|
All versions of Vista ship with a decent, capable — but not foolproof — stateful firewall called Windows Firewall (WF).
What's a stateful firewall? At the risk of oversimplifying a bit, a stateful firewall refers to an inbound firewall that remembers. A stateful firewall keeps track of packets of information coming out of your computer and where they're headed. When a packet arrives and tries to get in, the inbound firewall matches the originating address of the incoming packet against the log of addresses of the outgoing packets to make sure that any packet allowed through the firewall comes from an expected location. Stateful packet filtering isn't 100 percent foolproof. But it's a very fast, reliable way to minimize your exposure to potentially destructive packets.
WF's basic characteristics are as follows:
- WF's inbound firewall is on by default.
- Unless you change something, Windows Firewall is turned on for all the connections on your PC. So, for example, if you have a LAN network cable, a wireless networking card, and a modem on a specific PC, WF is turned on for all of them. The only way Windows Firewall gets turned off is if you deliberately turn it off, or if the network administrator on your Big Corporate Network decides to disable it by remote control or install Windows service packs with Windows Firewall turned off (which may be a good choice, in some cases).
- WF settings for inbound protection can be changed relatively easily. When you make changes, they apply to all the connections on your PC.
- On the other hand, WF settings for outbound protection make the rules of cricket look like child's play.
- WF kicks in before the computer is connected to the network. Back in the not-so-good old days, a lot of PCs got infected between the time they were connected and when the firewall came up.
- WF has an inbound "lockdown" mode. By selecting one fairly easy-to-find Block All Incoming Connections check box, you can lock down your computer so that it only accepts incoming data that has been explicitly requested by programs running on your computer. Any attempt by outside programs to communicate with your computer gets rebuffed.
In practice, that means you can use Internet Explorer to look at Web sites, and you can send and receive e-mail and use instant messengers, as well as using printers and folders on your local network if you have one, but most other online functions are locked out. For example, if you use the Internet to play games with other folks who are online, or if you connect to your computer at work, locking down your PC prevents you from connecting. A lockdown even shuts down any connection to other computers or printers (or other shared devices) on the network. That's great if you're connecting in an airport and don't want other travelers to get at your Shared Documents folder. But it's a real pain in the neck in your home or office.
 | If you hear about a new worm making the rounds, you can easily lock down your computer for a day or two and then go back to normal operation when the worm stops ping-ponging over the Internet. You might need to deselect the Block All Incoming Connections check box long enough to print on a shared printer or to get at some data on your network, but you'll be essentially impenetrable whenever the Block All Incoming Connections check box is selected. If you're connecting to a strange network (say, using a wireless connection at a coffee shop or in a hotel), you can lock down while logged on and sip your latte with confidence. |
|
