Urgh… Windows Firewall

During the week WinXP SP2 automatically “upgraded” its built-in “firewall” and broke FTP for me. I couldn’t upload comics or Open Letters without either using another computer (which I did — I colored and uploaded 2 weeks’ worth on Friday and Saturday) or, as I discovered this evening, disabling Windows Firewall.

The exceptions menu includes FTP, and exceptions are enabled — I really don’t see what, other than a bug in M$ code, could be causing this. For now the firewall is back on, and I know how to turn it off when there’s work to be done.

*sigh*

–Howard

ps. Don’t recommend Linux to me, you bozos. I require Photoshop in order to get my job done (not some cheesy-lame GIMPy substitute), and so I must run either Windows or MacOS. Right now I can’t afford to re-purchase everything for the Mac, so its Windows or nothing.

50 thoughts on “Urgh… Windows Firewall”

      1. It should be secure by default. The last time I ran Nmap on one it was a black hole. In the latest incarnation of XP, SP2 it should have all the remote exploits patched. These are the ones where someone can enter your PC without you running any program nor going out on the net.

        If your running IE, don’t. I would highly suggest Mozilla. And then set all security in IE to as high as possible except setting the Windows Update site as trusted.

        You can enter the menu for the Linksys and make sure every incoming port is off.

        I think the internal webserver configuration page is
        http://192.168.1.1

      2. Yeah, like he said. Being behind a LinkSys firewall/router, you’re secure enough that you don’t need the XP firewall crap running. Go ahead and loose the eXPloit firewall and things should work ok.

        Cheers

    1. Windows Firewall

      Can you say BorderManager??? (sorry, had to do it)

      I agree with bibliophage, dump MS’s firewall, it isn’t really doing you much good if you have a decent NAT firewall/gateway running.

      So, here’s the scoop,

      there are generally three things that you need to worry about…

      People getting onto your machine from the ourside by brute force hacking your machine. You shoule be pretty well protected by using a NAT box as long as you have not configured any forwarding ports on the gateway. If you are running a wireless network, and there are local people who might want to do you annoyance, the gateway is useless and you will need a personal firewall. At least in this case the threat woudl have to be really close (like if I lived next door and REALLY wanted to see more Schlock Strips, you would be pretty much out of luck if running a wireless network, from Washington, you are pretty safe from me .) See here for more information (http://www.samspade.org/d/firewalls.html)

      People getting onto your machine from the outside by getting you to put something on your machine and activating it remotly (don’t take candy from strangers) this is mostly protectable by not accepting email attachments that you don’t know about and being carefull of web sites. Setting your IE settings up higher is good to although somewhat annoying sometimes.

      Getting Viruii on your machine (or whatever) and having it do BAD things to you (or others). For the most part, having a firewall and/or a gateway is probably little to no protecting against this.

      Dan

      1. Re: Windows Firewall

        Bad thing is IE *still* will execute remote exploits automatically even with the patching. I think all of them are closed as of 76 milliseconds ago but you never know. We are getting to the point of having exploits written and deployed within 24 hours of finding a flaw.

        Mozilla/Firefox are a good choice but in Windows they too can have problems, they are fixed faster, you don’t have the HactiveX headaches plus all those nasty popups are toast.

        There are still a few places that try to force the use of IE but I’m finding less and less after than NY times ad for them.

  1. The other thing is to make sure that your FTP program is set to use passive mode. The firewall shouldn’t affect that.

    I don’t know what it takes to put the XP built in client to use passive though. The last time I had to do something, I ended up ssh’ing into a BSD box, ftp’ing from there, and using my home samba share to get it to the XP box. Kludgy, but quick.

  2. Getting into a Mac isn’t cheap, even though you probably could drop a Mac mini into your current setup and be productive immediately. You, of all people, should know the benefits of a Unix-based OS over Windows…

    Even so, buying another copy of Photoshop ain’t cheap, and so you’re looking at a couple of kilobucks by the time it’s all said and done. In your current situation, that’s a couple of kilobucks that could go a lot of other, arguably better, places.

    1. Yup. I’ve priced it out, and even with a Mac Mini, I’m out around $2,000 by the time I’ve got my needs met. AND I’ve got a Mac learning curve to deal with for a week or so. Yeah, yeah, it’s intuitive, but Photoshop will work a little differently, and I’m all for making conservative estimates.

