Firewalls
On This Page:
- What Is A Firewall?
- How Windows Firewall Works
- What Windows Firewall Does and Does Not Do
- Firewall Exceptions
What Is A Firewall?
How Do I Choose a Firewall?
A firewall works by examining information coming from and going to the Internet. It identifies and ignores information that comes from a dangerous location or seems suspicious. If you set up your firewall properly, hackers searching for vulnerable computers can't detect your computer.
There are three basic types of firewalls available today. The first step in choosing a firewall is to determine which one is best for you. Your options include:
- Software firewalls
- Hardware routers
- Wireless routers
To get started, answer these questions and record your answers:
- How many computers will be using the firewall?
- What operating system are you using? (This might be a version of Microsoft Windows®, Apple Macintosh, or Linux.)
That's it. You are now ready to start thinking about what type of firewall you would like to use. There are several options, each with its own pros and cons.
Windows Firewall (Windows XP Service Pack 2 only)
If you are using Window XP Service Pack 2 (SP2), the most updated version of Windows XP, you have a firewall built-in and turned on by default. To learn more about the Windows Firewall that comes with Windows XP SP2, read Understanding Windows Firewall.
Tip: If you haven't downloaded Service Pack 2, visit our Keep Up-To-Date section to learn how to get it.
If you are using Windows XP and you choose not to download Service Pack 2, you'll still have access to the Internet Connection Firewall (ICF) that's built into Windows XP, but you'll need to turn it on. For more information see Use the Internet Connection Firewall.
Note: The Windows Firewall and the Internet Connection Firewall are not available as a stand-alone package. They are also not available for other operating systems (for example, Apple Macintosh or Linux) or for versions of Windows other than Windows XP.
Software Firewalls
Software firewalls are a good choice for single computers, and they work well with Windows 98, Windows ME, and Windows 2000. (Windows XP has a built-in firewall, so an additional firewall is not necessary.)
Software firewalls are available from other software companies. For special offers on anti-virus and firewall packages, visit Microsoft's Security software: Downloads and trials page.
Pros:
- Does not require additional hardware.
- Does not require additional computer wiring.
- A good option for single computers.
Cons:
- Additional cost: Most software firewalls cost money.
- Installation and configuration may be required to get started.
- One copy is typically required for each computer.
Hardware Routers
Hardware routers are a good choice for home networks that will be connected to the Internet.
Pros:
- Hardware routers usually have at least four network ports to connect other computers together.
- Hardware routers provide firewall protection for multiple computers.
Cons:
- Requires wiring, which can clutter your desktop area.
Wireless Routers
If you have or are planning to use a wireless network, you will need a wireless router. Only a few wireless routers come equipped with a built-in firewall, so you may need to purchase a firewall separately.
Pros:
- Wireless routers allow you to connect computers, portable computers, personal desk assistants, and printers without using wiring.
- Wireless routers are excellent for connecting notebook computers to the Internet and networks.
Cons:
- Wireless devices broadcast information using radio signals that can be intercepted by someone outside of your home (with the right equipment).
- Using a wireless router requires you to use a wireless adapter in any computer that connects to it. Therefore, you may have to pay for extra equipment.
- Not all wireless routers come equipped with a built-in firewall, so you may have to purchase one separately.
Next Step: Start Using a Firewall Today
Connecting to the Internet can create dangers for the unaware computer user. Using a firewall can help reduce your risk. Installing a firewall is just the first step toward safer surfing online. You can continue to improve your computer's security by keeping your software up to date and maintaining a current anti-virus software subscription.
How Windows Firewall Works
When someone on the Internet or on a network tries to connect to your computer, we call that attempt an "unsolicited request." When your computer gets an unsolicited request, Windows Firewall blocks the connection. If you run a program such as an instant messaging program or a multiplayer network game that needs to receive information from the Internet or a network, the firewall asks if you want to block or unblock (allow) the connection. You should see a window like the one below.
If you choose to unblock the connection, Windows Firewall creates an exception so that the firewall won't bother you when that program needs to receive information in the future.
