So do I need SP2's Windows Firewall or not?

Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.

Dear Leo:

Thanks for the great info. Now I have a better understanding of what a router and Windows XP Firewall will and will not do.

Armed with this information, I will now activiate my new Wireless-G Broadband Router (802.11g) and disable my Windows Firewall. Or, as you stated...(notify Windows Security that I will manage my own firewall).

I will add Zone Alarm for Outbound protection, as there are always programs, at one time or another, asking for Internet Connection.

Once again, thank you for taking the time to shed some light on this problem...I hope it will help others that have had the same questions, but didn't know who to ask.

It couldn't get any clearer than this!!!

Please don't install ALARMinglyunfriendlysoftware like ZoneALARM. Instead use either the free Outpost or Outpost Pro from agnitum

http://agnitum.com

Unlike ZoneAlarm, if you decide you uninstall Outpost you will be able to try other firewall packages, and your operating system will continue to function as you would expect.

The problem with not having a firewall enabled on machines behind a hardware firewall is this leads to what's called M&M security - a hard crunchy outside, but a soft, chewy inside.

If someone gets behind your hardware firewall with an infected machine, then your entire network is vulnerable. This isn't a big deal if you've got one machine on a DSL connection - the hardware firewall does a great job of handling this.

On the other hand if you've got a wireless network (especially an unprotected wireless network), anyone bringing an infected machine near your wireless network might compromise the machines behind the firewall.

So Leo's comment is totally accurate for 90% of the users out there. But the caveats will bite you if you're not careful.

This is the same advice that I give out with the addition of the fact that I favor actually purchasing a router with NAT protection, than purchasing firewall software. Of course this applies to broadband users but the benifit is that for a little added expense you get far superior protection that never needs updating, and has absolutely no effect on your computers performance.
A software firewall will after a while begin to slow your system since it has to activly remember every connection that is "allowed" on the PC and block those that aren't allowed in addition monitoring the connection for common threats. This uses a lot of system resources.
NAT (Network Address Translation) simply hides your computer from the network making it invulnerable from attack. Worth every penny. I've even suggested to Linksys that they manufacture and market standalone NAT devices that people can install between their DSL modem and phone line connection. They would rake it in!

As someone on the front lines of dealing with the influx of Spyware/Malware. You can't do enough in protecting your system from these old and new threats, especially if you have a DSL/Broadband connection. You can become infected by just going to a wrong website. I recommend a Nat based Firewall, Norton Internet Security 2005 and Spysweeper (It will catch the spyware ) and make sure you enable the popup blocker in IE (WinXP sp2 installs one in IE )oh and last but not least Keep Windows XP updated through Windows Update. Happy Surfing.

Hi,
I have a befsr41 Linksys router, avg anti virus updated daily, spybot, adaware, spywareblaster and system mechanic. Do I need to download sp2 at all?? I have been able to kill and or block all viruses, trojans, worms, and spyware for 1 year with current updates of all defensive utilities. Isn't that enough? Or must I get sp2 so I can be ready for receiving further , later on updates that may need sp2 to be installed? Thank you,
Sincerely,
Miles

Sounds like you really have your act together, that's great.

A couple of things: SP2 has more fixes than just the security stuff that is getting all the press. And, as you've already guessed, it's likely that some future updates, or even some future applications, will require SP2 already be installed.

But given your track record, I'd be ok waiting to install it until you actually ran across a need.

Can I have the Windows XP2 firewall on AND continue using my router?

Sure. You can run with both firewalls enabled.

I would like to take issue with your article "So Do I Need SP2’s Windows Firewall Or Not?
".
You state that if you are behind a firewall or NAT, that you dont need a firewall, and that an "outbound" firewall is not required.
You obviously live on some other world wide web my friend.
Consider this scenario:
In your wisdom you visit some suspect web sites,and some spyware is unknowing installed on your PC.
The next time you connect to the web, the spyware "phones home" with all your bank and credit card details.

If an outbound firewall were in operation, you would be asked if you want to allow "program X" to connect to the internet, choosing NO prevents the phone home action, choosing YES allows it to happen. Without an outbound firewall in place this prompt for connection does not happen and you are blissfully unaware of the activity your pc has just performed. Whether or not you are behind a firewall or NAT is irrelevant in this case, as the activity has been initiated FROM YOUR END OF THE CONNECTION.
As there is NO WAY to categorically prevent your pc from this type of infection, the absence of an outbound firewall is a licence to print money for the spyware makers.

Andrew Curtis

To post a comment on "So do I need SP2's Windows Firewall or not?", please return to that article's main page.