| P. | What is a firewall? |
| R. | A firewall is a piece of software or hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. If you are a home user or small-business user, using a firewall is the most effective and important first step you can take to help protect your computer. It is important to turn on your firewall and antivirus software before you connect to the Internet. |
| P. | Why do I need a firewall? |
| R. | If your computer is not protected when you connect to the Internet, hackers can gain access to personal information on your computer. They can install code on your computer that destroys files or causes malfunctions. They can also use your computer to cause problems on other home and business computers connected to the Internet. A firewall helps to screen out many kinds of malicious Internet traffic before it reaches your computer. Some firewalls can also help to prevent other people from using your computer to attack other computers without your knowledge. Using a firewall is important no matter how you connect to the Internet — with a dial-up modem, cable modem, or digital subscriber line (DSL or ADSL). |
| P. | How can I tell if my computer already has a firewall? |
| R. | If you have Windows Vista or Windows XP Service Pack 2 (SP2) running on your computer, you can check to see if your firewall is turned on through the Windows Security Center: 1. | Click Start, and then click Control Panel. | 2. | Click Security Center, and then click Windows Firewall. |
If you have Windows XP, but you don't have Service Pack 2 running on your computer, you can download it by visiting Microsoft Update. You can also take the following steps to make sure the firewall is turned on: 1. | Click Start, and then click Control Panel. | 2. | Click Network and Internet Connections, and then click Network Connections. Tip If the Network and Internet Connections category is not visible, click Switch to Category View in the upper left corner of the window. | 3. | Under the Dial-Up or LAN or High Speed Internet category, click the icon to select the connection that you want to help protect. | 4. | In the task pane on the left, under Network Tasks, click Change settings of this connection (or right-click the connection you want to help protect, and then click Properties). | 5. | On the Advanced tab, under Internet Connection Firewall, make sure the box is checked next to Protect my computer and network by limiting or preventing access to this computer from the Internet. If a check mark is in the box, the firewall is on. If the box is clear, the firewall is off and your computer is potentially vulnerable on the Internet. |
If you have a different version of Windows, such as Windows 2000, Windows Millennium Edition, or Windows 98, you should obtain a hardware or software firewall from another company and install it. You can check the manuals of your home networking devices, such as wireless access points or broadband routers, to determine if they include built-in hardware firewalls. If you don't know if a software firewall is on your computer, you can check in the All Programs folder. Click Start, and then click All Programs. Look for a firewall program. Some common brand names for software firewalls for home users include McAfee, Symantec, and Tiny Personal Firewall. |
| P. | I have a version of Windows that does not have a built-in firewall. What should I do? |
| R. | Versions of Windows before Windows XP did not come with a built-in firewall. If you have a computer that runs an earlier version of Windows, such as Windows 2000, Windows Millennium Edition (Me), or Windows 98, you should get a firewall and install it. You can use a hardware firewall or a software firewall: Hardware firewalls Many wireless access points and broadband routers for home networking have built-in hardware firewalls, which provide good protection for most home networks. Software firewalls A software firewall is a good choice for single computers. Software firewalls work well with Windows 98, Windows Me, and Windows 2000. (Windows XP has a built-in firewall, so an additional firewall is not necessary.) Software firewalls are available from other software companies. For special offers on antivirus and firewall packages, visit our Security software: Downloads and trials page. To learn more about different types of firewalls, read How to choose a firewall. |
| P. | How can I tell which version of Windows I'm running? |
| R. | If you don't know whether your computer is running Windows XP or an earlier version of Windows, take the following steps: | • | Click Start, and then click Run. | | • | In the Run dialog box, type winver. Click OK. |
A dialog box appears that tells you which version of Windows software is installed on your computer. |
| P. | How do I start using the firewall in Windows XP? |
| R. | If you're running Windows XP SP2, Windows Firewall is already turned on. For more information, see Understanding Windows Firewall. If you're running Windows XP without SP2, you can download SP2 from Microsoft Update for free. |
| P. | How does Windows Firewall work? |
| R. | Windows Firewall monitors all network traffic on the connections for which it is enabled. The firewall keeps track of all communications that have originated from your computer, and it prevents unsolicited traffic from reaching your computer. If necessary, the firewall dynamically opens ports and allows your computer to receive traffic that you have specifically requested, such as a Web page for which you have clicked the address. A "port" is a networking term that identifies the point at which a type of network traffic reaches your computer. The exact ports that you open depend on the type of traffic you want to send and receive. If you have not requested the incoming traffic, Windows Firewall helps block it before it can reach your computer. For special uses, such as networking, hosting online games, or hosting your own Web server, you can select ports that you want to leave open. This allows others to make connections to your computer, but it can also reduce security. Windows Firewall is part of Windows XP SP2 Home Edition and Windows XP SP2 Professional. To learn more read Using Windows Firewall and How to manually open ports in Internet Connection Firewall in Windows XP. |
| P. | What else do I need besides a firewall? |