Tip: Although you can turn off Windows Firewall for specific Internet and network connections, doing this increases the risk to your computer's security.
What Windows Firewall Does and Does Not Do
| It does | It does not |
| Help block computer viruses and worms from reaching your computer. | Detect or disable computer viruses and worms if they are already on your computer. For that reason, you should also install anti-virus software and keep it updated to help prevent viruses, worms, and other security threats from damaging your computer or using your computer to spread viruses to others. |
| Ask for your permission to block or unblock certain connection requests. | Stop you from opening e-mail with dangerous attachments. Don't open e-mail attachments from senders that you don't know. Even if you know and trust the source of the e-mail you should still be cautious. If someone you know sends you an e-mail attachment, look at the subject line carefully before opening it. If the subject line is gibberish or does not make any sense to you, check with the sender before opening it. |
| Create a record (a security log), if you want one, that records successful and unsuccessful attempts to connect to your computer. This can be useful as a troubleshooting tool. | Block spam or unsolicited e-mail from appearing in your inbox. However, some e-mail programs can help you do this. Check the documentation for your e-mail program or see Fighting Unwanted Spam to learn more. |
Firewall Exceptions
If you're running Windows XP Service Pack 2 (SP2) the Windows Firewall is turned on by default. This means that most programs will not be allowed to accept unsolicited communications from the Internet unless you choose to list those programs as exceptions. There are two programs that, by default, are already added to the exceptions list and can accept unsolicited communications from the Internet: Files and Settings Transfer Wizard and File and Printer Sharing.
Because firewalls restrict communication between your computer and the Internet, you might need to adjust settings for some other programs that prefer an open connection. You can make an exception for these programs, so that they can communicate through the Windows Firewall.
Allowing Exceptions: the Risks
Each time you allow an exception for a program to communicate through Windows Firewall, your computer is made more vulnerable. To allow an exception is like poking a hole through the firewall. If there are too many holes, there's not much wall left in your firewall. Hackers often use software that scans the Internet looking for computers with unprotected connections. If you have lots of exceptions and open ports, your computer can become more vulnerable.
To help decrease your security risk:
- Only allow an exception when you really need it.
- Never allow an exception for a program that you don't recognize.
- Remove an exception when you no longer need it.
Allowing Exceptions Despite the Risks
Sometimes you might want someone to be able to connect to your computer, despite the risk-such as when you expect to receive a file sent through an instant messaging program, or when you play a multiplayer game over the Internet.
For example, if you're exchanging instant messages with someone who wants to send you a file (a photo, for example), Windows Firewall will ask you if you want to unblock the connection and allow the photo to reach your computer. Or, if you want to play a multiplayer network game with friends over the Internet, you can add the game as an exception so that the firewall will allow the game information to reach your computer.
To add a program to the exceptions list
- Click Start and then click Control Panel.
- In the control panel, click Security Center, and then click Windows Firewall.
- On the Exceptions tab, under Programs and Services, select the check box for the program or service that you want to allow.
If the program (or service) that you want to allow is not listed
- Click Add Program.
- In the Add a Program dialog box, click the program that you want to add, and then click OK. The program will appear, selected, on the Exceptions tab, under Programs and Services.
- Click OK.
Tip: If the program (or service) that you want to allow is not listed in the Add a Program dialog box click Browse, l ocate the program that you want to add, and then double-click it. (Programs are usually stored in the Program Files folder on your computer.) The program will appear under Programs, in the Add a Program dialog box.
As a Last Resort, Open a Port
If you still do not find the program, you can open a port instead. A port is like a small door in the firewall that allows communications to pass through. To specify which port to open, on the Exceptions tab, click Add Port. (When you open a port, remember to close it again when you are done using it.)
Adding an exception is preferable to opening a port because:
- It is easier to do.
- You do not need to know which port number to use.
- It is more secure than opening a port, because the firewall is only open while the program is waiting to receive the connection.
Advanced Options
Advanced users can open ports for, and configure the scope of, individual connections to minimize opportunities for intruders to connect to a computer or network. To do this, open Windows Firewall, click the Advanced tab, and use the settings under Network Connection Settings.
