MDGx
Windows XP
Tweaks + Secrets - Part 2

Go to Windows XP ©Tweaks + Secrets Contents
8-16-04 Updated WinXP/2003 Original ©Trick in TIPSXP.TXT, part of W95-11D.EXE:


XP/2003 FIREWALL GUIDE
[UPDATED 8-16-2004]


Dedicated to Pierre, the inspirational force behind this guide.

DEFINITION: The FireWall (FW) is a hardware and/or software based two-way monitor, detector and filter (blocker/unblocker) of ingress/inbound [incoming = originated from internet/network computer(s)] and egress/outbound [outgoing = originated from local networked computer(s)] data/packets, set to block/prevent/stop and/or allow/permit/proxy the transmitting (broadcast) of unauthorized, personal, private and/or local/network computer data/packets to dedicated internet/network based servers/applications and the receiving (download) of unauthorized, internet/network based adware, malware and/or spyware data/packets from reaching/infesting the local/network computer(s).
More info.

The Microsoft Internet Connection Firewall (ICF) installs as part of Windows XP (Home + Professional Editions) and Windows 2003 Server (Standard, Enterprise, Datacenter + Web Editions), but lacks some of the advanced features found in similar 3rd party utilities.
Windows Vista Firewall is even worse, because it gives the user a false sense of security by not prompting whenever it detects an attack/intrusion, according to ZDNet Blogs.
ICF is a Windows XP/2003 built-in internet based intrusion prevention tool designed for users of broadband (xDSL, Cable, Satellite digital modems) and dial-up (analog modems) connections, who are unaware of intrusion threats and of the need for protection, extends the NAT (Network Address Translation) driver, provides ICMP blocking options and activity logging.
NAT is explained @ Wikipedia.
More info @ MSKB.
ICF features similar functionality to most hardware based firewalls built into network/broadband routers, a combination of packet and gateway filtering.
FYI: Microsoft acknowledged that ICF blocks ONLY IPv4 traffic, NOT IPv6, without installing Advanced Networking Pack (ANP) for Windows XP/XP SP1/XP SP1a! Windows XP SP3 installs ANP!

NEWS FLASH:
Microsoft released August 2008 Windows XP Service Pack 3 (SP3) [MUST INSTALL!], a huge update package [316 MB], which installs among many security vulnerability + bug fixes the NEW version of ICF, renamed to Windows Firewall (WF).

Windows Firewall NEW features:

Stateful inspection is explained @ Wikipedia.

XP SP2 WF BUGS:

CONCLUSION: To raise your level of protection efficiently, get a network/broadband router with built-in basic hardware firewall AND a •better•, customizable software firewall [most are FREE(ware)].

ICF/WF can be activated 5 ways:

Defaults are set mainly for outbound traffic, and out-of-the-box ICF/WF blocks only a few ports and protocols Microsoft deems unsafe, which is way too risky for every day browsing. :(
Therefore it is strongly advised to tweak them manually to enjoy a safer Internet experience: select the Network Connection Settings tab -> click the Settings button -> customize ICF/WF to your needs.
The good news is ICF/WF blocks RPC calls to TCP port 135 (see port list below for details) by default. :)
Start by making rules (as you should with any decent FW) for each app, domain, protocol, port etc, separately for outbound and/or inbound, respectively.
A rule set does one of two things: (1) blocks [disables] or (2) unblocks [enables] a particular app/port/protocol/domain/IP/server/computer/etc from/to access(ing) the internet as a whole, or targets one or more specific internet/network(s) port(s)/domain(s)/server(s)/computer(s).

More ICF/WF info + tools:

DEFINITIONS:

FYI: See my Glossary for terms definitions.

Most frequently used (a.k.a. common, known, assigned) ports in alphabetical order [can't surf without them ;)]:

Most frequently used Trojan/Zombie ports [malware, •MUST ALWAYS• block!]:

There are a total of 65535 ports (a.k.a. address numbers), used by networked computers to create logical connections, and categorized as follows:

More port info:

Note that port numbers are assigned on per application/server approval basis by IANA (Internet Assigned Numbers Authority), the world wide (global) profit-free organization responsible for managing and distributing internet ports to companies, businesses, vendors, ISPs etc.
IANA posts periodically a complete list of all ports (must be in public domain) and entities currently using them.

Also, open the %windir%\System32\Drivers\Etc\SERVICES (plain text) file in Notepad and take a look at the Microsoft list of known/used ports.

ICF/WF guidelines: when you let an app through, open ONLY the TCP/UDP port(s) you know it needs to use in order to operate over the internet/network(s), and close ALL OTHER ports, especially the ones you know are on the "black" list: some of the known exposed (dangerous) ports are listed after you complete the security port scan tests at Gibson Research.
More internet security sites.

A blocked app means that all its ports/protocols are closed as far as it is concerned, both outbound (outgoing) and inbound (incoming).
You also need to make it work with your particular apps, and at the same time have some degree of protection from "unscheduled outbound travellers". ;-)
Quoted from the Stargate SG-1 Sci-Fi TV series (Stargate theatrical film spin-off).

