An Internet firewall is a piece of software or hardware that helps screen out hackers, viruses, and worms, which try to reach your computer over the Internet. If you are a home user or small-business user, installing a firewall is the most effective and important first step you can take to help protect your computer. It is important to have a firewall and antivirus software turned on before you connect to the Internet.

If your computer is not protected when you connect to the Internet, hackers can gain access to personal information on your computer. They can install code on your computer that destroys files or causes malfunctions. They can also use your computer to cause problems on other home and business computers connected to the Internet. A firewall helps screen out many kinds of malicious Internet traffic before it reaches your system.

Some firewalls can also help prevent others from using your computer to attack other computers without your knowledge. Using a firewall is important no matter how you connect to the Internet with a dial-up modem, a cable modem, or a digital subscriber line (DSL or ADSL).

If you have Windows XP running on your computer, you can check to make sure the firewall is enabled:

If you have a different version of Windows, such as Windows 2000, Windows Millennium Edition, or Windows 98, you should obtain a hardware or software firewall from another company and install it. You can check the manuals of your home networking devices, such as wireless access points or broadband routers, to determine if they include built-in hardware firewalls. If you are uncertain whether a software firewall has been installed on your computer, you can check in the All Programs folder. Click Start, and then click All Programs. Look for a firewall program that is installed. Some common brand names for software firewalls for home users include BlackICE, McAfee, Norton, Tiny Personal Firewall, and ZoneAlarm.

Versions of Windows before Windows XP did not come with a built-in firewall. If you have a computer with an earlier version of Windows, such as Windows 2000, Windows Millennium Edition, or Windows 98, you should get a firewall and install it. You can use a hardware firewall or a software firewall. The following resources provide more information about your firewall options.

Hardware Firewalls

Many wireless access points and broadband routers for home networking have built-in hardware firewalls, which provide good protection for most home networks. The Microsoft Broadband Networking Wireless Base Station is one example of a wireless access point with a built-in hardware firewall and other integrated home networking features.

Software Firewalls

Software firewalls are available from several vendors, including:

Choosing a software firewall provides information about software firewalls made by other companies, as well as hardware firewalls and network routers. This information can help you select a firewall solution if you use an earlier version of Microsoft Windows, such as Windows 2000, Windows Millennium Edition (Me), or Windows 98.

If you are uncertain whether you have Windows XP or an earlier version of Windows

In most cases, the steps on the Protect Your PC page help you turn on the Internet Connection Firewall in Windows XP. Follow these steps if you have a single computer that you connect to the Internet. The FAQs below should help if you have a different version of Windows, a home or small business network, compatibility issues with the Windows XP firewall, or special configurations that require troubleshooting.

Internet Connection Firewall monitors all network traffic on the connections for which it is enabled. For example, Internet Connection Firewall can monitor all traffic on your dial-up connection to the Internet. The firewall keeps track of all communications that have originated from your computer, and it prevents unsolicited traffic from reaching your computer. If necessary, the firewall dynamically opens ports and allows your computer to receive traffic that you have specifically requested, such as a Web page for which you have clicked the address.

Port is a networking term that identifies the point at which a type of network traffic reaches your computer. The exact ports that you open depend on the type of traffic you want to send and receive.

If you have not requested the incoming traffic, Internet Connection Firewall helps block it before it can reach your computer. For special uses, such as networking, hosting online games, or hosting your own Web server, you can select ports that you want to leave open. This allows others to make connections to your computer, but it can also reduce security.

Internet Connection Firewall is part of Windows XP Home Edition and Windows XP Professional.

To learn more read Use the Internet Connection Firewall and How to Open Ports in the Windows XP Internet Connection Firewall.

A firewall will not make your computer 100 percent safe. However, a firewall provides the most effective first line of defense. You should install a firewall first, and then add other security measures, such as critical software patches from Windows Update and antivirus software. You can use Automatic Updates in Windows XP to help make sure you are installing the available patches. See the Protect Your PC Web site for more information.

Yes. If you have more than one computer in a home or small-office network, you should protect every computer in the network. Enabling Internet Connection Firewall on every connection will help prevent the spread of a virus from one computer to another in your network if one of your computers becomes infected. However, if a virus is attached in an e-mail message, the firewall won't block it and it can infect your computer. You should install an antivirus program as well.

All computers in your home network should be protected by a firewall. A firewall helps prevent the spread of viruses or worms across your network if they infect one computer. A computer on the network could also become infected through a separate Internet connection, such as a laptop that is used on your home network and on public networks. Or, a virus could be introduced to a computer on your network through software installed from a CD or floppy disk.

Yes. If you have multiple network connections on any of your computers, you should turn on Internet Connection Firewall for each connection. When you turn on the firewall for each network connection, it can interfere with file and print sharing and prevent your computer from finding other network devices. To allow these types of uses, you can manually open network port. When network ports are left open, the protection provided by Internet Connection Firewall for your computer is reduced.

Port is a networking term that identifies the point at which a type of network traffic reaches your computer. The exact ports that you open depend on the type of traffic you want to send and receive. For more information about which programs require you to open ports and how to manually open ports in the Internet Connection Firewall, see How to Open Ports in the Windows XP Internet Connection Firewall.

You should follow the policy established by the network administrator for your business, school, or organizational network. In some cases, network administrators may configure all computers on the network so that you cannot turn on Internet Connection Firewall while your computer is connected to the network. The check box to turn on Internet Connection Firewall in the Network Connection Properties dialog box will be dimmed. In those cases, you should ask your network administrator for guidance on whether you need a firewall on your computer.

