7
1
I used to use a third-party firewall like ZoneAlarm and some others whose names I forget, but their complexity ended up annoying me. Assuming one runs his computer as a normal user/powersuser, is it fine to just use the Windows XP built-in firewall?
guillermooo
Posted 2009-08-03T07:46:22.640
Reputation: 2 093
11
For inbound protection the answer would be : Yes, it is sufficient.
For outbound protection, the answer would be : No, insufficient.
Even the improved Windows Vista version of the firewall still scores poorly when it comes to outbound protection.
See the articles below for an in-depth analysis of the strengths and weaknesses of the Windows Firewall (applies to both XP and Vista):
Analysis: New Windows Vista Firewall Fails on Outbound Security
If you computer is virus and malware free to begin with, and you are vigilant about keeping a modern antivirus/malware suite constantly updated, then running the Windows Firewall alone should be sufficient.
GeneQ
Posted 2009-08-03T07:46:22.640
Reputation: 4 581
4
Yes, assuming you are fully patched the default firewall provided by Windows XP should be sufficient.
Sam152
Posted 2009-08-03T07:46:22.640
Reputation: 2 052
6Unless you need outbound filtering. Which is rare for home PCs, though. Anyway, companies like ZoneAlarm like to sell products and the easiest is by scaring people into buying it. And a firewall which annys the user ten times a day with some alert about an evil hacker it just fended off seems to work better for that purpose :) – Joey – 2009-08-03T08:04:09.993
4
The windows firewall will block all attemts to connect to your computer from the outside - those are the ones that might break into your previously unbreached system. If you're behind a NAT router (usually the case when you use WiFi), even that is not necessary, since the router has the same effect.
The only additional benefit a third-party firewall can offer is to alert/protect you when your computer is already infected with something that tries to "phone home" - but chances are that a real virus will disable the firewall anyway; and nowadays there's so much stuff that connects to the net in some form (often looking for updates) that any malicious activity probably gets drowned in the noise.
Michael Borgwardt
Posted 2009-08-03T07:46:22.640
Reputation: 3 047
+1 forget Windows Firewall; just concentrate on hardening the single chokepoint for most home networks, the router. – hyperslug – 2009-08-03T09:10:52.157
I'd definitely recommend a router. – Umber Ferrule – 2009-08-03T17:01:56.453
-1
I recently read something at windowsecurity.com that said it was insufficient and that you should get a second firewall. I have Outpost from Agnitum and it is great
The Green Frog
Posted 2009-08-03T07:46:22.640
Reputation: 954
may I suggest two things for you to get a better score: link the actual article from windowsecurity.com please. specify what makes outpost great compared to other firewalls (at least xp's) or remove it from the answer altogether. – n611x007 – 2012-09-02T12:00:16.007
2well, I would dispute that outbound "firewalling" is really necessary (or even fits the definition of the word) but it's a fair point – Jeff Atwood – 2009-08-18T11:06:53.383
Blocking outbound connections serves three purposes. One, it protects your information against anything that slipped through and is communicating out. Two, it save your bandwidth (although minor) against anything unwanted communicating out. Three, and most important, it can help protect other machines on your same network with the same vulnerability that got your machine infected. – MaQleod – 2011-04-08T19:14:33.267