Earlier today, I blogged about an exploit that has been getting some attention, that I felt really wasn’t worth getting too worried about.
As part of the piece, I questioned turning off ICS, because I felt it would disable the Windows firewall.
However, Corey Nachreiner at WatchGuard made the following point to me:
…I too think this very low risk vulnerability has been over hyped in the media’s headlines. However, …as far as I can see, properly disabling ICS does not kill or disable the Windows XP firewall.
If you have a multi-homed XP machine, just go into the advanced properties of any network adapter and you can clearly see that you can uncheck the ICS component ( the “Allow other network users to connect through this computer’s network connection” box) while still keeping the XP firewall enabled.
So I don’t see why …disabling ICS kills the XP firewall. On the other hand, disabling ICS does obviously prevent any other client computers that were using ICS before from reaching the Internet. But it doesn’t kill the Firewall.
I understand that ICS relies on some of the Firewall’s functionality to work. Because of this, if ICS dies improperly it will take the Firewall with it. However, I don’t know of the Firewall relying on ICS to work (as far as I can tell). So you can disable ICS without disabling the Firewall.
I think that Corey may be right here, but will continue to research this. At any rate, the real point of my blog post stands — a potential vulnerability in ICS is just not that big of a deal.
UPDATE: nCircle has lots more posted to clarify the whole “disable ICS” issue. You do not have to disable the ICS/Firewall service to mitigate this exploit, thus shutting down your Windows firewall. More here.