      No Mac this go round.

      As to the benefits of *nix OS: none of those benefits translate into benefits for me, because there are downsides as well:

      1) UI — it’s not there yet. It’s good enough for some folks, but not me.
      2) Tools — I need Photoshop. It’s not there yet.
      3) Configuration and Support — don’t get me started. If I had a corporate IT department standing behind me, that’d be another matter entirely.

      Don’t get me wrong: I’m still rooting for Linux, but because of the peculiarities of my career, I have to root from the sidelines for now. Even Sandra’s machine still has to run Windows, thanks to our dependence on Quickbooks. When Intuit discontinued that product on the Mac back in 1999, that was the end of Macs in this house for a while.

      –Howard

      1. Mac OS X *is* Unix.

        I didn’t know they’d dropped Quickbooks for Mac. That sucks…especially since new Macs come with Quicken for Mac – but that’s not gonna be good enough for you, most likely.

        1. I think it’s still supported.

           System Requirements
          
          	
          	Computer: Apple® Macintosh® with G3, G4 or G5 processor
          
          	Operating System: Mac 0S® X (10.2.8 or 10.3.5)
          
          	Memory: 128 MB installed RAM
          
          	Hard Disk Space: At least 100 MB of free disk space
          
          	Monitor: Color monitor with at least 1024x768 minimum resolution and millions of colors
          
          	Printer: 100% Macintosh-compatible printer, if you plan to print invoices, checks, lists, purchase orders, mailing labels, reports or graphs
          
          	Checks: Intuit Checks if you plan to print checks
          
          	
          Integration Requirements
          
          	
          	Excel integration requires Microsoft® Excel X or 2004 for Mac
          
          	E-mail requires Apple Mail® 1.2.5 or 1.3.8; Microsoft® Entourage® X or 2004 for Mac; or Eudora® 5.2.1 or 6.1
          
          	.Mac requires paid .Mac account available separately from Apple Computer, Inc.
          
          	iCal is included in Mac OS X from Apple Computer, Inc.
          
          	System requirements for Aatrix® Top Pay® may differ from those of QuickBooks. For details, see the Aatrix Top Pay documentation
          

          (That’s from the quickbooks.com page for “Quickbooks for Mac”, so I don’t think they’ve dropped support. I’m neither a mac user or a quickbooks user, so I can’t say first hand, that’s just some google-fu on my part.)

  3. gimpy

    During the copious amount of free time you have when you’re rattling around in the house 🙂

    I’d ask that you put out a good rant about the GIMP. When the IFT’s who write it get insulted enough maybe they’ll
    a) Fix the name b) Fix the interface c) Fix the tools or they’ll quit and go cry to mama. Yes I have long term hostility to idiotic usability implementations drooled over by the Linux/GNU crowd.

    I would not recommend Linux to *any* artist/author it’s not for you because I want your art today. 🙂

    It’s so easy to disturb an artists creative flow with ordinary life issues that I’m not f***ing with their PC because that makes them mean.

    It seems like you have a work around for now. I’m not an XP guru but will ask around.

  4. Howard, perhaps you could use the zonealarm free version and disable XP’s firewall entirely? Or as someone else mentioned does your linksys router have a built in firewall?

    My main app is Painter which came with a Mac & PC hybrid CD so I can use it on my Pentium or my Powerbook equally well. Completely agree with you about the Gimp 🙂

    1. No, see, I need PHOTOSHOP. I’ve automated several of the things I do the most often, and that automation saves me hours each week. I don’t mind paying a premium for that application, because it’s been designed with my needs in mind. It’s a very, very flexible, powerful tool with a grip so ergonomic it’s unearthly.

      –Howard

      1. I understand that – wasn’t suggesting you switch, just commenting on a difference between two companies and the way they market their product – Corel gives you win/mac version on the same CD.

        I would never try to convert someone from software they enjoy using and use well, Painter isn’t in the same class as Photoshop at all, it’s designed for a different purpose 🙂

        1. Zone Alarm can and does interact badly with some virus checkers. There was a serious problem with McAfee a friend had that *killed* his entire network. Every machine that had ZA+McAfee died and it too a format and reinstall to fix.

