Windows Firewall Page

Windows Firewall

The firewall provides a barrier against network-based intrusions. It blocks unsolicited incoming traffic, and makes the system mostly invisible on the internet by rejecting Internet Control Message Protocol (ICMP) requests. This means that ping and tracert will not work. The firewall also looks and rejects invalid packets.

This barrier prevents opportunistic attacks - attacks spread by finding many systems with the same vulnerability. The firewall can thwart many attacks by putting up a "do not disturb" sign for those features not currently in use. The essential benefit of the Windows Firewall is that features and applications that are not in use cannot be avenues for attack.

Advanced Installer configures the system to identify what applications and features are needed and should be open to the network. This happens when the package is installed.

Advanced Windows Firewall

Advanced Installer supports configuring the Firewall on Windows XP SP2, Windows Server 2003 SP1, Windows Vista and Windows Server 2008 (both 32 and 64 bit editions).

In the "ON with no exceptions" mode, all static holes are closed. API calls to open a static hole are allowed but deferred; that is, they are not applied until the firewall switches back to normal operation. All listen requests by applications will also be ignored. Outbound connections will still succeed.

Recommendations

The firewall is here to stay. These recommendations will give your customers a good Firewall experience with your Windows application:

• Don't tell your clients to disable the Firewall to use your application. This makes their entire machine vulnerable even when they aren't using the program.
• Make the Firewall configuration seamless for your users. Add your application to the exception list during installation, and remove your application from the exception list during uninstallation.