There's a lot of talk about the new Windows Firewall that recently shipped with Windows XP Service Pack 2. Most people either love it or hate it. In this article, I'll review some of its pros and cons, and weigh just how valuable it is compared to third-party firewalls.
Personally I like what Windows Firewall has to offer. Some of its must-have features include stateful inspection, logging, customizable rules, and minimal impact on memory and network performance (based on my unscientific tests). It's also enabled by default. This makes for a simple-to-use tool that contributes to a decent security setup, which is important considering all the users who could care less about they're role in the overall information security problem. (Not that I feel strongly about it or anything.)
Yet several complaints have been made against Windows Firewall, including its failure to protect outgoing traffic. For instance, if a Trojan horse or some other form of malware is installed on a computer, it could have free and open access to communicate out to the Internet, possibly sending personal and confidential information to a third-party site.
Conversely most commercial personal firewalls offer application protection for outbound requests. The problem with this type of firewall is that it prompts the user if malware tries to communicate with the Internet, and ultimately inundates him with legitimate network communication requests. Based on what I see over and over again, users who are prompted with a message, such as "XYZ application needs to access the Internet. Do you wish to allow this (Y/N)?" are going to select "yes" or "ok" almost every time regardless of the outbound communication's legitimacy. Just look at all the Internet Explorer default homepages being changed and spyware infestations occurring. The average user is click happy. He just wants to get that annoying prompt off the screen, and will do whatever it takes to make that happen without thinking about the consequences.
Another complaint is that Windows Firewall fails to fix everything and make Windows nice and secure. It's a great start but firewalls are just a tiny piece of the security puzzle. A basic yet strong configuration for most Windows systems is to run Windows Firewall with malware protection, including antivirus and antispyware programs like Spybot and PestPatrol. Implement this kind of layered protection combined with practical security measures -- like managing patches, creating strong passwords, securing file permissions and encouraging ongoing security-awareness training -- will keep most Windows systems pretty darn secure.
I do like that third-party personal firewalls are feature-rich; vendors make more money by offering protocol-anomaly detection and outgoing-application protection, for instance, keeping them a few steps ahead of Microsoft. This is great for innovation, and we, the customers, benefit. I think we'll see even more advanced features such as these -- and perhaps even centralized alert and log management -- in Windows Firewall from Bill and his buddies in the future. But I'm not going to hold my breath.
Windows Firewall is not without its flaws, and it doesn't have the more advanced protection and fancy features most commercial personal firewall products offer. It can be disabled by third-party software (and thus hackers), and I'm sure we're going to see some highly-publicized vulnerabilities related to it in the future. However, I believe in using third-party applications for protection only if if Microsoft's built-in protection measures don't offer any value. That isn't necessarily the case here. Considering the massive apathy toward information security (the root cause of our vulnerabilities in the first place), the new features I've seen in Windows Firewall are a step in the right direction.
For those of us aware of security threats, we can always turn Windows Firewall off if we don't want it or need it. For those who don't realize what can happen ... well, they're getting free protection that will help us all in the long term.
About the author
Kevin Beaver is the founder and principal consultant of the information security services firm Principle Logic, LLC based in Atlanta, GA, where he specializes in information security assessments and incident response, as well as a resident expert on SearchWindowsSecurity.com. He has over 16 years of experience in IT and is the author of several books on information security, including "Hacking for dummies" by John Wiley and Sons. Kevin can be reached at firstname.lastname@example.org or ask him a question on Windows security threats today.
For More Information
Ask expert Kevin Beaver your Windows security threats questions.