Install a Software Firewall
One thing a hardware firewall can't do is stop a malicious program that's using standard open ports on your system, such as a mass-mailing worm that's sending mail through the same port used by your e-mail client. But a software firewall can do this, because it knows which specific programs are allowed to talk to the Internet and in what ways. That's why it's such an important part of your protection scheme.
Windows XP offers a built-in firewall, which is turned on by default in all new systems that come with Service Pack 2. (To make sure it's on, launch the Security Center from the Control Panel, then click on the Firewall heading and make sure ON is selected.) Vista, the latest OS from Microsoft, has a vastly improved firewall that is bi-directional and integrated with IPsec.
The Vista firewall is good, but the XP firewall is only a solid temporary measure. Like hardware firewalls, the XP firewall is strictly designed to protect against outside attacks. It can only block incoming traffic. Therefore, I recommend that every computer run third-party personal firewall software instead. In addition to enhancing protection from outside attacks, these firewalls block betrayal from within your PC by Trojans, spyware, or other unauthorized programs. If you decide to run a third-party firewall, disable the XP firewall.
Sygate (purchased & discontinued by Symantec) offers a free version of its personal firewall product, as does ZoneLabs (ZoneAlarm), Agnitum (Outpost), and Sunbelt (Kerio). I still use Sygate on a few systems. I found it to be the most balanced personal firewall. Full-price firewall software generally offers more advanced features; for example, ZoneAlarm Pro 6.5 ($49.95 direct; www.zonelabs.com) and Norton Personal Firewall 2006 ($49.99 direct; www.symantec.com ) can automatically configure program access for known good (or bad) programs. The firewall may include additional safeguards, such as identity protection, Web site filtering, and ad blocking. Explore the options available in your particular firewall and make sure they're set for appropriate protection. I still like Sygate, which can be downloaded from here. If you are uncomfortable with using a firewall that is not supported, I've heard that the free offering of Kerio (www.sunbelt-software.com) is good.
Back to Security