We explain how to check if the Windows Firewall is working correctly, how to fix it if something goes wrong, and how to configure it for maximum protection
The major difference between the firewall in Windows XP and the updated versions in Vista and 7 firewalls is that the XP version can block only incoming connections, not outgoing ones, so malicious programs can potentially connect to the web. For this reason, XP users should consider using a different firewall for better protection. The precise method of launching Windows Firewall varies between versions – but in all cases start by opening Control Panel from the Start menu. Then, in XP, click Security Center followed by Windows Firewall; in Vista or 7, click System and Security followed by Windows Firewall.
The way Windows Firewall looks (and works) depends on the Windows version. In XP, turn the firewall on or off by clicking the appropriate radio button. Note that a firewall should only ever be disabled for troubleshooting or installation purposes (some anti-virus programs, for example, may require Windows Firewall to be disabled temporarily). The box labelled ‘Don’t allow exceptions’ should only be ticked if the PC is connected to a public network that anyone can use, such as a wireless hotspot in a cafe. Otherwise, it could prevent some programs or features such as shared folders from working [see Step 8].
To do the same in Windows 7 or Vista, click the link labelled ‘Turn Windows Firewall on or off’. In Vista the dialogue box that appears is identical to XP’s, but in Windows 7 there are two sections, for Private and Public network locations (again, see Step
. Ignore these for now, but ensure the firewall is turned on and the tick-box labelled ‘Block all incoming connections...’ is clear (although as with XP, it can be ticked when maximum security is needed).
If a program opens an incoming connection in XP, an alert is displayed if the program is not on a roster of allowed programs called the Exceptions list. Choosing Unblock adds the program to the Exceptions list. Ask Me Later blocks it, but shows the alert again when the program next launches. Clicking Keep Blocking will block the program. If you choose the wrong option, the program may not work correctly, and you may have to unblock it (we’ll explain how in Step 5). In Vista the alert also has Keep Blocking and Unblock as choices. In Windows 7 the options are Cancel and Allow Access, instead.
To check whether Windows Firewall is causing a program to malfunction, temporarily turn it off to see if this fixes the problem. If it does, unblock the program in XP by opening the Windows Firewall settings dialogue box (Step 1) and then select the Exceptions tab. Find the program in the list and tick the box next to it to unblock it. Conversely, to block a program in the list, remove the tick from its box. To make the firewall ‘forget’ a program, select it and click Delete. A new firewall alert should appear when the program is next run.
If the misbehaving program is not shown in the Exceptions list, it can be added by clicking the Add Program button. Choose the program from the list of installed programs and click OK. You can add any program file by clicking the Browse button and navigating to the program file’s location. The Add Port button is rarely needed, and should not be used unless you have been specifically instructed to by an expert user.
To unblock a program in Windows 7 or Vista, open the firewall settings dialogue box (Step 1), click the link ‘Allow a program or feature through Windows Firewall’. In Vista this opens an Exceptions list. In Windows 7, click the Change Settings button to edit the list. To unblock a program, tick the left-most box. The Home/Work (Private) and Public tickboxes allow programs to be blocked on different types of network. To add a program to the list, click ‘Allow another program...’
Many problems with sharing folders, files or printers on a home network are caused by incorrect firewall settings. In particular the File and Printer Sharing and Network Discovery (Windows 7 and Vista only) items in the Exceptions list. If there are problems, such as a networked PC not appearing in My Network Places or the Network section of Windows Explorer, check these are not blocked in Windows Firewall’s Exceptions list. The Network Locations feature in Windows 7 and Vista changes these settings. They are disabled for Public network locations, and enabled in Home/Work (Private) locations. For home networks, the Home location is the best choice.
To change a Network Location in Windows 7 or Vista, click the Network icon in the Notification Area and click Open Network and Sharing Center. In Vista, click the Customize link and select the radio button for the correct location. In Windows 7, click the blue link next to the network icon under the ‘View your active networks’ heading. Click one of the three choices to change the location. The Work setting is the same as Home, but it disables the Windows 7 Homegroups feature.
To restore the default firewall settings, in XP open the firewall settings dialogue box (as per Step 1), choose the Advanced tab and click the Restore Defaults button. (In Vista, follow Step 3 to open the dialogue box first). In Windows 7, in the main settings screen (Step 1), click the link in the left pane labelled ‘Restore defaults’ and click Restore defaults again. When programs are run in future, they may trigger new alerts from Windows Firewall.
source:computeractive.co.uk