| R. | A firewall will not make your computer completely safe. However, a firewall provides the most effective first line of defense. You should install a firewall first, and then add other security measures, such as updating your operating system, installing antivirus software such as Windows Live OneCare and antispyware software, such as Windows Defender. Windows Defender comes with Windows Vista and it is available as a free download for Windows XP SP2. You can use automatic updating to help make sure you are installing the available updates. See the Protect your Computer for more information. |
| P. | Should I use a firewall if I have more than one computer in a home or small-office network? |
| R. | Yes. If you have more than one computer in a home or small-office network, you should protect every computer in the network. Turning on Windows Firewall or another firewall on every connection will help prevent the spread of a virus from one computer to another in your network if one of your computers becomes infected. However, if you open an infected e-mail attachment, the firewall won't block it and it can infect your computer. You should install an antivirus program as well. |
| P. | I use Internet Connection Sharing in my home network—which computers must have a firewall? |
| R. | All computers in your home network should be protected by a firewall. A firewall helps to prevent the spread of viruses or worms across your network if they infect one computer. A computer on the network could also become infected through a separate Internet connection, such as a laptop that is used on your home network and on public networks. Or, a virus could be introduced to a computer on your network through software installed from a CD or floppy disk. |
| P. | Should I turn on Windows Firewall on all computers on my home network? |
| R. | Yes. If you have multiple network connections on any of your computers, you should turn on the firewall for each connection. If you're running Windows XP SP2, Windows Firewall is turned on automatically and it should not interfere with common tasks like file and print sharing. For more information, see Understanding Windows Firewall. If you're not running Windows XP Service Pack 2, Internet Connection Firewall can interfere with file and print sharing and prevent your computer from finding other network devices. To allow these types of uses, you can manually open network ports. When network ports are left open, the protection provided by Internet Connection Firewall for your computer is reduced. "Port" is a networking term that identifies the point at which a type of network traffic reaches your computer. The exact ports that you open depend on the type of traffic you want to send and receive. For more information about which programs require you to open ports and how to manually open ports in Internet Connection Firewall, see How to Open Ports in the Windows XP Internet Connection Firewall. |
| P. | My computer is part of a large business, school, or organizational network—should I turn on the firewall? |
| R. | You should follow the policy established by the network administrator for your business, school, or organizational network. In some cases, network administrators might configure all computers on the network so that you cannot turn on the firewall while your computer is connected to the network. The check box to turn on the firewall in the Windows Security Center or in the Network Connection Properties dialog box is unavailable. In those cases, you should ask your network administrator for guidance on whether you need a firewall on your computer. |
| P. | I use a Virtual Private Networking connection to access a large network from home or while traveling. Should I turn on the firewall in Windows XP? |
| R. | You should ask the network administrator for the large network to which you are connecting. You should follow the administrator's guidance on whether to turn on Internet Connection Firewall for the VPN connection. You should always turn on Internet Connection Firewall for the LAN or High Speed Internet connection or Remote Access Service (RAS) connection that you use to connect to the Internet. |
| P. | I have Windows XP. Can I use a firewall other than the built-in firewall? |
| R. | Yes. Windows XP users who want different features in a firewall may use a hardware firewall or a software firewall from another company. For special offers on antivirus and firewall packages, visit our Security software: Downloads and trials page. |
| P. | Should I use both the built-in firewall and a software firewall from a different company on my Windows XP computer? |
| R. | No. Running multiple software firewalls is unnecessary for typical home computers, home networking, and small-business networking scenarios. Using two firewalls on the same connection could cause issues with connectivity to the Internet or other unexpected behavior. One firewall, whether it is the Windows XP Internet Connection Firewall or a different software firewall, can provide substantial protection for your computer. |
| P. | Should I use the Internet Connection Firewall on a computer that is also behind a hardware firewall? |
| R. | Yes. You should turn on the Windows XP Internet Connection Firewall for all computers in your home network. This helps prevent the spread of viruses or worms across your network if a computer is infected. A computer on the network could become infected through a separate Internet connection, such as one on a laptop that is used on your home network and on public networks. Or a virus could be introduced to a computer on your network by way of e-mail or software installed from a CD or floppy disk. |
| P. | Should I use a non-Microsoft personal firewall instead of the built-in Windows Firewall? |
| R. | If you already have a non-Microsoft firewall on your computer, you should continue to use it. If you do not have a firewall, then you have a choice. If you want a simple firewall that is easy to configure, then you should use the Windows XP Internet Connection Firewall. If you want more advanced control over the traffic that passes through your computer and you also want to block outgoing traffic (that is, the traffic from your computer out to the Internet) then choose a personal firewall from another company. |
| P. | I have Windows XP Home Edition. Does it have Internet Connection Firewall? |
| R. | Yes, both Windows XP Home Edition and Windows XP Professional have the built-in Internet Connection Firewall. The steps to turn on the firewall are identical. |
