Windows XP SP2: A No-Brainer Upgrade? An Improved But Still Not Perfect Firewall Joseph Moran
An Improved But Still Not Perfect Firewall
The next key improvement SP2 offers is the Windows Firewall, which replaces the previous Internet Connection Firewall. For starters, the new firewall is turned on by default (although system vendors and network administrators have the means to override it). The fact that the firewall is automatically turned on may account for a significant number of the reports alleging that SP2 "breaks" applications, since the Windows Firewall automatically discards any inbound traffic that's not a response to an outbound request from the system.
Another important way the SP2's new firewall provides more comprehensive protection is that it uses a special boot-time filter to keep the system secure during system startup until the Windows Firewall is fully loaded and operational (or after the firewall has been unloaded during system shutdown). This is in contrast to the prior version of the firewall, which left your machine briefly unprotected during startup or shutdown.
The new SP2 firewall is also more user-friendly. You can easily add any installed program to a list of exceptions, allowing that program to receive communications from the outside. This method doesn't require you to know the specific protocols and ports an application uses. Moreover, when you specify an open port in the firewall, that port remains open whether the application is using it or not.
An application-based exception, on the other hand, is only valid when the application is running and waiting for a connection. If the application is closed, so is the port. You can also easily and temporarily disable all exceptions when you're in a potentially high-risk situation such as a wireless hotspot or other shared network.
In spite of its many improvements, it is worth noting that the Windows Firewall doesn't necessarily take the place of a third-party firewall. For example, unlike almost any decent standalone software firewall, the Windows Firewall doesn't allow you to restrict outbound traffic. Any traffic originating from inside the network and destined for the Internet is considered trusted. Therefore, the Windows Firewall won't protect you from, for example, a worm that uses its own SMTP engine to blast e-mail out of your machine on port 25, or from a previously-installed Trojan that's sending packets out to achieve its nefarious aims.