          It appeared to have been a ‘bug’ but could have been deliberate but we’ll never know.

          As best we could tell it was a McAfee problem, their firewall which was needed for the mail and web proxy was at fault but they never admitted it.

  5. I’m sorry to see all the artists being down on the gimp. It has
    come a long way, and it’s to the point now that web devs like
    me can use it fairly well, but the idealistic part of me wishes
    that open source could solve everything. 😉 (FWIW I find the photoshop
    ui to be just as arbitrary and wierd, esp. the way they have things move
    around between versions.)

    Ah well. I first was exposed to Unix’s UI as a green-screen serial terminal,
    so the light years of progress since then on the usability/shiny curve
    sometimes make me wonder what new folks are complaining about. 😉 To
    this day my xterms have black background and something like green75 as the
    foreground.

    1. GIMP sucks so badly it cracked my monitor which is already under high vacuum.

      I hate the name.

      It has no automation that doesn’t take a PhD or a lot of geek freaking

      It has a stupid multi popup window design.

      It has a stupid multi popup window design.

      It has a stup… repeat till you puke.

      Try using a Wacom with it.

      There is no documentation that’s worth spit.

      All I normally do is touch up pictures
      and dislike it.

      1. Your complaint about the name, well… *shrug* Personal preference.
        I could just as easily say that “Photoshop” is retarded since not
        all things that it does center around photography.

        The automation you’re probably right about. I hate LISP, so transitively
        I hate scheme. And the perl integration layer is just a pain in the ass
        to set up from what I’ve seen.

        The UI design is, fwiw, entirely arbitrary. I find the multi-modal
        approach they use to be just as valid as the menu/dropdown approach Adobe
        does. Calling something “stupid” if you don’t like it due to simple
        reasons of familiarity is I think somewhat unsound. I’ll grant that
        the 1.0.x tree had a pretty rough UI, but the later 1.x trees and 2.x
        have cleaned that up a lot IMHO.

        I don’t own a wacom, so I can’t attest to that. I understand that
        their is some integration module for those things and X11 in general
        that may or may not have gone well ported to windows or mac.

        Documentation for an image program is itself an interesting question,
        as I think that it would be difficult to convey in technical writing
        the aesthetic impact of various things (“Slider at X gives you: … Slider
        at X+1 gives you: …”). I do know that several books have been published
        on the gimp and that set includes at least one “gimp for artists” sort
        of text (and cost_of_book + cost_of_gimp << cost_of_anything_commercial). The online gimp docs do
        seem to at least document all the features, and do so in
        multiple languages.

        I’ve used the gimp to do everything from simple image resizes to
        tear apart grossly complex PSD files from our designers to section
        them up for interface usage. I have to say that, for me, it was
        relatively easy going and that I had to consult the manual once
        or twice at most. I’ve also done the same tasks in Photoshop.
        I like Adobe’s layer interface a bit better, but other than that
        (for my purposes), they’re sort of a wash.

      1. And so? Trust me, Photoshop is just as random-
        seeming if you’re not used to their oddities.
        (I recently was reminded of this again, going from
        5.5 to 7.0, and all the little tool icons had moved
        around for no apparent reason.)

        Thre are reasons to dislike the gimp, but I think
        that people generally don’t pick the right ones.
        (e.g. the gimp is totally unsuitable for professional
        print work due to it’s crappy/nonexistant support
        for CYMK color models and RGB/CYMK interconversion.
        I have a hard time actually blaming them for
        that however, given that most of the important
        concepts and algorithms in that problem space
        are patented by none other than Adobe.)

        1. The design flaw of the GIMP is much more basic: there’s no equivalent to the basic Photoshop layering metaphor. Doing everything in Photoshop involves a layer of some sort. I couldn’t find a similar way of thinking about things in the GIMP.

          Yeah, the tools move around from release to release – but they still operate the same way, and have the same underlying philosophy. That’s not true of the GIMP.

          1. But the gimp does support layers? I suspect
            this is one of those basic definitional/
            visual disconnects that the internet is uniquely
            adept at fostering. 😉 I think the difference,
            and this is a subtly that I’ll admit is probably
            beyond my ken as a primarily back-end programmer
            who only occasionally needs to fiddle gui bits,
            is that while the default state of photoshop is
            to layer (i.e. essentially any operation results
            in the generation of a layer, though I can
            think of at least one counter-example [applying
            a drop-bucket fill to the background]), the
            default state of the gimp is to let you continue
            working on the “background” until you ask for
            a layer.

