This week, we take a look at how to set up and use the firewall feature built into Windows XP Service Pack 2. We also discuss why you might need more protection than Microsoft offers.
by Joseph Moran
These days, using a PC without a firewall installed makes about as much sense as leaving the house without wearing any pants. We’re not talking about the firewall built into your broadband router here — though they’re a critical first line of defense. We’re talking software.
A software firewall can offer significant supplemental protection, which is especially important for systems such as notebooks that are mobile and thus likely to be used on lots of different networks.
Use What You Have
This week, we’ll take a look at how to set up and use the firewall feature built into Windows XP Service Pack 2. Although Windows XP came with a firewall from the very beginning, it was improved with Service Pack 2, as well as automatically turned on by default. (If the firewall happens to be switched off, a notification balloon in the Windows tray should pop up a warning every time you start Windows.)
You can activate and configure the firewall by clicking Start|Control Panel|Windows Firewall. (Hint: another way to do this is to select the Properties of your network connection, click Advanced, and then the Settings button under Windows Firewall.) Once you turn it on, Windows Firewall will automatically block any unsolicited network connections coming to your system from outside sources.
Of course, blocking unsolicited incoming traffic is an easy call. This kind of traffic is automatically suspect, since by definition it’s not coming in response to a request made from your system. But blocking all incoming traffic would quickly render your computer pretty much useless, since any Internet-connected application needs to receive such traffic in order to function properly.
When an application installed on your system tries to receive data from the outside, Windows Firewall will automatically intercept it and then present you with an alert dialog asking whether you want to keep blocking it or not. If you recognize the application and select “Unblock” Windows Firewall will allow the incoming traffic through unimpeded, as well as let future traffic from that application pass without prompting you again.
Taking Exception
When you unblock an application’s traffic in Windows Firewall it sets up an “exception,” which essentially amounts to opening firewall holes for any TCP/IP ports that application uses. As you run each of your applications for the first time (or background applications go about their normal operations) Windows Firewall will be able to build a list of exceptions via the process described above, until eventually the alerts taper off.
You can view Windows Firewall’s list of exceptions by selecting the Exceptions tab, where you’ll see an alphabetical list the network-enabled applications and services on your system for which exceptions exist. (You may not recognize some of them, since Windows creates a few of its own without prompting you.) If the box next to an particular item is checked, its exception is active. Conversely, you can deactivate an exception by clearing the box for a given item.
Even though Windows Firewall can automate the creation of exceptions, there may be times when you want to set them manually. This is a good idea if you know in advance that a program needs network access but you don’t want to rely on being around to respond to an alert dialog in order to make sure one is created.
To set up an exception click the Add Program button, and you’ll see a list of every program installed on your system. Highlight the one you want, click OK, and an exception will be created. If you don’t see the application you want in the list, it probably means that it doesn’t have a Registry entry — which is common for programs that lack install routines and are instead run directly from an executable file. In this case, simply use the Browse button to locate the program in question.
By default, all exceptions are set up as unrestricted — that is, the program will be allowed to receive communication from any other computer on your network or on the Internet. You shouldn’t need to do this very often, but if you select an exception, click Edit, and then Change scope — you can restrict a program’s incoming communication to your own network, or even a specific PC (or group of PCs) on it.
Strictly speaking, the use of exceptions reduces your system’s security, but it’s a calculated risk you must take in order to be able to do anything useful with your computer. There are times, however, where exceptions make you especially vulnerable, like when you’re connected to a public network that you’re sharing with all kinds of unknown users. If you go back to the General tab you’ll see a check box labeled Don’t allow exceptions, which you should be sure to check whenever you connect to a network other than your own (like a hotspot).
Built-In or Add on?
Finally, you might question the logic of paying upwards of $50 or more for firewall software when XP has one built in. But that line of thinking would be a mistake, because while Windows Firewall provides a basic level of protection, like most of Windows built-in functions, it offers a relatively modest level of features compared to third-party software.
For starters, Windows Firewall concerns itself only with incoming traffic — all outgoing traffic is passed unchallenged, which could be a big problem if there’s a program on your system doing something that it shouldn’t be (like using your system to send out spam). Moreover, unlike most third-party products, Windows Firewall doesn’t allow you to set up different security profiles and automatically switch between them as you change networks, and it can’t guard against myriad other network-borne threats that other firewalls can, like viruses, spyware, spam and other forms of malware.
Joe Moran is a regular contributor to PracticallyNetworked.
