Windows Firewall One of the windows features that has been most heavily overhauled in SP2 is Windows Firewall, a facility previously known as Internet Connection Firewall, or ICF.To begin with, Windows Firewall is active by default on systems running SP2; ICF, by contrast, was shut off by default. All new network connections created on SP2 machines also have firewalls by default, and Windows Firewall plugs the gap ICF left open when network connections on a machine were unprotected for a short period during startup. During tests, we could use Windows Firewall to open ports statically, to allow application-specific exceptions and to adjust the scope of our exceptions based on a subnet. Theres an "on with no exceptions" check box in the firewall configuration dialog, which is a good setting to have while using a machine in a potentially insecure environment, such as a hotel room or public hot spot. We could configure these settings through Group Policy or with a command-line tool called Netsh. Its not possible to use Windows Firewall interactively, where the firewall requests user approval to allow an application access to a blocked port, unless logged in with administrator privileges. Regular users will see a pop-up directing them to ask their administrator to open the port. However, this message does not include the port number, so it will be of limited aid in filling out a help desk request. Also, Windows Firewall does not block outbound traffic, which may leave companies looking elsewhere for a more capable alternative. Next page: Network protection.
Managed systems running Windows XP within a company are likely to sit behind a corporate firewall already, but now that the threat of worms has increased, its become important for individual systems to have firewall protection. In addition, the presence of a built-in firewall is important for mobile enterprise users connecting to the Internet from outside the corporate network, and Windows Firewall is considerably improved over ICF.