Install That Firewall
The best method of defense is a proven hardware firewall, with the default password changed. The ubiquitous Linksys BEFSR41 router has made its way into many homes. In my home, the router in question is currently running three PC's and alternating duty between two Xboxes. When updated to the latest firmware it provides excellent security for a home user. Out of the box, it blocks all ports and helps prevent the nasties from poking around. Even if you only have one computer connected, a dedicated hardware firewall is useful in the event you get another system. Of course, more people than Linksys make routers: DLink is another popular brand for home users. Future Shop, for Canadians out there, has many wired and wireless routers to choose from. While the Microsoft routers work nicely and integrate well into Windows XP, due to Microsoft's track record with security, I'd advise sticking with a different company. It's also noteworthy that the software provided with their router effectively takes over XP's Network Connections, making normal network administration a bit tougher to work with.
Why go with a hardware firewall? Because you're protected 24/7; a certain phenomenon deals with Windows XP systems while booting up. The software firewall hasn't had time to initialize yet, so your system can be attacked while it's still booting up. If you have a broadband connection, you could be harbouring the latest Internet worm before you've logged on.
Softwall: Don't Get Reamed 30 Seconds In
Microsoft's Windows XP ships with several security vulnerabilities, so it's important to run to Windows Update immediately after getting a new computer, or freshly installing an operating system. I recommend that if you don't have a hardware firewall active and protecting your computer, to physically unplug all network cables or phone lines from your computer on its first boot; this is until you enable XP's firewall. While a poor substitute for a more specialized software or hardware firewall, it will protect you from random port scans and remote buffer overflows while you are accessing Windows Update. Before you plug in your network cable, make sure the Internet Connection Firewall is checked for all adapters, under "Network Connections" in Control Panel.After you've got the updates for your version of Windows, you can then proceed to find a better firewall. It's a good idea to leave XP's firewall enabled, in the event that your other firewall decides to cease functioning. Keep in mind that you do need another application to protect from attacks -- not from the outside in, but from the inside out.
Recommended Softwalls
ZoneLabs' ZoneAlarm is available as both a commercial and free product; the free version will suffice for simple protection needs and will deny access to programs that you believe should not have rights to the Internet. Take the example of programs "phoning home": should image or video editing software need access to the Internet? With a selective access firewall, you can save your bandwidth for more important things like gaming. Other firewalls are available from C|Net's Download.com;
Sygate Personal Firewall is another excellent application if you can't deal with ZoneAlarm's glaring yellow colour scheme.Gaming Considerations
Of course, adding these levels of security means a little bit more annoyance. For most games that offer online play, a message box will appear asking you to authorize them for Internet access. If you select "Remember this answer" or the similarly-titled checkbox, you should be able to play your favourite games without being accosted by the firewall of your choice.
However, acting as a host or server for an online game becomes slightly more complicated. You'll have to check with the game's manufacturer or publisher to find out which port or ports to allow open to other traffic. Under any circumstances, do not enable the "DMZ" or "DMZ Host" option within your firewall's configuration settings. DMZ stands for "Demilitarized Zone", effectively exposing your computer to the Internet completely.
Final Thoughts
While the inconvenience of ports, packets and routers may be more complicated than you wish to learn, with a few simple steps you can avoid becoming the next spam server or Internet worm source. What do you think -- is security worth it? I believe that anyone unwilling to take simple precautions about their own online security is only inviting a hacker or virus to toss around their data. Many viruses today can be stopped with a simple outgoing hardware firewall. Consider what your data; your online credibility; your ISP's service is worth to you. Consider well -- and apply security.
