If you have a broadband, always-on connection, you’re connected to the Internet 24 hours a day. It’s theoretically possible for some cretin to use automated hacking software to flood you with files or to take control of your machine. Fortunately, the Windows Firewall feature puts up a barrier to such mischief.
The firewall acts as a gatekeeper between you and the Internet. It examines all Internet traffic and lets through only communications that it knows are safe; all other traffic is turned away at the door.
Every kind of electronic message sent to or from your PC—instant messaging, music sharing, file sharing, and so on—conducts its business on a specific communications channel, or port. Ports are numbered tunnels for certain kinds of Internet traffic.
The problem with Windows before Vista came along was that Microsoft left all your ports open for your convenience—and, as it turns out, for the bad guys’. Starting with Vista, all the ports arrive on your PC closed.
The firewall blocks or permits signals based on a predefined set of rules. They dictate, for example, which programs are permitted to use your network connection, or which ports can be used for communications.
You don’t need to do anything to turn on the Windows Firewall. When you turn on Windows, it’s already at work. But the Windows Firewall can be turned off.
To do that, or to fiddle with any of its settings, there are plenty of ways to find it. It’s an icon in the Control Panel, for example. Or you can find it from the Start screen; type firewall. Select Settings. Select Windows Firewall in the results list.
As you can see in Figure 14-3, the Firewall screen is pretty simple.
To see the ways you can adjust the Windows Firewall, click “Turn Windows Firewall on or off” in the left-side task panel. (Authenticate yourself if necessary.)
The resulting screen lets you tweak the settings for each location (Public, Private, Domain) independently. You have these options:
Block all incoming connections, including those in the list of allowed apps. When you’re feeling especially creeped out by the threat of hackerishness—like when you’re at the coffee shop of your local computer-science grad school—turn on this box. Now your computer is pretty much completely shut off from the Internet except for Web browsing, email, and instant messaging.
Notify me when Windows Firewall blocks a new app. Windows will pop up a message that lets you know when a new program has attempted to get online, on the off chance that it’s some evil app. Most of the time, of course, it’s some perfectly innocent program that you happen to be using for the first time; just click Allow in the box and go on with your life.
Note
If you really are on a domain (Chapter 25), then you may not be allowed to make any changes to the firewall settings, because that’s something the network nerds like to be in charge of.
Turn off Windows Firewall. Yes, you can turn the firewall off entirely. There’s very little reason to do that, though, even if you decide to install another company’s firewall; its installer turns off the Windows Firewall if necessary.
Figure 14-4. From time to time, your life with Windows will be interrupted by this message. It’s your firewall speaking. It’s telling you that a program is trying to get online, as though you didn’t know. Most of the time, you can just hit Unblock and get on with your life.
You also might be tempted to turn off the firewall because you have a router that distributes your Internet signal through the house—and most routers have hardware firewalls built right in, protecting your entire network.
Still, there’s no harm in having both a hardware and a software firewall in place. In fact, having the Windows Firewall turned on protects you from viruses you catch from other people on your own network (even though you’re both “behind” the router’s firewall). And if you have a laptop, this way you won’t have to remember to turn the firewall on when you leave your home network.
The firewall isn’t always your friend. It can occasionally block a perfectly harmless program from communicating with the outside world—a chat program or a game that you can play across the Internet, for example.
Fortunately, whenever that happens, Windows lets you know with a message like the one shown in Figure 14-4. Most of the time, you know exactly what program it’s talking about, because it’s a program you just opened yourself—a program you installed that might legitimately need Internet access. In other words, it’s not some rogue spyware on your machine trying to talk to the mother ship. Click “Allow access” and get on with your life.
Figure 14-5. Here you can specify when each program is allowed to connect to the Internet—independently for each kind of network you might be on (using the Private or Public checkboxes at far right). Turning off the checkbox at far left blocks the program completely. Click “Allow another program” to add a new program to this list so it won’t bug you the first time you run it.
Alternatively, you can set up permissions for your apps in advance. At the left side of the firewall screen shown in Figure 14-3, click “Allow a program or feature through Windows Firewall.” Proceed as shown in Figure 14-5.
The Windows Firewall screen gives you a good deal of control over how the Windows Firewall works. But it doesn’t offer nearly the amount of tweakiness that high-end geeks demand, like control over individual ports, IP addresses, programs, and so on. It also offers no way to create a log (a text-file record) of all attempts to contact your PC from the network or the Internet, which can be handy when you suspect that some nasty hacker has been visiting you in the middle of the night.
Figure 14-6. Suppose some game needs a particular port to be opened in the firewall. Click Inbound Rules to see all the individual “rules” you’ve established. In the right-side pane, click New Rule. A wizard opens; it walks you through specifying the program and the port you want to open for it.
There is, however, an even more powerful firewall control panel. In an effort to avoid terrifying novices, Microsoft has hidden it, but it’s easy enough to open. It’s called the Windows Firewall with Advanced Security.
Get there by clicking “Advanced settings” at the left side of the Windows Firewall window. Authenticate if necessary. Figure 14-6 shows you the very basics. But if you’re really that much of an Advanced Security sort of person, you can find Microsoft’s how-to guide for this console at http://bit.ly/hxR0i.