Inside XP: Internet Connection Firewall
Windows XP comes packed with a down and dirty firewall.
People are spending more and more time on the Web. Many of them use a DSL line or cable modem and are connected 24/7. Microsoft has acknowledged this by including a basic firewall with its latest operating system, Windows XP.
Internet Connection Firewall (ICF) is designed for the basic Windows XP user connecting to the Net, whether via a high-speed or standard dialup connection. You can choose to turn it on or off, but that's about it, unless you're a network administrator running a Windows network environment, in which case you have more options. But with a firewall, you don't really need many options; you just want it running in the background, quietly doing its job while you work on other things.
ICF is a virtual force field between your computer and the rest of the world. It lets in the information you request and keeps out basic attacks on your computer, such as port scans. To do this, Windows XP keeps a log of any information you request from the Internet -- when you check a webpage or email account, for example.
When information enters your computer, ICF checks with the log to see if it's something you've requested. If it is, ICF lets the request through. If ICF doesn't recognize the request, it drops it. It then records the activity in another log file, which you can check to see who's been snooping your computer. ICF uses Internet control message protocol (ICMP) to define what kind of communication to let through.
To test the mettle of ICF we ran a port scan on our IP address and came up with nothing. All our ports were hidden. With ICF running, we were definitely invisible to the world. We also used Shields Up, a commercial, online security check at Gibson Research, to test the integrity of our security.
ICF deliberately chose not to respond when Shields Up tried to open up our machine. According to Gibson Research, the XP machine was running in "full stealth mode," the most secure rating. It is important to note however, that Steve Gibson, the creator of Gibson Research, has some major problems with Windows XP security. You can read about them here.
For home users ICF is either on or off; you can't selectively open ports. But ICF allows administrators in enterprise environments to limit the control individual users have over their firewalls. You can define basic rules through group policy settings.
For example, you can make it so the individual's firewall comes on even when the person's computer is not connected to the corporate network, or make it so users can't turn off their firewall when they are connected. You can also set up support for software restrictions. You could make the computer refuse to open Visual Basic Script (VBS) files, which are commonly used in viruses. This could go a long way to make administrators feel like their network is safer.
While the firewall is mainly for home users, and ultimately it's not going to be as robust as some of the third-party firewall solutions out there (such as Zone Alarm and Black Ice), if you use Windows ICF in conjunction with one of these third party products, you're going to end up with a pretty hefty line of defense against malicious attacks on your computer.
One thing to note is that the XP firewall stops inbound code only, it doesn't block anything leaving your computer. If you infect yourself with a disk, or if something happens to slip through the firewall, like downloading a Trojan Horse (a virus embedded in another program), you could still send out malicious code to all your internet friends.
For anyone with a favorite third-party firewall, we recommend double-checking compatibility. Also, Microsoft has said that ICF disrupts many virtual private networks, so if you use VPN to log into a remote network, you might want to check compatibility issues as well.
Compatibility issues aside, Microsoft's ICF will keep your computer nearly invisible to any hackers or crackers who try to break into your system. It doesn't provide all the options that many third-party competitors do, and there's no outbound blocking, but it does provide a modicum of support. If you're online at all, and especially if you have a DSL line or cable modem, you'll find it's definitely a welcome addition to Windows XP, but we recommend looking toward third party solutions to beef up what Windows is offering.
It's where I do all of my software shopping.
