Should you run the Windows Firewall, a third party firewall, or both?

“Which firewall should I use?” – it’s an interesting question. Microsoft are positioning the Windows Firewall (part of Windows XP service pack 2) as a major leap forward in terms of network protection, and it is; but there are many good third-party firewall products out there. Should you use the Windows Firewall? Should you use your third-party product? Should you use both?

According to the Windows IT Pro magazine network (formerly the Windows and .NET magazine network) Windows Tips and Tricks Update, Microsoft issued the following statement in response to such questions from their customer base:

“We strongly recommend that users run only one host firewall on their system. Yes, the XP SP2 Windows Firewall can coexist with third-party firewalls, but multiple firewalls don’t make you safer. Running multiple firewalls just means you have to configure the settings in multiple places (e.g., opening ports for each firewall you run). For anyone who wants to keep using a third-party firewall after installing XP SP2 – for example, because they like some of the extra features – we suggest they turn off the Windows Firewall. We have already advised third-party firewall vendors to programmatically turn off the Windows Firewall in their future releases, so this will eventually be automatic.

We don’t have any specific guidance as to whether people should use the built-in XP SP2 Windows Firewall or use a third-party product. We absolutely believe that people who don’t already have host firewalls should run the Windows Firewall in XP SP2. Almost all firewalls on the market (including the Windows Firewall) provide good security; it then boils down to what features and capabilities people want. The Windows Firewall, for example, doesn’t do any alerting or intrusion detection. Neither does it offer outbound filtering capabilities. The Windows Firewall focuses on preventing attacks from successfully penetrating a system, but it doesn’t do anything to protect systems once bad software is locally installed. Some other products also have better diagnostics and centralized reporting than the Windows Firewall (which has no reporting whatsoever). I don’t believe people are “safer” running third-party firewalls, but there may be some features in these products that they would like to have.”

Whatever the answer, in today’s climate, and in line with the security principle of defence in depth, we should all seriously consider the use of a firewall on all PCs, and the Windows Firewall is a good starting point.

One thought on “Should you run the Windows Firewall, a third party firewall, or both?

Leave a Reply