10.2. Windows Firewall: All VersionsIf you have a broadband, always-on connection, you're connected to the Internet 24 hours a day. It's theoretically possible for some cretin to use automated hacking software to flood you with files or take control of your machine. Fortunately, Vista's firewall feature puts up a barrier to such mischief. The firewall acts as a gatekeeper between you and the Internet. It examines all Internet traffic, and lets through only communications that it knows are safe; all other traffic is turned away at the door. Tip: Truth is, you may not technically need a software firewall like this. Do you have a router that distributes your Internet signal through the house (page 700)? If so, it probably also has a hardware firewall already protecting your entire network. Still, there's no harm in having both a hardware and software firewall in place. 10.2.1. How It WorksEvery kind of electronic message sent to or from your PCinstant messaging, music sharing, file sharing, and so onconducts its business on a specific communications channel, or port . Ports are numbered tunnels for certain kinds of Internet traffic. The problem with Windows before Vista came along was that Microsoft left all of your ports open for your convenienceand, as it turns out, for the bad guys'.` In Vista (and in Windows XP Service Pack 2), all the ports arrive on your PC closed . The firewall blocks or permits signals based on a predefined set of rules. They dictate , for example, which programs are permitted to use your network connection, or which ports can be used for communications. Vista's firewall is a big improvement over the Windows XP firewall, because it protects both inbound and outbound traffic. (The Windows XP firewall handled only inbound traffic.) You might wonder why you should care about outgoing signals; after all, how can your computer be harmed by sending information to the Internet? The reason is that some spyware, Trojans, and malicious software "phones home"that is, it lives on your PC without your knowledge, then sends out an invisible note telling the world it's ready to be used to attack your PC. Some may try to attack other computers near itand because computers on a Work or Home network are more trusting of each other, they're running with their defenses down (page 359). A remote intruder can then take control of your computer. (One common trick is to turn your PC into a zombie: basically a spam relay station. Your PC could be pumping out millions of junk-mail messages a day, and you wouldn't even know it.) In addition, some types of spyware watch everything you do on your PC, and then send that information out to a hacker. The Windows Vista Firewall, however, blocks those outbound connections. You don't need to do anything to turn on the Windows Firewall. When you turn on Windows Vista, it's already at work. But the Windows Firewall can be turned off. To make sure that it's running properly, choose Control Panel Security Windows Firewall. If its working properly, a green message tells you so. If it's turned off, a red message lets you know. To turn the firewall on and off, click Change settings, and make your selection. 10.2.2. Punching Through the FirewallThe firewall isn't always your friend. It can occasionally block a perfectly harmless program from communicating with the outside worlda chat program, for example. Fortunately, whenever that happens, Windows lets you know with a message like the one shown in Figure 10-2. Most of the time, you'll know exactly what program it's talking about, because it's a program you just opened yourself . In other words, it's not some rogue spyware on your machine trying to talk to the mother ship. Click Unblock and get on with your life.
10.2.3. Fine-Tuning the FirewallIf you're willing to root around in a little techie underbrush, you can learn a lot, and perfect the firewall, using Windows Firewall settings (Figure 10-3). Get there by going to Control Panel Security Windows Firewall Change Settings, and then authenticate yourself (page 191). Heres what you can do with each tab:
|