Summary: You do need a firewall and particularly if you aren't behind a router the Windows Firewall is one option.
I'm really confused. With the new Windows XP SP2 Security Alert System, do we still need a firewall to stop outbound traffic? If we get a router, (LINKSYS), does that take care of everything, which means we need to disable Windows Firewall to avoid false alarms?
•
There's a lot of misunderstanding about firewalls, routers, and other security software. When Windows XP service pack two was released it definitely put security and particularly the firewall, "in your face". Subsequent releases of Windows now also include the firewall and turn it on by default.
It's a great opportunity to find out what you need ... and what you don't need.
•
A firewall filters network traffic. A previous article "What's a firewall, and how do I set one up?" covers this in more detail, but the bottom line is that a firewall primarily protects you from certain classes of incoming network-based problems.
Every computer should be behind a firewall of some sort.
In general, hardware firewalls, typically provided by NAT routers, keep malicious network traffic from ever reaching your computer, whereas software firewalls, such as the Windows Firewall, discard malicious traffic after it has actually arrived at your computer.
But you don't need both.
If you have a router with network address translation, or NAT, enabled (most consumer grade routers do, by default) then there's no need to enable the Windows firewall. In fact, you can tell the new Windows Security Center that you'll manage your firewall yourself.
If you're not behind a router or other firewall, you'll at least want to turn on the Windows firewall. This is what I do when I take my laptop with me on the road - not being sure of exactly what I'm connecting to, the firewall protects me from network based threats.
Now, one word in the original question is worth a comment: "outbound".
Consumer grade routers will keep you safe from threats that are incoming from the network, but will not filter or warn you of any malware already on your machine attempting to connect out. The Windows firewall has a limited amount of outbound traffic alerts, and other software firewalls that you can install separately to use instead of the Windows Firewall can be configured with a wide array of outgoing protection.
There's a wide variety of opinion on this, but personally, I'm quite happy simply behind a router and with no outgoing threat monitoring.
But regardless, you do need a firewall; be it an external router, a software package that you install, or at a minimum simply enabling the Windows Firewall already present on your machine.
(This is an update to an article originally published in September of 2004.)
ShareArticle C2186 - February 21, 2010
When I used Windows OneCare it used to tell me in a monthly report that it had stopped hundreds of intrusions. Once I had a router it reported zero per month! That says something about hardware firewalls. I now use Micrsoft Security Essentials which is the quietist AV ever. But in this thread:
Posted by: Ray Wilkes at February 23, 2010 1:33 PMit may imply MSE specificallyneeds Windows Firewall . Perhaps Leo, you could plough through this thread and summarise it. I am certainly convinced it is best to use free security, and now I would choose Microsoft, and spend the money on a router even if I only had one computer.
I'm kinda new at this stuff but I used to be able to get pogo games and now I cant. My computer crashed on me and when I got my things back, now I cant get my games. ait keeps telling me there is a spyware or some thing blocking me from opening. Is my firewall stoping me or is my antivirus stoping me?
Posted by: Florence at February 23, 2010 9:49 PMYour happy behind a firewall that doesn't monitor outbound connections?? I find that strange, haven't you ever used or seen a meterpreter session at work using the reverse_tcp payload?
Posted by: GrimReaper445 at February 25, 2010 12:21 AMI have a Linksys router - And I have Norton 360 which also has a firewall. So how come Norton 360 at the end of every month says it stopped certain incoming threats? Does that mean those threats got through the router firewall as well as Norton's own firewall? Makes me wonder how good my "firewalls" are?
26-Feb-2010
Posted by: Sandy Smih at February 25, 2010 6:41 PM
Thanks for answering! It is from enabling "Intrusion Prevention" I just got my monthly report from Norton and there were 122 attempts against my computer this month. Here is what Norton said Intrusion Prevention is:
Intrusion Prevention scans all the network traffic that enters and exits your computer and compares this information against a set of attack signatures. Attack signatures contain the information that identifies an attacker's attempt to exploit a known operating system or program vulnerability. If the information matches an attack signature, Intrusion Prevention automatically discards the packet and breaks the connection with the computer that sent the data.
Just thought I'd pass it along...
Sandy
Posted by: Sandy Smith at February 27, 2010 8:55 PM