The XP firewall is a very
simple product. It provides basic protection in an effective and user-friendly
manner, but it has a distinct lack of options, especially when it comes to
adding extra security. About the only option that you might want to consider
setting is to turn on logging, which is disabled by default.
Go to 'start/control
panel/network and Internet connections/network connections' then right click on
your Internet connection (which should be at the top of the page) and select
Now go to the 'advanced' tab
and click on the 'settings…' button.
Choose the 'security logging'
tab and enable the log for dropped packets and successful connections. Note the
default location of the log at 'c:\windows\pfirewall.log' You can open this file
with notepad to view recent failed and successful attempts to access your
firewall. More on logs at the end of the article.
Strengthening the Service Pack 2 XP firewall
The newly upgraded Windows XP firewall is already superior to the original,
since it now detects and blocks unauthorized programs within your system that
are attempting to act as servers and allow connections from the Internet.
There are still not very many options for further increasing security
though. One option is to enable logging for the firewall, the control for
which can be found in the ‘advanced’ tab under ‘start\control panel\windows
A second more secure setting is the ‘block exceptions’ mode that can be set
on the main firewall configuration screen (‘start\control panel\windows
firewall) by checking the ‘don’t allow exceptions’ box. This will prevent
any program installed on your computer from acting as a server and allowing
connections from the Internet. While this may prevent some legitimate
applications from working correctly (Kazaa and other file-sharing programs being
one example) it will ensure that no unauthorized or malicious program can allow
Like The XP firewall, the basic
Zonealarm product has a limited set of customization options. There are a few
things you can do if you want to assure yourself of the maximum possible
protection though. Open Zonealarm, go to 'firewall/main' and click the
are a couple of options here that you may want to consider.
'Block Internet zone servers' will prevent any installed application from acting as
a server, ie. accepting connections from the Internet.
This overrules the settings in the program control
menu, and will almost certainly result in certain Internet applications like
Kazaa, Instant Messenger file transfers and Net Meeting not working correctly.
It does ensure that malicious software installed without your knowledge will not
be able to expose your data over the Internet though.
The other setting is 'lock host
file' which will prevent your system's HOST file from being changed. This can
thwart certain forms of browser hijacking software, but can also interfere with
certain above-board applications.