Windows versions from XP onward include a built in firewall. But is Windows Firewall enough protection?
Yes. And no. Security answers are almost always complicated. But I’ll explain.
Is Windows Firewall enough protection? Yes.
From a firewall perspective, Windows Firewall is enough protection. There is no need for a third-party firewall. All third-party firewalls do is give you more notifications or ask you more questions, effectively turning them into nagware.
I don’t like nagware. Nagware always leads to two extremes: saying yes too much, or saying no too much. If you say yes too much, you no longer have any security. If you say no too much, nothing works and your computer becomes a glorified Etch-a-Sketch.
Windows Firewall strikes a good balance. It protects you when you connect to the wifi networks in the coffee shop, as long as you tell Windows it’s a public network when you connect. It rarely nags you and rarely blocks things. When it does block things, it’s not difficult to unblock them.
In the most secure corporate environment I ever worked in, we ran Windows Firewall on every PC on the network. We had rules that kept workstations from talking to each other and even to some servers. PCs that needed to talk to each other could, but if two PCs had no reason to be talking, we had rules that blocked it.
So the Windows Firewall is good enough to be an integral part in a really paranoid company’s security. But it wasn’t the only thing that company did. Which leads me to the counter-argument.
Is Windows Firewall enough protection? No.
Because you need more than a firewall to have security. A firewall protects you from some kinds of attacks, like worms and port scans. But a firewall does very little to protect you from viruses and other security threats. You still need to run antivirus. You still need to let your computer update every month. You need to run a supported Windows version. You still need spam filtering on your e-mail. You need to let your computer apply its monthly security updates. And I really, really want you to change your DNS server to one that blocks malware domains.
All of these things are important. Which one is more important depends on your unique situation. Firewalls are very important for someone who travels a lot and is always connecting to hotel and restaurant and airport wifi. Firewalls are less important for desktop PCs that spend their entire life sitting on one trusted network.
Firewalls don’t make you invisible or invincible
Unfortunately, there are people who remember Steve Gibson’s turn-of-the-century rhetoric that a firewall makes you invisible on the Internet, and therefore conclude that if you have a good firewall, you’re invincible. Large companies spend millions of dollars every year on security. A good corporate firewall costs around $20,000. They buy a lot more than just firewalls.
Some opportunistic attacks do hit firewalls. But a modern attack is much more likely to come via e-mail or a web page. So while you need a firewall to block those opportunistic attacks, being immune to network attacks doesn’t make you invincible. This is a little morbid, but think of it like a bulletproof vest. It protects you from bullets. But it won’t do much to keep you from getting hit by a bus.
But my computer is acting funny. How do I know it’s not hackers?
I have seen people get paranoid about hackers, buy aggressive security tools, and turn every setting up to the max. Then their computer quits working right. And then what? They blame hackers.
I don’t chase hackers for a living, but I’ve chased down enough of them that I can tell you if a competent hacker is on your computer, you won’t know it.
More often than not, a malfunctioning computer is due to misconfigured or poorly behaved software. What do you have installed besides what came with your operating system? I install an office suite, Chrome, sometimes Firefox, an image editor, an image viewer, and that’s about it. I rely on the firewall and antivirus that come with Windows 10. I use software that has a good reputation, downloaded from the people who published it.
Is Windows Firewall enough protection if you do that? In conjunction with antivirus and installing updates, yes. I don’t have problems with hackers or otherwise. And neither do other people I know who follow those practices.
If you’re having problems, I recommend installing a clean copy of Windows, followed by reputable core applications from the original publisher, not from a warez site or other sources. Then if you must have things beyond the essentials I listed above, install them one by one and watch for problems. When the problems show back up, you’ve found your culprit.