Understanding the Basic Features of Windows Vista's Firewall

All versions of Vista ship with a decent, capable — but not foolproof — stateful firewall called Windows Firewall (WF). WF's basic characteristics are as follows:

• WF's inbound firewall is on by default.

• Unless you change something, Windows Firewall is turned on for all the connections on your PC. So, for example, if you have a LAN network cable, a wireless networking card, and a modem on a specific PC, WF is turned on for all of them. The only way that Windows Firewall gets turned off is if you deliberately turn it off, or if the network administrator on your Big Corporate Network decides to disable it by remote control, or install Windows service packs with Windows Firewall turned off (which may be a good choice, in some cases).

• WF settings for inbound protection can be changed relatively easily. When you make changes, they apply to all the connections on your PC.

• On the other hand, WF settings for outbound protection make the rules of cricket look like child's play.

• WF kicks in before the computer is connected to the network. Back in the not-so-good-old days, a lot of PCs got infected between the time they were connected and when the firewall came up.

• WF has an inbound "lockdown" mode. By selecting one fairly easy-to-find Block All Incoming Connections check box, you can lock down your computer so that it only accepts incoming data that has been explicitly requested by programs running on your computer. Any attempt by outside programs to communicate with your computer gets rebuffed.

In practice, that means you can use Internet Explorer to look at Web sites, and you can send and receive e-mail and use instant messengers, as well as use printers and folders on your local network if you have one, but most other online functions are locked out. For example, if you use the Internet to play games with other folks who are online, or if you connect to your computer at work, locking down your PC prevents you from connecting. A lockdown even shuts down any connection to other computers or printers (or other shared devices) on the network. That's great if you're connecting in an airport and don't want other travelers to get at your Shared Documents folder. But it's a real pain at your home or office.

If you hear about a new worm making the rounds, you can easily lock down your computer for a day or two and then go back to normal operation when the worm stops ping-ponging around the Internet. You might need to deselect the Block All Incoming Connections check box long enough to print on a shared printer or to get at some data on your network, but you'll be essentially impenetrable whenever the Block All Incoming Connections check box is selected. If you're connecting to a strange network (say, using a wireless connection at a coffee shop or in a hotel), you can lock down while logged on and sip your latte with confidence.