You want to protect yourself with a more capable firewall than XP's Windows Firewall.
Using downloadable software
The Windows Firewall doesn't provide outbound protection, but the ZoneAlarm firewall does. To use it, after you install ZoneAlarm, click Firewall in the left panel and you'll get to choose the level of protection (from Low to High) you want for the Internet Zone and the Trusted Security Zone (for computers on your network, or that you trust for some other reason). The settings are self-explanatory.
When you start using ZoneAlarm, alerts (such as the one shown in Figure 13-9) will start popping up every time a program attempts to make a connection to the Internet. It will most likely be a program you are familiar with, such as Internet Explorer, Outlook Express, or a similar program. If it's a program you're familiar with and you want the program to always be able to access the Internet, click the box that reads Remember this answer the next time I use this program, and then click Yes to let the program access the Internet.
Figure 13-9. A ZoneAlarm warning
If it's a program you're unfamiliar with, or if you have no idea why it would be connecting to the Internet, click More Info. You might be asked whether you want to allow your browser to access the Internet. Click Yes, and you'll be sent to ZoneAlarm's site, which will offer some basic information about the alert. The general rule, though, is to allow only programs you are familiar with to access the Internet. If you've just launched a program that requires Internet access and you get the alert, let the program access the Internet. Or, you might want to let a program you've just installed contact the maker's web site for automatic updates and patches, if you like that sort of thing. But if the alert pops up for no reason at a random time and you're unfamiliar with the program, you should deny it access. You should also immediately run an antivirus program to see whether it can detect a Trojan.
If you allow the program to access the Internet, and you check the box so that you're not alerted next time, it will always be able to access the Internet. If you want to always be alerted when the program tries to access the Internet, don't check the box.
After you designate a program as always being allowed to access the Internet, it will be put onto a list that ZoneAlarm maintains about trusted programs. You can customize any program on that list, take programs off the list, or customize their security settings: click Program Control in ZoneAlarm's left panel, and click the Programs tab. You'll see a screen similar to Figure 13-10.
Figure 13-10. Customizing the way a program can access the Internet
Use this screen to customize how you'll allow each program to access the Internet. By inserting a check mark in the appropriate column, you can choose whether to allow the program to access the Internet or Trusted Zone, whether you want it to act as a server in the Internet or Trusted Zone, and similar features. A check mark means the program is allowed to access the Internet; an X means it's not allowed to access the Internet; and a ? means it should ask before being allowed to access the Internet.
XP's Windows Firewall has a serious deficiency: it can't monitor and block outbound traffic from your PC to the Internet. Many Trojans and other pests, including spyware, do their damage by installing themselves on your system and then allowing others to take control of your PC or by using your PC to attack web sites, servers, and other computers. The Windows Firewall won't offer you protection against these types of Trojans; it won't be able to tell when a Trojan is making an outbound connection, so the Trojan will be able to do its damage without your knowledge.
Other firewalls, however, will offer that protection. ZoneAlarm (available from http://www.zonealarm.com) offers a free version that provides excellent protection against inbound threats as well as against Trojans. It also tells you whenever someone is probing your computer for security holes and gives information about the prober, often including the IP address, and the nature of the probe.
The most important feature of ZoneAlarm is its ability to block outgoing traffic from your PC. That way, you can be sure a Trojan hasn't infected your PC and can't "call out" to make contact with someone malicious, or be used to attack others from your PC.
There are for-pay versions of ZoneAlarm, and there are other for-pay firewalls, such as the Norton Personal Firewall, and the McAfee Personal Firewall. The for-pay version of ZoneAlarm adds features such as virus protection and spam protection. But for basic firewall protection, the free version of ZoneAlarm is more than adequate.
Recipe 13.12 for setting up the Windows Firewall and Recipe 13.13 for using a Windows Firewall log