Is Windows XP’s firewall good enough?
When talking about computer security, the answer always depends on your personal level of paranoia: No computer system is completely secure. Many people are satisfied with Windows XP’s built-in “one-way” firewall. It makes a fairly decent effort to keep people on the outside from getting into your computer.
Other firewalls, such as ZoneAlarm, work as a “two-way” firewall. They not only stop people from breaking in, but keep programs from breaking out: They alert you whenever a program in your computer tries to make contact with the Internet. Who cares?
Well, some people write viruses or “stealth” programs that run unnoticed in the background, sending information from your computer to the Internet. For instance, a “backdoor” program could silently copy all your keystrokes and send them to somebody else’s computer over the Internet. That person could then analyze your keystrokes for your credit card numbers, passwords, and other personal material.
Some viruses contain built-in mailing programs that mail a copy of themselves to everybody in your address book.
Since these connections start from inside your computer, Windows XP’s firewall wouldn’t catch them. It lets *any* program inside your computer connect to the Internet whenever it wants. But a two-way firewall alerts you whenever any of your programs start an Internet connection, letting you authorize or refuse the connection.
“Two way” firewalls are much more difficult to set up than Windows XP’s built-in “one-way” firewall. Windows XP and third-party programs connect to the Internet quite often; it’s not uncommon to have more than a dozen Internet connections taking place simultaneously. With a two-way firewall, it’s up to you to figure out which programs are legitimate or not. But if you want more complete control over your computer and its Internet connections, a two-way firewall might better serve your needs.
I’ve turned off Windows XP’s built-in firewall and use the two-way firewall, ZoneAlarm Pro.