A firewall is a piece of software or hardware that sits between you computer
and the internet, and only allows certain types of things to cross it. It’s
about protecting you from them, where “them”
is the malicious folk on the internet. A correctly configured firewall does not
block your access out to the internet – you should be able to browse
the web, for example, without interruption. The firewall prevents access from
somewhere on the internet to you. That’s not to say people can’t send you mail
– they can because you access your mail through the internet when you
retrieve or download it. It does mean that people can’t copy files
directly to your PC, or cause programs to be run on your machine.
As I’ve discussed
before, I think it’s critical that if you’re on a broadband internet
connection you make sure that you are behind a firewall. If you’re using a
public WiFi hotspot, it’s a good idea and there are even times when it makes
sense to use a firewall on a dial-up connection.
The question is, what firewall to use?
The answer varies.
Become a Patron of Ask Leo! and go ad-free!
For broadband connections (which include cable and DSL and other always-on
and high-speed connections) I recommend that you use a router that supports or
provides network address translation or NAT. Normally, a router is thought of
as a connection sharing device, used to share a single internet connection
among several computers. But even if you have only one computer, the NAT
functionality in your router effectively “hides” your computer from many of
threats on the internet.
My routers are all LinkSys routers. In particular,
I have installations running both the 802.11b Wireless Access Point Router with 4-Port Switch,
as well as EtherFast Cable/DSL Router with 8-Port
Switch. I’ve been quite happy with both. I’ve also heard good things about
the support for the faster wireless standard 802.11g.
In some cases, you’ll want to consider a software firewall. Software
firewalls monitor the data traversing the network connection on your machine.
They block incoming traffic that isn’t explicitly allowed, and can also warn
you of unexpected attempts to access the internet from your
The built-in Windows Firewall in Windows XP is a fine, free, basic solution.
It is, in fact, what I use when I visit a WiFi hotspot, or connect to some
other network I’m not totally certain is safe. It’s also a good solution if
you’re connected via dial-up for long periods of time.
Note: in all cases, hardware or software, built-in or
add-in, it’s going to be important to know how to configure your firewall
properly. Firewalls are the leading cause for certain functions, such as
instant messaging, or audio connections, from working. These are typically
easily fixed with a quick configuration change within the firewall. Make sure
to take the time to understand the documentation that accompanies your
Finally, when you believe you’re protected, or even if you know you’re not,
you should visit Gibson Research and run “Shields Up” – a
vulnerability analysis. It will try to access and analyze your computer from
the internet, and enumerate for you exactly how you are vulnerable, and
potential steps you can take. It tends to be a little techie, but it’s worth