Home »
Windows
»
Windows Configuration
Summary: If you aren't behind a NAT router, it may be a good idea to use SP2's Windows Firewall.
|
I'm really confused. With the new Windows XP SP2 Security Alert System, do we still need a firewall to stop outbound traffic? If we get a router, (LINKSYS), does that take care of everything, which means we need to disable Windows Firewall to avoid false alarms? |
There's a lot of misunderstanding about firewalls, routers, and other security software. Windows XP2 SP2 definitely puts security and particularly the firewall, "in your face", so it's a great opportunity to find out what you need and what you don't.
•
A firewall filters incoming traffic. A previous article "What's a firewall, and how do I set one up?" covers this in more detail, but the bottom line is that a firewall protects you from certain classes of incoming problems.
Everyone should have a firewall of some sort.
In general hardware firewalls, typically provided by NAT routers, keep malicious traffic from ever reaching your computer, whereas software firewalls, such as the Windows firewall, discard malicious traffic after it has actually arrived at your computer.
But you don't need both.
If you have a router with NAT enabled, then there's no need to enable the Windows firewall. In fact, you can tell the new Windows Security Center that you'll manage your firewall yourself. " What's this new 'Security Center' thing in XP service pack 2 all about?" has more on configuring the firewall.
If you're not behind a router or other firewall, you'll want to turn on the Windows firewall. This is what I do when I take my laptop with me on the road.
Now, one word in the original question concerns me: "outbound". Firewalls typically handle protecting you from incoming traffic. Neither a typical router, nor the Windows firewall, will filter or manage outgoing traffic. For that you need either a significantly more expensive industrial strength router, or one of the more complete firewall and security packages such as ZoneAlarm.
Personally, I'm quite happy behind a router, and if you're behind one, I don't commonly see a real need for the added expense.
Related:
Ask Leo! - What's this new 'Security Center' thing in XP service pack 2 all about?
Ask Leo! - What's a firewall, and how do I set one up?
Ask Leo! - Will SP2 Crash my machine?
Article C2186 - September 14, 2004
If I have to allow xp firewall to be uninstalled where do I go to to reinstall it?
Posted by: Brian at February 6, 2006 6:56 PMI don't believe it CAN be uninstalled. You can go to the security center in Control Panel to turn it on, if it was simply turned off.
Posted by: Leo at February 6, 2006 7:10 PMIf you are using a router with NAT(Network Address Translation)enabled then you do not need a software firewall. This is because any potential hacker 'probing' your network will only 'see' the router which, of course, does not hold any valuable information. NAT allows the router to change the ip address header of any data packets sent from your p.c. Instead of the ip address of your p.c. the packet is sent out with the ip address of the router itself. Therefore when a hacker 'probes' your network looking for a reply from your p.c. all he gets is a reply from the router. In effect your p.c. is 'hidden' behind the router.
Posted by: Paul at February 26, 2006 6:38 AMIf your p.c. is not behind a router then you most definately DO need a software firewall. However, if you do use a NAT enabled router then software firewalls are not necessary.
Is it safe to use Limeware music download? is it safe for my computer?
Thank You,
Edward Ldu
Posted by: Edard Ludi at March 10, 2006 5:04 AMThis comment is for Edward who asked if it is safe to download from Limewire. It's safe just make sure you have a good antivirus program and you scan everything you download before you run it. Be extra careful if you download software because a large percentage of the software downloads on Limewire are viruses, worms or trojans.
Posted by: blackdahlia at March 10, 2006 11:27 AMI believe running a software firewall remains prudent even behind a NAT Router. This is particularly true if you let (either deliberately or accidentally) untrusted machines onto your network. Once an untrusted machine is on your network they can infect you directly and you (and the NAT Router) will never know it happened.
There are many ways that this can happen...
1. The majority of casual computer users do not know how to secure a wireless network and an unsecured wireless network is an open invitation for unwanted guests. (At my previous home I could see three unsecured networks that remained unsecured even after repeated offers to help them get secure).
2. Perhaps you invite guests onto your network, e.g. friends for LAN gaming.
3. You have untrustworthy users with their own machines on your network, for example, teenagers who P2P and lack the skills to prevent 'accidents'.
4. Even a skilled user can be caught out if they offer to 'fix' a friends computer and connect it to their LAN without thinking.
5. A mobile machine may pick up an infection elsewhere and bring it home to behind the NAT Router.
etc.
Posted by: Martin at March 16, 2006 4:52 PMIf your Notebook or Desktop Computer contains or is "likely" to have a Wireless Card connected to it (With USB ports I would say this is Mandatory), you do need a good Software Firewall to stop possible Wireless Intrusion directly into your LAN.
A Router ***will not Block*** this traffic!
Posted by: gonwwith the wind at March 31, 2006 6:46 AMIs there a way to make the software firewall of my laptop automaticaly activate when using other/public network(ie: not on home network) AND deactivate when I'm on my home network(has a router and I trust my LAN) ?
Posted by: Dan B at October 21, 2007 4:46 PMYes, i have installed sp2 on my computer, ever since then i have had troube with my boot up. I dont know what has caused this, cause i have reinstalled windows xp before no problem with sp2, but now i am having boot up problems. And i am unable to use my zone alarm without this sp2. Is there any other firewalls i can use other zone alarm without having to use sp2???
Posted by: angeln at January 27, 2008 3:28 PMI have windows firewall enabled on my laptop. I also have Mcafee anti virus installed which also has firewall enabled. I was told that more than 1 firewall can conflict with each other. Which one do I need or is preferred?
18-Nov-2008