It is true that the XP "ICF" or firewall isn't the best. It is better than nothing. What the XP SP2 ICF doesn't do that a full-blown firewall does: a) give you an event log in a manner that is easily readable to the non-expert networking person. b) give you any configuration or control over outbound packets or connections. Most all "full blown" firewalls allow you to configure allowable outbound traffic destination addresses/networks/sockets/ports/protocol numbers. This is useful if you do get a trojan or bot slipped into one of your machines via email or other source; when the trojan tries to connect to the outside world, an outbound-blocking firewall will catch the attempt, prevent it and tell you about it. When you see this odd traffic, you know you have a problem and since a real firewall will log all IP source addresses, you'll know exactly which machine is infected. c) protect against denial-of-service attacks. Increasingly, "full blown" firewalls are not only fully blocking traffic that you don't want, they'll throttle traffic that you do allow, and detect such things as TCP syn attacks. For all that, Windows ICF is better than nothing in it's place. As for what firewalls I like: for starters, I don't like running a firewall on the machine that I'm using to browse/email/whatever on the Internet. Because of the way attackers go after machines, I want some sort of firewall/router/appliance between me and my network connection, preferably one without a disk or Windows as an operating system. |