WinXP "firewall"...
- Windows XP Home edition installed on a new HD with no networking.
- Ethernet uplugged until after XP installed, all updates applied and XP "firewall" enabled.
Ok, it wasn't exactly a 'default' install. To give Windows a slight advantage, I applied all OS/IE/etc updates and had the XP "firewall" enabled before I plugged in the ethernet cord. Then, I went to get some coffee. . . By the time I got back (less than 1 minute), netstat showed almost 100 active connections to the machine and there were already multiple trojans, adware and some kind of IRC proxy installed.
So, I pulled the ethernet, cleaned the drive and installed "normally" with a real firewall installed prior to networking, but I'm still left wondering what (if anything) XP's built in "firewall" does? I haven't looked at logs or docs of any kind yet, but there's no doubt that XP's firewall didn't stop communication to/from a large range of ports, none of which is needed for "normal" operation. Not only that, but there was not a single dialog box or warning of any kind displayed by XP at any point.
Having run both Linux and Win2000 servers for years, I'm familiar with using IPSecurity to lock down a Windows server just as well as IPTables for linux, so I know Microsoft could create tools allowing a reasonably secure install out of the box. The question is: "after all this time and bad press, why haven't they"? I'm pretty sure a large percentage of end-users installing XP at home (not to mention some "mom and pop" PC shops) are going to follow the default instructions on the CD and the bottom line is those users are almost guaranteed to become spam/virus/Dos hosters within a manner of minutes after they plug into the net.
With subnet blocking due to repeated hack attempts by trojaned users a nearly daily occurance, how soon before we reach the time when applying drastic security measures to public networks (like requiring external security certification before allowing connections) is the only logic step?