            Honestly, I haven’t noticed any fundamental
            changes in the gimp toolset, only additions
            of new tools or new features to old ones. This
            is not to say that such changes haven’t taken
            place, I don’t use graphics frequently enough
            to have encountered such things. What’s
            changed?

            I will say that one thing I like about photoshop
            that the gimp doesn’t AFAIK support are some of
            the clever keyboard/mouse combinations like
            the effects of ctrl/alt/shift upon the selection
            tool (oh so very handy when cropping out bits
            of a psd layout for inclusion in a frontend).
            I would grant that the Adobe people have spent
            a lot more time and resources on minute but
            important useability tweaks (not suprising,
            given their greater monetary resources for things
            such as formal useability engineering and years
            of lead time over upstart projects formed by
            surly Berkeley undergraduates).

      2. That’s how all of Unix is, you know: a hack stuck with gum on top of a patch, duct-taped to a crack. Anyone who is “old-school” unix will find the hodge-podge-ness of it nearly comforting, and certainly familiar.

        Not that I’m making an arguement for or anything. I like GIMP for the image resizing I do, for LJ avatars and whatnot. And, it is free. I don’t do enough graphical work to care.

        I use it mostly on my windows boxes, btw. I use FreeBSD for apache and squid servers.

        Mostly I wanted to comment on the hodge podge point.

  6. hrm… my wonderful sys-admin hubby bought me an iBook for Christmas… there were some things that we had on our old Dell that were Windows-only… so he set up VirtualPC for me. I can run Windows inside this application, and Windows never knows it isn’t in control of the entire box. That way, if there’s something I’ve done in Windows that I either can’t do on the mac, or don’t know how to yet, I can just start up windows. 🙂 You can install all your windows programs on the windows box that’s running virtally inside the mac, which means you don’t have to buy any new software. My hubby runs FreeBSD, amongst other things, on his. I think this is the link:

    http://www.microsoft.com/mac/products/virtualpc/virtualpc.aspx?pid=virtualpc

  7. XP’s firewall and the SP2 have known issues, especially with dial up. I agree with book. Just disable it. I wouldn’t advise zone alarm or another program like that. Just keep your router happy, your AniVirus updated, and remember to run Spybot and/or Ad Aware every so often.

    Personally, i’d just use Win2K. But that’s cause I hate XP with a passion.

    1. The list is the length of my arm. I’ll lead with:

      1) automation. I save a couple of hours a week with scripted Actions.
      2) key-enabled tools. When I color, I go FAST.
      3) the ability to open a year’s worth of Schlock Mercenary

      1. 1) Script-Fu (List) or Perl-Fu (Perl). I think they also have Python hooks too. I’ve coded the latter, going to have to port tools for the former.
        2) As in area-select and [CTRL][,] to foreground fill everything? I do that myself.
        3) How much memory and disk space do you have? Oh, wait, this is Windows. It reportedly has a 2 Gig filesize limitation on it’s file systems. Gimp 2.0 fixed that for OS’s that don’t have that limitation. If there is support for larger files in Win32 then some work’s needed. I initially filed a bug (#74478) about it back in Gimp 1.2 days on Linux.

        Any more?

        1. Both Script-fu and Perl-fu are notoriously difficult to use.
          What does the GIMP do it you open a few hundred image files at once? (For that matter, what does Photoshop do? I’ve never tried it.)

          1. For most machines, the opening-many-files operation in either program
            causes the machine to, in an analog fashion completely independent
            of the sound card, reenact certain einstürzende neubauten songs
            using grinding noises from the disk as the swap file explodes. 😉

          2. Other renditions of early industrial classics can be
            generated by doing things such as opening a full-page
            newspaper-sized 1200dpi pdf on a machine with 256 mb of
            real memory.

        2. 1) Um, no. I’m not a programmer. I want to record macros, not write Perl. You. Bozo. 🙂

          2) Key-switching between tools: I ride half a dozen keys, to switch between fills, paints, brush-sizes, selection tools, etc. One hand drives tool selection, the other drives the mouse, which never leaves the picture. This took about a day to figure out, and, as mentioned, saves me enormous amounts of time.

