Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is a password really necessary?

Status
Not open for further replies.
Mike Lewis

Mike Lewis

Programmer
Jan 10, 2003
17,516
Scotland
A friend visited my house the other day, and was horrified when he saw that I have a desktop PC without a login password.

This PC is running Windows Home SP2. I have never configured any user accounts on it, and have never bothered with a login password.

The machine is not connected to a network. I am the only person who ever goes near it, and I only use it for occasional word processing and recreational programming. I do occasionally use it to go onto the Internet -- mainly to listen to radio stations. I have not enabled the XP firewall, but I do run the free version of Zone Alarm.

My question is: Do I really need to set up a password for this machine? I explained to my friend that no-one other than me has physical access to the machine, but he said that, by not requiring a log-in password, I was leaving myself wide open to hackers, viruses, trojans and worms.

Is my friend being neurotic, or am I really so vulnerable?

Thanks in advance.

Mike


__________________________________
Mike Lewis (Edinburgh, Scotland)

My sites:
Visual FoxPro (www.ml-consult.demon.co.uk)
Crystal Reports (www.ml-crystal.com)
 
Sort by date Sort by votes
best practice would say yes... reality of home enviroments says you are probably just fine... i would enable the XP firewall ...
 
Upvote 0 Downvote
How are you connecting to the Internet? If by broadband, I would put a password on all accounts as an added layer of security. Connecting to he Internet is connecting to the world's largest network. In terms of security, it's the world's scariest network as well.


Jeff
The future is already here - it's just not widely distributed yet...
 
Upvote 0 Downvote
Hi, I agree with buddafish: you should enable the windows firewall even with zone alarm. The internet is a very hostile environment.

For the user/password question it depends on your personal environment.

* You already use an account with a password. Yours is simply autologon. During the windows setup you have been prompted to define a password for the administrator account.

This account has been used since that time.

Hope this help. Please let know if this resolve your issue

Jeff
 
Upvote 0 Downvote
Best practices says yes, being secure while on the web says yes. But, I agree with Bill for a home environement and only intermittenly surfing (provided you're on dial up and not broadband) you are "Okay" without it.

One thing that I will recommend, strongly recommend, is that if you do enable the XP firewall, disable the Zone Alarm prior to this. Actually, prior to enabling Zone Alarm I would fully uninstall it and remove all of its services.

Why? Due to the fact that two firewalls on the same network (much less the same system) can create a great increase in traffic and can also cause a failure in your ability to reach the web (One blocks a specific packet the other allows), it can get very confusing and nasty.

The reason for the uninstall of Zone Alarm is due to the fact that, even disabled, a firewall may still lock out specific ports. It shouldn't but I've seen it...quite often actually.
 
Upvote 0 Downvote
Thank you all for those replies. You've given me than I was hoping for.

Yes, my Internet connection is via broadband. Sounds like that alone is a cause for concern.

Re the password ... I'll take your advice and set one up, although I wish I understood more about why it is necessary. Is there really a threat from hackers -- someone trying to get into my machine? Why?

Re firewalls .... several of you said I should enable the XP firewall, even though I have ZoneAlarms. But Acquias, you said that I shouldn't be running both firewalls. Does that mean the XP firewall is better than ZoneAlarms? If so, why does anyone use ZoneAlarms?

I'll take all your good advice, but I'm still a little confused.

Mike


__________________________________
Mike Lewis (Edinburgh, Scotland)

My sites:
Visual FoxPro (www.ml-consult.demon.co.uk)
Crystal Reports (www.ml-crystal.com)
 
Upvote 0 Downvote
Realistically, a firewall is all a matter of preference. Some are harder to hack, others are updated more frequently, minor differences abound. Realistically almost any firewall should do for a home environment, only for corporate environments would I begin to truly argue what is better.

But, IMO I'd say enable XP's native firewall and remove the Zone Alarm. My main reason for this, is that Windows XP firewall is a bit easier to understand and navigate, in addition (no proof of this just my own thoughts) Windows XP, probably, has a more complete firewall than the freeware of Zone Alarm.

The reason for a password is not so much to prevent a hacker from logging into your computer and taking over (although, in theory, it could happen). It is more to keep you from being locked out of your system (some worms will automatically add and change passwords to user accounts if able) and to keep some worms from being able to install themselves to your system.

As for being connected via broadband, don't hit a panic button or anything due to it. The reason we make such a big deal of broadband vs dialup, is due to the fact that you're always on the internet. Even when you aren't surfing the web, you're connected to the internet and can still receive a virus or some form of malware.

As for questions, keep posting them. There are people here that are amazing with answers and providing interesting programs to assist in making everything easier to understand and safer for yourself.
 
