to mess with them with
SP2 (can someone who has the beta check?)
ICF is a great tool for a stand alone system.
One caveat: ICF has an API that will allow software to open/close
ports for you. ICF is not intended to protect you from outbound
connections! Once you have your malware installed, ICF won't help
you much. But while other firewalls go through great lenghts to avoid
outbound connections, they can usually be bypassed.
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040404/c767f5e7/attachment.bin
More information about the list