          3) I didn’t mean AT ONCE. I meant AT ALL. GIMP can open PSD files? If so, cool. Score one for the GIMP.

          4) I’m tired of this discussion. It’s over.

          1. It’s a little unfair to just say “It’s over” – how can the GIMP ever become the replacement it wants to be, if every discussion of Photoshop vs Adobe contains vagaries and then “It’s over”?

            You could very well be talking to one of the GIMP dev team, who are looking for your professional, Photoshop-using, non-programmer take on things. That’s extremely valuable.

          2. Fair, Shmair.

            Fair, Shmair.

            If the GIMP team wants to talk to me, they can contact me directly. I’ve got work to do. I don’t have TIME to write about how I use Photoshop.

            Besides, a truly professional developer or development team would WATCH end-users, and design product to solve the observed problems, rather than trying to kitchen-sink it through their emails.

            –Howard

          3. Oh, and those weren’t vagaries. Any developer worth his salt could look at item #1 and item #2 on my list and know where his product is defective/deficient.

            Sadly, many Open Source programmers are too emotionally attached to their pet projects to admit that the deficiencies and defects are serious enough to merit attention. It may seem heretical to suggest it, but what they need are managers and market researchers.

            –Howard

          4. Your item 2 reminds me of … well, I should admit that this is one of my stock rants.

            Back in my undergrad years, I learned CAD on a program called CadKey, version 6 for DOS. It had a beautiful UI — all the commands were in menus that were limited to 9 items or less (with the most commonly used options towards the top), and you could access each item on the menu by hitting the relevant function key, or go back to the top of the menu by hitting ESC.

            Want to draw a line, from endpoint to endpoint, snapping to the ends of existing lines? The left-hand hits ESC-F1-F1-F3, the right hand mouse-clicks the approximate locations of the ends, and there’s the line. Want an arc, three points, from cursor location? ESC-F1-F2-F1, click click click.

            This was simple. And, more importantly, this was really really fast.

            But then came Windows. And they redesigned the interface on the Windows version so that it uses normal Windows pull-down menus, and the function keys don’t work, and my productivity on it dropped by about 90 percent.

            Eight years later, I’m still bitter.

            (On item 4: sorry; I hope my rant isn’t a bother, since I’m not asking you to defend your choice to use Photoshop.)

  8. Who says you have to do your creative work and your networking work on the same computer?

    Seriously, I know you’re used to the simplicity of FTPing your work up to your webserver directly from your creative PC, but that’s not the only way to do it.

    A truly paranoid artist might isolate the creative PC from the ‘Net entirely, and “sneakernet” the finished files via, say, a flash-ram ‘thumb-drive’ to a box which is connected.

    It doesn’t take much horsepower to run GNU/BSD/*ix, so an out-of-date commodity PC would do. Add a KVM box and you don’t even need to get out of your seat; just move the USB thumb drive from one slot to another.

    Or, you could do what you’re already doing, and not worry about technology 😛

    ~Rick

  9. Since you’re behind that router, you’re probably OK. But if you would like to have the extra protection of a software firewall anyway, I don’t recommend using the one that comes with Windows. I won’t go into details here, but you can read my spam zombie page if you like. I talk about it a little, and there are links to articles farther down. It’s rather a mess at the moment. (My page is, I mean.)

    Meantime, I personally use Sygate Personal Firewall (clicky). Note if you will that I’m also behind a firewall box (not just a router). Hacking the firewall isn’t the only way to infect your Windows box and the firewall box won’t warn me about trojans on my Windoze machine trying to call home or send spam or participate in a DDOS. And if another machine on my network gets infected it might protect me from propagation. So it’s more than just redundant and it’s not worthless redundancy.

    If you don’t like that one, there are other links on my page. I know a lot of people like ZoneAlarm. I don’t, and I believe it has compatibility issues with other software, but otherwise it’ll probably do as well as any other.

    MHO. YMMV.

  10. My suggestion would be to go to Windows 2000 to avoid problems with the XP SP2 firewall… I didn’t say it was a GOOD suggestion, but…

    All of my windows systems are still on Win2k.

Comments are closed.