Upvote 0 Downvote
To my knowledge, the native XP firewall is NOT more complete than the various free firewalls out there. The main reason for this is that XP's firewall blocks incoming traffic but does NOT monitor outbound traffic. (If SP2 changed this, I will stand corrected.)

Zone Alarm's product is pretty good, but does throw up a lot of false alerts. There are others I 've seen referenced here in the forums that go a little lighter on those, but I've not used any of them. (I apologize for not being able to remember the names off the top of my point had. ;-) )


Jeff
I am who I am and that's all that I am... (If I'm not supposed to be me, why do I look like me?)
 
Upvote 0 Downvote
<Points up at Jeff>
This is why I like Tek-Tips, someone else that knows more than me is always around to point out new information.
 
Upvote 0 Downvote
Windows firewall (previously known as ICF) in SP2 doesn't monitor external traffic EXCEPT the source address to prevent IP spoofing.

Also, Microsoft recommand to Disable windows firewall when a third party firewall is installed. (

Personnaly i'd rather NOT. Never had trouble running 2 back-to-back firewalls.

See this for more detail about windows firewall


Hope this helps. Please let know if this resolve your issue

Jeff
 
Upvote 0 Downvote
I still recommend against enabling two firewalls. There are several reasons for this...

1. Configuration conflicts
2. Additional traffic
3. Connectivity problems
4. Difficulty of troubleshooting any connectivity problems

The fact that you haven't had any issues suprises me a great deal Jeff. I know of very few people that don't hit some kind of wall between two seperate firewalls.

But, as with all things this is just a personal choice that we all have to make.
 
Upvote 0 Downvote
Aquias, I forgot to mention that my 2 firewalls are fully configured. I agree with you that "out-of-the-box" firewalls won't live with one another. The learning mode in zone alarm has been "ON" for several weeks in order to adequatly configure all the rules but after that all went fine.

The fact that i have been a proxy administrator for 8 years certainly helped with the configuration...

Nevertheless, you have a good point Aquias. 2 back2back firewalls is not suitable unless you really know what you're doing.

Thanks for the feedback.

Jeff
 
Upvote 0 Downvote
Acquias,

You've gone a long way to de-confuse me. Thanks.

Re firewalls. I think your message is "Use the firewall of your choice, but do use a firewall -- and only one firewall." I'll take that advice, but I'll research the whole subject a bit further before deciding which one.

Re passwords. Yes, I understand now. It makes sense.

Re broadband. I understand your point about being always connected. In ZoneAlarms, I have enabled the "Engage Internet Lock" feature, which blocks all Internet traffic if the connection is idle for ten minutes. I hoped that this would reduce the risk factor of being always connected.

Thanks again for the good advice.

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

My sites:
Visual FoxPro (www.ml-consult.demon.co.uk)
Crystal Reports (www.ml-crystal.com)
 
Upvote 0 Downvote
MasterRacker,

You say:

Zone Alarm's product is pretty good, but does throw up a lot of false alerts. There are others I 've seen referenced here in the forums that go a little lighter on those, but I've not used any of them

It certainly does throw up a lot of alerts, but unfortunately I am in no position to distinguish between a false alert and a real one. If in doubt, my policy is to deny the request, which so far has not caused any problems.

I plan to look more closely at the whole firewall market before making a decision on this.

Mike


__________________________________
Mike Lewis (Edinburgh, Scotland)

My sites:
Visual FoxPro (www.ml-consult.demon.co.uk)
Crystal Reports (www.ml-crystal.com)
 
Upvote 0 Downvote
Check out He has a couple of good firewall testing programs as well as a lot of good general security info.

He used to have some firewall reviews up but I couldn't find them in a quick site scan. I'm guessing they became dated and he just took them down. There's a lot of other good info though.


Jeff
I am who I am and that's all that I am... (If I'm not supposed to be me, why do I look like me?)
 
Upvote 0 Downvote
Sounds like you're well on your way. Don't be afraid to keep posting questions or thoughts up here.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mike Lewis
  • Locked
  • Question
MsMpEng.EXE in MSE: necessary? desirable?
Replies
3
Views
258
Mike Lewis
Mike Lewis
iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
304
Oorde
Oorde
2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
245
2ffat
2ffat
Olumighty
  • Locked
  • Question
BIOS PASSWORD WIPE OR CLEAR ON COMPUTER LAPTOP 1
Replies
1
Views
186
SamBones
SamBones
Henry Pence
  • Locked
  • Question
Is Norton Antivirus Necessary?
Replies
2
Views
223
Henry Pence
Henry Pence

Part and Inventory Search

Sponsor

Back
Top