Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


Is the Windows XP inbuilt firewall any good? by jrbarnett
Posted: 7 Jan 04 (Edited 10 Oct 04)

The original Windows XP firewall, pre SP2
Windows XP includes a built in firewall which can be enabled on dial up and network connections. A common question relates to whether it is good enough or whether it is worth the time installing and configuring a third party solution such as ZoneAlarm, Kerio or Tiny Personal Firewall.

There are two aspects to a good firewall. The first is hiding the computer from others on the network. On this aspect, the Windows XP firewall works fine. It can be used to conceal the computer from others on the internet, and port scanners won't find a machine on its particular IP address.
The firewall can be configured to open specific ports if you have an application that you want to allow other people to access, such as a local web server.

The other aspect to a firewall is authenticating outgoing connections, ie whether in built software is permitted to
connect to the external network or not.  
Windows XP's built in firewall doesn't attempt to authenticate specific applications, and so it is as useless as a chocolate teapot if viruses or spyware has found its way onto the computer.  It will, however, stop a system become infected with the Blaster or Sasser viruses if enabled prior to first internet connection, even if it is only an interim solution before you get a different package.

Third party firewall applications will "fingerprint" executable files and only allow them to connect out if their fingerprint matches one already in the database, or ask the system operator depending upon how they are configured.

Overall, if your system is mission critical and is used outside a corporate environment, then my recommendation would be to install third party software and spend the time configuring it.
If you are inside a firewalled environment, then it is probably not worth enabling the built in one, because anything should be covered at the firewall.

Windows XP Service Pack 2
XP Service pack 2 was released in August 2004. This includes a far more comprehensive firewall with authentication of applications contacting external sites.
If you have no third party firewall software installed, it is worth getting hold of it and updating, not just for this though.

Back to Microsoft: Windows FAQ Index
Back to Microsoft: Windows Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close