You should ask the network administrator for the large network to which you are connecting. You should follow the administrator's guidance on whether to turn on Internet Connection Firewall for the VPN connection. You should always turn on Internet Connection Firewall for the LAN or High Speed Internet connection or Remote Access Service (RAS) connection that you use to connect to the Internet.

Yes. Windows XP users who want different features in a firewall may use a hardware firewall or a software firewall from another company. The vendors listed below offer firewall products compatible with Windows XP.

No. Running multiple software firewalls is unnecessary for typical home computers, home networking, and small business networking scenarios. Using two firewalls on the same connection could cause issues with connectivity to the Internet or other unexpected behavior. One firewall, whether it is the Windows XP Internet Connection Firewall or different software firewall, can provide substantial protection for your computer.

Yes. You should turn on the Windows XP Internet Connection Firewall for all computers in your home network. This helps prevent the spread of viruses or worms across your network if a computer is infected. A computer on the network could become infected through a separate Internet connection, such as one on a laptop that is used on your home network and on public networks. Or a virus could be introduced to a computer on your network by way of e-mail or software installed from a CD or floppy disk.

If you already have a non-Microsoft firewall on your computer, you should continue to use it. If you do not have a firewall, then you have a choice. If you want a simple firewall that is very easy to configure, then you should use the Windows XP Internet Connection Firewall. If you want more advanced control over the traffic that passes through your computer, and you also want to block outgoing traffic (that is the traffic from your computer out to the Internet) then choose a personal firewall from another company.

Yes, both Windows XP Home Edition and Windows XP Professional have the built-in Internet Connection Firewall. The steps to turn on the firewall are identical.

You might not be logged on as an administrator. You must be logged on as an administrator in order to turn on Internet Connection Firewall. When you first set up your Windows XP computer, the set-up procedure guides you through the process of establishing an administrator account and password. If you did not set up an administrator account, the default administrator account has the user name: Administrator and the password is blank. Do not type anything in the password field. Windows XP also provides the option to create a password reset disk, in case you forget your administrator account name and password. If you have set up a separate administrator account and password, but you have not made a reset disk, and you have forgotten the user name and password, you will be required to reinstall your operating system before you can turn on the firewall.

This can occur when your computer is part of a large network in a business, school, or organization, and your network administrator is preventing the use of Internet Connection Firewall on the network.

The firewall serves as the primary defense against a variety of computer worms that are transmitted over the network. A computer worm is similar to a virus, but is self-contained and can spread without the help of other programs. Internet Connection Firewall helps protect your computer by hiding it from external users and preventing unauthorized connections to your PC.

Internet Connection Firewall in Windows XP cannot protect against viruses that spread through e-mail, such as Trojan horses, which masquerade as helpful or benign software and trick you into opening or downloading them. The firewall cannot prevent spam or pop-up ads. The firewall will not prevent access to an otherwise unsecured wireless network. However, the firewall helps protect the computers on your network, so if an intruder gains access to your network, he or she could not access your personal computer.

The Internet Connection Firewall will help protect a computer on a wireless network, but will not restrict access to the network itself. You should configure your wireless network to use a network key using either Wi-Fi Protected Access (WPA) or wired equivalent privacy (WEP). For more information, consult the manual for your wireless networking devices.

You should always enable Internet Connection Firewall when connecting to the Internet using a dial-up modem or any broadband connection when you are traveling.

To work correctly, some programs need to have specific ports open so that traffic can pass through the Internet Connection Firewall. For a list of some of these programs and the known workarounds for them, see How to Open Ports in the Windows XP Internet Connection Firewall.

If you have MSN dial-up Internet service, you should upgrade to the most recent version of the dial-up connection software, MSN Explorer 8.5. This version fully supports Internet Connection Firewall in Windows XP for MSN dial-up Internet service users. For more information about upgrading your MSN software or securing your MSN Internet connection, contact MSN support.

If you have an America Online broadband Internet connection, you can turn on Internet Connection Firewall following the steps on the Use an Internet Firewall page.

If you have an AOL dial-up Internet connection, it cannot be protected by the Internet Connection Firewall in Windows XP. The firewall does not interfere with the AOL connection. But you cannot configure AOL dial-up connection software in the Network Connections folder on your Windows XP computer, therefore you cannot turn on Internet Connection Firewall for such connections. For help in securing an AOL dial-up Internet connection, you should contact AOL.

Additional information about AOL is available at the AOL Web site. For a list of technical support phone numbers visit the AOL Customer Support page.

This can be an issue if you enabled Internet Connection Firewall after sending the Remote Assistance invitation. To work around this problem, you can create a new Remote Assistance invitation while Internet Connection Firewall is enabled, and then send the new invitation to the expert. For more information, see Remote Assistance May Not Work if Internet Connection Firewall Is Enabled After Sending Invites.

To get more help with issues related to setting up a firewall on your computer or home network, see the Protect Your PC Support Page or Use the Internet Connection Firewall. For more resources see this list of Microsoft Knowledge Base articles about Internet Connection Firewall.

The following non-Microsoft resources on the Internet provide more information about firewalls in general:

To work correctly, some programs need to have specific ports open so that traffic can pass through the Internet Connection Firewall. See How to Open Ports in the Windows XP Internet Connection Firewall for a list of some of these programs and the known workarounds for them.