Windows XP Internet
Connection Firewall
A firewall, which can be based on hardware, software or both, protects against unauthorized access to private networks. Internet users commonly use them while connected to the internet. There are many commercial products you can choose from, as well as several freeware software products. I use ZoneAlarm Professional, but you can try the free for personal use version called ZoneAlarm. It is available for download at www.zonelabs.com and can be upgraded to the Professional version for an affordable fee which is well worth the protection it provides. A firewall is especially important if you have a broadband internet connection, such as Cable or DSL, where it is much easier to get infected with viruses, trojans, adware and spyware.
When you go to the Windows Update website and click on “Protect your PC 3 steps to help ensure your PC is protected”, you will notice that “Use an Internet Firewall” is first on the list.
Well, Microsoft has integrated a built-in firewall into Windows XP called
the “Internet Connection Firewall” which is described in the following
Microsoft Knowledge Base article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;320855
Description of the Windows XP Internet Connection Firewall
If you have more than one computer on a home network which uses a Windows XP
computer that provides Internet Connection Sharing, then Microsoft recommends
that you use the Internet Connection Firewall on the computer that connects
directly to the internet. It can also
be used on a single computer, which connects to the Internet. Microsoft says you should not use the
Internet Connection Firewall in a VPN (Virtual Private Network) connection,
because the firewall interferes with file sharing and other VPN functions.
The firewall provided by Windows XP only protects you from unsolicited traffic
that originates from outside your network (or single computer.) This stops common hacking methods such as
port scanning. But it is not designed
to monitor outgoing requests for connections that your computer sends, so if
your system has been "invaded" by some sort of spyware or trojan
program, it will not drop that outgoing traffic. This is one of the reasons I do not use the XP built-in firewall
and instead continue to use ZoneAlarm.
The XP firewall may interfere with the operation of your email client, since
some clients rely on arrival of email notifications from outside sources on the
internet, namely the mail server. Thus
Microsoft Outlook 2000 will not work properly with the firewall active. However, Outlook Express -- which
periodically sends out polling messages to the mail server to learn whether new
mail messages have arrived -- will not be interfered with when the firewall is
activated.
You can configure the XP firewall to accept certain unsolicited incoming
traffic communications by creating an entry on the Services tab. You can also
allow various ICMP (Internet Control Message Protocol) functions by putting
check marks on the ICM tab next to:
- Allow incoming echo request
- Allow incoming timestamp request
- Allow incoming router request
- Allow redirect.
You can configure the XP firewall to maintain security logs of both traffic
that was permitted and traffic that was rejected.
This Microsoft Knowledge Base article describes how the XP Firewall may be
enabled or disabled (it is enabled by default):
http://support.microsoft.com/default.aspx?scid=kb;en-us;283673
HOW TO: Enable or Disable Internet Connection Firewall in Windows XP
Basically, to turn off the firewall on an existing connection (which shows up
on your Start Menu) click the Start button, then select the link for Connect
to, right click the connection you want to configure, click Properties, click
the Advanced tab, then click to remove the check mark next to Protect my
computer and network by limiting or preventing access to this computer from the
Internet.