| P. | I do not see the Advanced tab in the Connection Properties dialog box described in the instructions to turn on the Internet Connection Firewall. Why? |
| R. | You might not be logged on as an administrator. You must be logged on as an administrator to turn on Internet Connection Firewall. When you first set up your Windows XP computer, the procedure guides you through the process of establishing an administrator account and password. If you did not set up an administrator account, the default administrator account has the user name: Administrator and the password is blank. Do not type anything in the password field. Windows XP also provides the option to create a password reset disk, in case you forget your administrator account name and password. If you have set up a separate administrator account and password, but you have not made a reset disk, and you have forgotten the user name and password, you will be required to reinstall your operating system before you can turn on the firewall. |
| P. | The check box for Internet Connection Firewall in the Connection Properties dialog box is unavailable and I cannot add a check mark. What's wrong? |
| R. | This can occur when your computer is part of a large network in a business, school, or organization, and your network administrator is preventing the use of Internet Connection Firewall on the network. |
| P. | What does Windows Firewall protect against? |
| R. | Windows Firewall serves as the primary defense against a variety of computer worms that are transmitted over the network. A computer worm is similar to a virus, but is self-contained and can spread without the help of other programs. The Internet Connection Firewall helps to protect your computer by hiding it from external users and preventing unauthorized connections to your computer. |
| P. | What doesn't Windows Firewall protect against? |
| R. | Windows Firewall in Windows XP cannot protect against viruses that spread through e-mail, such as Trojan horses, which masquerade as helpful or benign software and trick you into opening or downloading them. To help protect against viruses, try Windows Live OneCare The firewall cannot prevent spam or pop-up ads. To help protect against spyware and other unwanted software, try Windows Defender. Windows Defender comes with Windows Vista and it is available as a free download for Windows XP SP2. The firewall will not prevent access to an otherwise unsecured wireless network. However, the firewall helps to protect the computers on your network, so if an intruder were to gain access to your network, he or she could not access your personal computer. |
| P. | Will a firewall protect my wireless network? |
| R. | A firewall will help protect a computer on a wireless network, but will not restrict access to the network itself. You should configure your wireless network to use a network key using either Wi-Fi Protected Access (WPA) or wired equivalent privacy (WEP). For more information, see How to keep others from hijacking your home wireless network or consult the manual for your wireless networking devices. |
| P. | I use a laptop in home and business networks that are protected by firewalls. What should I do when I'm traveling? |
| R. | You should always turn on the Internet Connection Firewall when you connect to the Internet with a dial-up modem or any broadband connection when you travel. |
| P. | Some of my games and other programs seem to have stopped working after I turned on Internet Connection Firewall. Why? |
| R. | To work correctly, some programs need to have specific ports open so that traffic can pass through the Internet Connection Firewall. For a list of some of these programs and the known workarounds for them, see How to Open Ports in the Windows XP Internet Connection Firewall. |
| P. | I have MSN Internet service. Can I use Internet Connection Firewall in Windows XP? |
| R. | If you have MSN dial-up Internet service, you should upgrade to the most recent version of the dial-up connection software. This version fully supports Windows Firewall in Windows XP for MSN dial-up Internet service users. For more information about upgrading your MSN software or securing your MSN Internet connection, contact MSN support. |
| P. | I have America Online Internet service. Can I use the firewall in Windows XP? |
| R. | If you have an America Online broadband Internet connection, you can turn on the firewall that's built in to Windows following the steps on the Use an Internet Firewall page. If you have an AOL dial-up Internet connection, it can only be protected by Windows Firewall if you are using Windows XP Service Pack 2. If you are running Windows XP Service Pack 1 or earlier, the firewall does not interfere with the AOL connection. You cannot configure AOL dial-up connection software in the Network Connections folder on your Windows XP computer, therefore you cannot turn on the Internet Connection Firewall for such connections. For help in securing an AOL dial-up Internet connection using Windows XP download and install Windows XP Service Pack 2 or contact AOL. Additional information about AOL is available at the AOL Web site. For a list of technical support phone numbers visit the AOL Customer Support page. |
| P. | I am unable to establish a Remote Assistance connection in Windows XP after turning on Windows Firewall, could this be related? |
| R. | This can be an issue if you enabled the firewall after sending the Remote Assistance invitation. To work around this problem, you can create a new Remote Assistance invitation while Windows Firewall is enabled, and then send the new invitation to the expert. For more information, see Remote Assistance May Not Work if Internet Connection Firewall Is Enabled After Sending Invites. |
| P. | Where can I get more information about the Windows Firewall and firewalls in general? |
| R. | To get more help with issues related to setting up a firewall on your computer or home network, see the Protect Your PC Support page or Use the Internet Connection Firewall. |
| P. | I am using Apple iTunes for Windows. Other users on the local network cannot connect to my shared playlists even though they can see my iTunes shared name after I've enabled Internet Connection Firewall. How can I share playlists? |
| R. | To work correctly, some programs must have specific ports open so that traffic can pass through the firewall. See How to Open Ports in the Windows XP Internet Connection Firewall for a list of some of these programs and the solutions for them. |
P.
R. | |
