Windows XP firewall
protects against port scanning but has limitations and it is no replacement for a robust 3rd-party two-way personal firewall.
Windows Vista Firewall
- The XP firewall is not a full featured firewall. Normal firewalls allow you to specifically control each TCP and UDP port but XPís firewall does not provide you with this capability. Instead, it takes a point and click approach to enabling or disabling a few common ports.
- The XP firewall does a good job of monitoring, examining and blocking inbound traffic but makes no attempt to filter or block outbound traffic like most 3rd-party personal firewalls.
- Thus, the XP firewall does not identify which programs attempt to initiate outbound network or Internet communications nor does it block the traffic when suspicious activity occurs.
- This feature can be helpful in preventing many types of malware attacks that may attempt to open ports or communicate with outside servers without the user's knowledge or consent. It also means that if your system has been compromised, a hacker could use your machine as part of a distributed denial of service attack.
- By default, Windows Firewall rejects all incoming traffic unless that traffic is in response to a previous outgoing request. If you're running Windows XP Service Pack 2 (SP2), Windows Firewall is turned on by default. If your Firewall is not turned on by default, then your using an unpatched OS and need to update your system to SP2.
offers two-way filtering for better security but its the bare minimum and still limited. By default, most outbound filtering is turned off (outbound connections are allowed
) and inbound filtering is turned on (inbound connections are blocked
). Configuration is confusing and there is no practical way to to configure outbound filtering to stop all unwanted outbound connections. You can only turn inbound filtering on or off, and through the various tabs, configure how inbound filtering works. Read Vista Firewall Fails on Outbound Security
and Windows Vista's half-cocked firewall
Choosing a firewall is a matter of personal preference, your technical ability/experience, features offered, the amount of resources utilized, how it may affect system performance and what will work best for your system. A particular firewall that works well for one person may not work as well for another. You may need to experiment and find the one most suitable for your use.
Before installing a 3rd-party firewall, make sure you turn off the the Windows firewall
. For instructions with screenshots, see How to turn off the Windows Firewall in SP2
or How to turn on or off the Windows Vista Firewall
Using two software firewalls on a single computer could cause issues with connectivity to the Internet or other unexpected behavior. Further, running multiple software firewalls can cause conflicts
that are hard to identify and troubleshoot. Only one of the firewalls can receive the packets over the network and process them. Sometimes you may even have a conflict that causes neither firewall to protect your connection. However, you can use a hardware firewall (your router) and a software firewall (Kerio or ZoneAlarm) in conjunction.