Try not to block/unblock both TCP and UDP within the same rule for the same app/protocol, make separate rules for each, as you should also for outbound and inbound, respectively.

Note that software based firewalls are never as secure as network/internet routers/switchers/splitters that have built-in hardware based firewalls (low level = block unwanted apps/ports before reaching the OS), because it is very difficult and time consuming to block •every• dangerous port from within the OS (high level = block unwanted apps/ports after reaching the OS).
Example: software FWs do NOT filter/protect NOR provide firewall services whenever you start up or shut down your machine! Therefore, during the startup and/or shutdown routines ANY user can connect to your computer and/or to ANY running services/applications... feeling vulnerable already? :(

That's why I STRONGLY recommend, especially if surfing on broadband (xDSL, Cable or Satellite) and/or using more than one PC to access the internet, to purchase a good multipurpose 4 port (or more, depending on your needs) router with built-in hardware firewall. I use Linksys Instant Broadband EtherFast Cable/DSL Firewall Router with 4 Port Switch/VPN Endpoint [model BEFSX41], which sells for ~ $60-70 (USD) at most computer outlets. Similar Linksys products.
Shop B4 U buy: check PriceWatch for best deals.
These guys reviewed these routers for you.

IMPORTANT: •Always• allow full access to these 2 XP OS services (both files reside in the %windir%\System32 folder, usually C:\Windows\System32):

IMHO:
As an avid internet user, I can't rely on XP's rudimentary firewall to take care of business [nor should you! ;)], so I strongly recommend to install one of these freeware firewalls.

FYI:
FW + Security references.

Back to XP's ICF/WF...
Go to: Control Panel -> Networks -> your Internet/Network connection -> Properties -> Advanced -> Parameters -> Services list -> Adjust -> Description of Service -> type your own description [i.e. Windows Messenger UDP] -> Name/IP box -> type your computer or IP name/address -> External Port -> check TCP or UDP -> click OK or press Enter.
Note that a port you want open and an internal port unfortunately mean the same thing in Microsoft's "lingo". :(
Now create a new rule for each port you want opened (or closed), folowing the port table examples below for known applications.
Here are only a few, but you need to study the manufacturer's documents/guides regarding specific port numbers assigned to your particular net apps, games, tools etc:

App/Game nameTCP port(s) usedUDP port(s) used
XP native apps:
Messenger6891-6900
Messenger Voice69016901
NetMeeting389, 522, 1503, 1720, 1731
3rd party apps:
America OnLine (AOL)5190-51935190-5193
AOL AIM443, 563, 4099, 5190
ICQ4000, 5190
IRC194, 6661-66671080-6660
Kazaa1214
MiRC/Virc113
Napster66996699
Online games:
Asheron's Call9000-9013
Battle.net1024-491516112
Black and White2611-2612, 6500, 6667, 27900  
Crimson Skies1121, 3040, 28801, 28805
Counter Strike Servers26000-30000
Dark Reign 23100, 3568, 39993100, 3568, 3999
Descent 319001900, 2092
Diablo 240006112
Earth & Beyond21 (patch)
80 (client)
443 (login)
3805 (server)		3000-4000
Elite Force26000, 27500, 27910, 27960
Everquest1024-6000, 7000
Half Life27015
Halo PC802302, 2303
MSN Gaming Zone2880-29000, 6667
MSN Gaming Zone DirectX  2300-2400, 47624
Need for Speed94426112
Need for Speed 31030
Outlaws5310
Quake II27910
Quake II/III Servers26000-30000
Quake III27960 (add 1 for each user)
Rainbow Six2346, 2347, 23482346, 2347, 2348
Rogue Spear23462346
Starcraft61126112
Tiberian Sun1140-1234, 40001140-1234, 4000
Ultima Online5001-5010 (game)
7775-7777 (login)
8888-9999 (patch)
8800-8900 (messenger)
7875 (monitor)		2346
Warcraft III61126112

MSKB: Programs that may require to open ports manually.

FYI: See "INTERNET TIME THROUGH FIREWALL", also in TIPSXP.TXT [part of W95-11D.EXE], to learn how to synchronize your PC time with a dedicated time server while using ICF/WF.

BACK 2 CONTENTS
8-29-02 WinXP ©Trick in TIPSXP.TXT, part of W95-11D.EXE:


SINGLE CLICK SHUTDOWN


Did you know that in Windows XP you can shut down your computer from the (eventually DOS prompt) command line box? Moreover, you can do this by clicking your mouse only once. :)
All you need to do is... right-click on an empty Desktop spot -> select New -> Shortcut -> type shutdown followed by a space, and then enter one or more of the parameters listed below -> click Next -> type a suggestive name for your new shortcut -> finally, click Finish.
This is the Shutdown.exe (located in %windir%\System32, usually C:\Windows\System32) syntax:

shutdown [-i|-l|-s|-r|-a] [-f] [-m \\computername] [-t xx] [-c "Text"] [-d[u][p]:xx:yy]

Valid command line switches:

NOTES:

For example:

shutdown -s -c "Shutting down!" -t 3

tells your computer to shutdown after waiting for 3 seconds while the System Shutdown window will display text above in the Message area.

