Windows XP: Don't Forget the Firewall XP SP2 Built-in Firewall or Add-on Firewall? Joseph Moran
More on Windows Firewall Exceptions
Even though Windows Firewall can automate the creation of exceptions, there may be times when you want to set them manually. This is a good idea if you know in advance that a program needs network access but you don't want to rely on being around to respond to an alert dialog in order to make sure one is created.
To set up an exception click the Add Program button, and you'll see a list of every program installed on your system. Highlight the one you want, click OK, and an exception will be created. If you don't see the application you want in the list, it probably means that it doesn't have a Registry entry — which is common for programs that lack install routines and are instead run directly from an executable file. In this case, simply use the Browse button to locate the program in question.
By default, all exceptions are set up as unrestricted — that is, the program will be allowed to receive communication from any other computer on your network or on the Internet. You shouldn't need to do this very often, but if you select an exception, click Edit, and then Change scope — you can restrict a program's incoming communication to your own network, or even a specific PC (or group of PCs) on it.
Strictly speaking, the use of exceptions reduces your system's security, but it's a calculated risk you must take in order to be able to do anything useful with your computer. There are times, however, where exceptions make you especially vulnerable, like when you're connected to a public network that you're sharing with all kinds of unknown users. If you go back to the General tab you'll see a check box labeled Don't allow exceptions, which you should be sure to check whenever you connect to a network other than your own (like a hotspot).
Built-in or Add-on Firewall?
Finally, you might question the logic of paying upwards of $50 or more for add-on firewall software when XP SP2 already has one built in. But that line of thinking would be a mistake, because while Windows Firewall does provide a basic level of protection, like most of Windows built-in functions, it offers a relatively modest level of features compared to third-party software.
For starters, Windows Firewall concerns itself only with incoming traffic — all outgoing traffic is passed unchallenged, which could be a big problem if there's a program on your system doing something that it shouldn't be (like using your system to send out spam). Moreover, unlike most third-party products, Windows Firewall doesn't allow you to set up different security profiles and automatically switch between them as you change networks, and it can't guard against myriad other network-borne threats that other firewalls can, like viruses, spyware, spam and other forms of malware.
If you're interested, we have reviews and ratings for a variety of software firewalls in our WinPlanet Networking section.
Joe Moran is a regular contributor to PracticallyNetworked.
