Why the Windows Firewall comes up short
My previous post on free alternatives to Windows' built-in utilities confused the Windows Firewall with Windows Defender, which protects against viruses. (My thanks to the folks who pointed out the error.)
The fact is, I stopped paying attention to both programs a long time ago. First, I decided security is too important to leave up to Microsoft. Second, I can do without the hassle of managing separate applications for various security tasks. To me, the time I recover repays the cost of a security suite many times over.
So what's wrong with the Windows Firewall? It doesn't monitor outbound connections by default, and not at all in Windows XP. You can change some Windows Firewall settings in the Security Center (click Windows Firewall in the left pane and then choose "Change settings"). However, the majority of firewall settings are accessed via the Administrative Tools Control Panel applet, which you can open in Vista by pressing the Windows key, typing wf.msc, and pressing Enter.
The Windows Firewall with Advanced Security applet lets you customize the security program's rules.
(Credit: Microsoft)The best reason to use a third-party firewall is because they're clearly better than the Windows Firewall, and several are free. Top Windows Tutorials compares the XP and Vista versions of the Windows Firewall to the ZoneAlarm and Outpost firewalls. (Note that the free version of the Outpost Firewall is no longer supported.)
The top-rated firewall in Matousec Security's most recent shootout is the free Online Armor Personal Firewall, which was the only product to merit a rating of "excellent." Seven other software firewalls were rated "very good," two of which are also free.
You'll find technical details about the Windows Firewall in this Microsoft TechNet article and information on customizing the program in this article on the same site.
Microsoft offers a troubleshooting tool for the Windows Firewall in XP. If you're having problems with Vista's built-in firewall, check out this troubleshooting guide on Microsoft's TechNet site.
Dennis O'Reilly has covered PCs and other technologies in print and online since 1985. Along with more than a decade as editor for Ziff-Davis's Computer Select, Dennis edited PC World's award-winning Here's How section for more than seven years. He is a member of the CNET blog Network, and is not an employee of CNET. 
Why manage any security program at all? Vista will do it for you. How often are you changing your firewall settings? Isn't it like a set it once and forget it thing? My comps update, defend, backup, defrag, and index all by their self. Vista has background tasks. It doesn't make much sense to me to turn that all off and then complain that it's too difficult to manage. If it's so difficult then just let the OS do it. Turn on filtering and forget about it. I think this is why UAC bugs so many people. They're playing around with their settings all day instead of getting to work.
For example, every time I start a newly installed program that accesses the net I get a security alert asking me if I'd like to block or unblock that program from accessing the net. Vista remembers this. I never hear of it again. Now was that so hard? Don't you get this alert? Did you turn this off and think you could do it better yourself?
Besides malware could already get around outbound filtering if it really really wants to. So, I'm not sure the worry is justified. Ever click a link in your instant messenger program and it sends your web browser directly to that link? That's how a malicious program can get around your outbound filtering. It just has some other program that isn't blocked send the data. You can send data in a URL request via HTTP GET and just tell IE to visit that URL. Unless of course you've blocked all your web browsers lol?
I take viruses and malware off about two computers a month. Every single one has anti-virus software. EVERY SINGLE ONE! I have never had to remove malware from a system that didn't have security software. EVER! It appears that stuff doesn't work if the user is a moron. No, I don't trust MS to keep me safe. I also trust the router firewalls I'm behind. See, Most users are behind at least two or more firewalls. The OS firewall, the router firewall, and the broadband modem firewall depending on if you have to bridge that or not. What makes you think I was only behind one firewall? What made you think anyone was?
Imagine this: you have your home network with several machines on it, none running firewalls. A friend stops by with an infected laptop and uses your WIFI.
Oops.
This has happened to a lot of businesses that only worry about security at the perimeter.
Just because a tool requires a bit of knowledge to use it doesn't make it a bad tool - trying to say Vista's firewall is useless because you don't know what half of it's features do is like trying to say a tank is useless because you don't know how to drive it.
- by KeithDriscoll March 31, 2009 11:26 AM PDT
- I'm not a huge Microsoft fan but I am practical and it doesn't require a genius to understand that security is vital to the success of all their products. However they cannot ship Windows with a built in Firewall that pops up every 5 minutes like Comodo does. If you want to use Windows Firewall just configure the advanced functions. If you are unsure how to do this - hire an IT guy or get a knowledgeable friend to help.
- Reply to this comment
-
(9 Comments)"The best reason to use a third-party firewall is because they're clearly better than the Windows Firewall" - just doesn't cut it for me.
Windows Firewall is sufficient for most average users and every time I have installed a "more concrete" Firewall for an end user or client I get numerous calls and complaints about the pop-ups. Not to mention that these pop up questions need to be answered correctly by the end user.