Optional: after you're done creating your customized shortcut for shutdown -> right-click on it -> select Properties -> enter your desired key "combo" in the Shortcut Key box (example: Ctrl + Alt + End) -> click OK/Apply.
From now on just left-click on your shutdown shortcut or hit that key combination to turn off/restart/log off your XP computer. :)

FYI: Windows NT4/2000 owners can use this similar 3rd party ShutDown command line tool [40 KB, freeware].

BACK 2 CONTENTS
5-23-02 WinNT4/2000/XP/2003 Registry ©Trick in TIPSXP.TXT, part of W95-11D.EXE:


GET BACK YOUR CD/DVD


This is a two part BUG fix.

  1. BUG:

    Users of CD/DVD (re)writing software (Roxio/Adaptec Easy CD Creator + DirectCD, Ahead Nero Burning ROM etc) may bump into error messages such as "No ASPI devices installed" while using any of these utilities.
    This is due to a flaw into the Adaptec ASPI Layer settings.
    ASPI stands for Advanced SCSI Programming Interface, but this applies to ALL (E)IDE/ATAPI/SCSI CD-R(W)/DVD-R(W)/DVD-RAM drive owners.

    FIX:

    Start by installing the current Windows NT4/2000/XP/2003 Standard ASPI Layer drivers from Adaptec.
    Direct download [510 KB, free].
    Make sure to use the INSTALL.BAT file provided with the package to copy ONLY the appropriate drivers for these Win32 OSes: ASPI32.SYS (in %windir%\System32\Drivers) + WNASPI32.DLL (in %windir%\System32).
    Open Windows Explorer and delete (if present) WOWPOST.EXE + WINASPI.DLL from %windir%\System.
    Reboot when done.
    Run ASPICHK.EXE (also included) to make sure you have properly upgraded to version 4.7x.
    Now copy & paste text between lines below into Notepad and save this as a .REG file [name doesn't matter, only the extension does :)]:

    -----Begin cut & paste here-----
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aspi32]
    "ErrorControl"=dword:00000001
    "Type"=dword:00000001
    "Start"=dword:00000002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aspi32\Parameters]
    "ExcludeMiniports"=""
    ------End cut & paste here------

    Finally, double-click on the REG file in Windows Explorer.
    Reboot one more time.
    Done.

    NOTE: If still having problems using your Roxio recording software, replace 2 with 1 on the "Start" line above, and then merge (run) the modified .REG file into your Registry one more time.

    FYI: Similar fixes:

  2. BUG:

    After installing/uninstalling Roxio (Adaptec) Easy CD Creator and/or DirectCD on/from your Windows NT4/2000/XP/2003 system, your CD-ROM/CD-R(W)/DVD-ROM/DVD-R(W)/DVD-RAM drives may get suddenly lost. :( The CD/DVD drive icon(s) may disappear from My Computer, Windows Explorer and any other disk/file browsing app. Also, if you try to view/open/run any CD/DVD based folder/file, you may encounter several popup messages linked to one of these error Codes: 19, 31, 32, 39 and/or 41.

    FIX:

    But these BUGs can be fixed by hacking your Registry.
    You must be logged on with Administrator rights to be allowed to edit the Registry.
    Fire up Regedit or Regedt32 and go to:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}

    Make sure Read only mode is disabled in Options menu.

    BACKUP this Registry key BEFORE MAKING ANY CHANGES:
    Highlight it -> click Registry from the File menu -> select Export Registry File... -> browse to your desired location -> type a file name -> click Save.
    Now look in the right hand pane for these 2 REG_MULTI_SZ Values: "UpperFilters" and "LowerFilters". Right-click on each one, select Delete and click OK.
    Close the Registry Editor and restart Windows when done.
    The catch is that after doing this you may also lose your CD/DVD recording capabilites. :(
    In this case, check this Roxio Support page for software patches/updates/fixes [free subscription required!], and install the current ones applying to your particular versions(s).
    These Roxio Support pages may also provide some help:Uninstalling and/or reinstalling the affected Roxio software may also solve this issue.
    If none of these methods work, then open Windows Explorer and (double)-click the REG file created when you backed up the Registry key above to restore the original values. Restart Windows when done.

    FYI: More info + FIXes @ Microsoft:

BACK 2 CONTENTS
©1996-2009 AXCEL216 / MDGx: Everything here is FREEware. I have created [August 1996], maintain and update these web pages entirely by hand using Programmer's File Editor [replaced Notepad]. I do not promote, speak in the behalf of, advertise or work for any computing, news or internet profit business. All ®registered ©copyrights and ™trademarks referred herein retain the property of their respective owners.

Back!