After installing the XP SP2 I noticed that even with the firewall activated(and reportedly an improvement over SP1's firewall)that it failed Steve Gibson's leak test. As a result I then turned back on the Sygate personal firewall that I already have and this time it passed the test.


Does this mean then that the SP2 firewall is really not as effective as we've been led to believe? Or alternatively that Gibson's leak test might not be that valid a means for checking on how thorough a firewall is?

Third party firewalls are much better than the rudimentary SP2 firewall. Sygate's test also will show similar results if you test that one.
:)

Not really. Like I said, the Sygate DID pass the Leak test though there's another test(tooleaky.exe but not connected with Steve Gibson)which it failed.

SP2 firewall only stops traffic in one direction -in-. As far as I know it does not stop things from leaving your computer.

Quantax,
Not really. Like I said, the Sygate DID pass the Leak test though there's another test(tooleaky.exe but not connected with Steve
No, I meant Sygate has a port tester too, and the SP2 firewall will fail there as well as Gibson's test. Sygate's firewall will not fail if configured properly.

After installing the XP SP2


Does this mean then that the SP2 firewall is really not as effective as we've been led to believe? Or alternatively that Gibson's leak test might not be that valid a means for checking on how thorough a firewall is?
Personally, I would put more faith in Steve Gibson than I would in MicroSoft.

Yeah, I too might put more faith in Steve Gibson if he bothered to take the time to answer an email about Spinrite I sent almost two weeks ago. :mad:

But I solved the problem on my own anyway. :)

Glad I have a hard and soft firewall.
I too would trust Steve Gibsons site.
But Ms has even said that using a third party firewall is a good way to go.
Mark

I'm no security expert. And to be honest, Steve Gibson's site is one of the first places that turned me on to the fact that security is something I need to be concerned about. But the more I've learned about IT security, the more I've learned that Steve Gibson does not have a good reputation in serious security circles.

For starters:

www.grcsucks.com

Well, I took a chance on his Spinrite product and luckily discovered on my own why it was wrecking my dual boot system. I had inadvertently forgot to put back a check in the "read only" category of the boot.ini file. Running Spinrite writes to the drive so it "wrote out" the file.

Before I bought it though, I read extensively about it on Google. There was general praise for it.

But the more I've learned about IT security, the more I've learned that Steve Gibson does not have a good reputation in serious security circles.

For starters:

www.grcsucks.com
I can't say for sure, but I always thought that most people thought pretty highly of him. A friend of mine went to one of the seminars that he put on some time ago and praised him pretty highly. From what I've read, he seems to know what he's talking about. But, I'm no expert either and maybe he does have some problems. I've been to that web-site (the grcsucks site) before. The guy that put that out must have had a lot of hate for Gibson to come down on him that strong. Maybe for some personal reason--I don't know. But, as I said, I'm just guessing--I don't know Mr. Gibson nor do I know the person who put out that web site.
~Frank~

Someone asked me what I thought of Steve Gibson, I replied that I thought of him as the "Bob Vila" of computer security. (Bob Vila is a home improvement guru here in the US that turns out not to be a real carpenter, or architect, but come across as one).
Steve Gibson knows some useful things and has some useful programs. He also tilts at windmills sometimes. ;)

Yeah, I saw him pitching the Spinrite(among other things)at the local computer club I attend on occasion, this being about six months ago. He struck me as a high energy type A sort of person but one who *appears* pretty knowledgeable about the stuff he was lecturing on.

But the one thing I've found something of a turn off is that on his site he goes into such exhaustive details about things, virtual overkill,that I lose interest and think his security concerns are overwrought.

I had inadvertently forgot to put back a check in the "read only" category of the boot.ini file.
Now that's a real useful little bit of knowledge to store away somewhere!!

The only thing that stimulates the cynic in me regarding Steve Gibson's site is that he has security and recovery products that cost money to buy.

The real question is that does anyone know if the tests on his security site really work and are they accurate?

As far as I know the tests on his site do work, and the free stuff works too. :)

so it really does not matter if he is held in high esteem as long as his tests and advise is basically correct?
Mark

Yesterday I used his Spinrite 6.0 to check out what I thought was a failing drive. So far it hasn't exhibited any of the troubling symptoms one would think were clearly indicative of a moribund drive(constant clicking, wheezing sounds). But I think THAT came about because I had set the power management setting to shut the drive off at 25 minutes(causing alternating expansion and contraction of the drive from heat changes) whereas now it's been re-set to never get shut down.

so it really does not matter if he is held in high esteem as long as his tests and advise is basically correct?
Mark,
I learned the basics of firewalls from his site and I went on from there.
I found it odd that he sometimes rails against the same products he recommended a year or so earlier, and never does quite explain why. I think he just needs to be against something.
I don't think it really matters what people think about him personally.

Here is another port scanner site: BBR tools (http://www.dslreports.com/tools), if you want a double-check.