I’m really confused. With the new Windows XP SP2 Security Alert
System, do we still need a firewall to stop outbound traffic? If we get a
router, (LINKSYS), does that take care of everything, which means we need to
disable Windows Firewall to avoid false alarms?
There’s a lot of misunderstanding about firewalls, routers, and other
security software. When Windows XP service pack two was released it definitely
put security and particularly the firewall, “in your face”. Subsequent releases
of Windows now also include the firewall and turn it on by default.
It’s a great opportunity to find out what you need … and what you
A firewall filters network traffic. A previous article “What’s a firewall, and how do I set one up?” covers this in more detail, but the bottom line is that a firewall primarily protects you from certain classes of incoming network-based problems.
Every computer should be behind a firewall of some sort.
In general, hardware firewalls, typically provided by NAT routers, keep malicious network traffic from ever reaching your computer, whereas software firewalls, such as the Windows Firewall, discard malicious traffic after it has actually arrived at your computer.
But you don’t need both.
If you have a router with network address translation, or NAT, enabled (most consumer grade routers do, by default) then there’s no need to enable the Windows firewall. In fact, you can tell the new Windows Security Center that you’ll manage your firewall yourself.
If you’re not behind a router or other firewall, you’ll at least want to turn on the Windows firewall. This is what I do when I take my laptop with me on the road – not being sure of exactly what I’m connecting to, the firewall protects me from network based threats.
Now, one word in the original question is worth a comment: “outbound”.
Consumer grade routers will keep you safe from threats that are incoming from the network, but will not filter or warn you of any malware already on your machine attempting to connect out. The Windows firewall has a limited amount of outbound traffic alerts, and other software firewalls that you can install separately to use instead of the Windows Firewall can be configured with a wide array of outgoing protection.
There’s a wide variety of opinion on this, but personally, I’m quite happy simply behind a router and with no outgoing threat monitoring.
But regardless, you do need a firewall; be it an external router, a software package that you install, or at a minimum simply enabling the Windows Firewall already present on your machine.
(This is an update to an article originally published in September of 2004.)