Windows XP: Don't Forget the Firewall Software Firewalls: Using What You Already Have Joseph Moran
This week we take a look at how to set up and use the firewall capabilities built into Windows XP Service Pack 2. We also discuss why you might need more protection than Microsoft offers.
These days, using a PC without a firewall installed makes about as much sense as leaving the house without wearing any pants. We're not talking about the firewall built into your broadband router here — though this is a critical first line of defense — we're talking software.
A software firewall can offer significant supplemental protection, which is especially important for systems such as notebooks that are mobile and thus likely to be used on lots of different networks.
Use What You Have
This week we'll take a look at how to set up and use the firewall feature built into Windows XP Service Pack 2. Although Windows XP came with a firewall from the very beginning (i.e. pre-SP1), it was improved with Service Pack 2, as well as automatically turned on by default. (If the firewall happens to be switched off, a notification balloon in the Windows tray should pop up a warning every time you start Windows.)
You can activate and configure the firewall by clicking Start | Control Panel | Windows Firewall. (Hint: another way to do this is to select the Properties of your network connection, click Advanced, and then click the Settings button under Windows Firewall.) Once you turn it on, Windows Firewall will automatically block any unsolicited network connections coming to your system from outside sources.
Of course, blocking unsolicited incoming traffic is an easy call. This kind of traffic is automatically suspect, since by definition it's not coming in response to a request made from your system. But blocking all incoming traffic would quickly render your computer pretty much useless, since any Internet-connected application needs to receive such traffic in order to function properly.
When an application installed on your system tries to receive data from the outside, Windows Firewall will automatically intercept it and then present you with an alert dialog asking whether you want to keep blocking it or not. If you recognize the application and select "Unblock," Windows Firewall will allow the incoming traffic through unimpeded, as well as let future traffic from that application pass without prompting you again.
Taking Exception
When you unblock an application's traffic in Windows Firewall it sets up an "exception," which essentially amounts to opening firewall holes for any TCP/IP ports that application uses. As you run each of your applications for the first time (or background applications go about their normal operations), Windows Firewall will be able to build a list of exceptions via the process described above, until eventually the alerts taper off.
You can view Windows Firewall's list of exceptions by selecting the Exceptions tab, where you'll see an alphabetical list the network-enabled applications and services on your system for which exceptions exist. (You may not recognize some of them, since Windows creates a few of its own without prompting you.) If the box next to an particular item is checked, its exception is active. Conversely, you can deactivate an exception by clearing the box for a given item.
