A firewall is a policy-enforcement measure; it typically looks at network traffic, and blocks or allows it based on a set of rules. Early firewalls, in the mid 1990s, were routinely configured to examine and filter inbound traffic, while permitting all outbound traffic. The assumption was that OUR machines could be trusted, the threat was all "out there". That argument was kind of reasonable as long as every machine had a dedicated sysadmin who was intimately familiar with every bit of the OS and every executable program (or fragment thereof) on the machine. That stopped being a reasonable assumption a long time ago, but the Windows firewall was one of the last examples of this philosophy. In an era of worms, trojans and viruses, it simply isn't a useful approach any more. (This might be fixed in Vista.) Most really good firewalls live in their own box, on the network rather than as software running on the individual machines. Software firewalls have a special advantage over network firewalls -- when strange traffic shows up, a software firewall can track it back to a specific application, perhaps to be subjected at that point to an advanced virus scan. On the other hand, we're starting to hear of malware targetting specific firewalls, for instance adding itself to the firewall's list of "blessed" applications. The Windows firewall is better than nothing, but there are much better choices available, and even the best arre struggling to stay ahead of the malware writers. Some of the good choices, such as ZoneAlarm, have free versions available that will do the job. David Gillett On 2 Aug 2007 at 9:23, chipo chika wrote: > How effective is windows firewall? How vunrable ic My pc protected by > windows xp firewall and running Escan anti virus? Do I need additional > protection? If so whats the recommended? The NOSPIN Group Promotions is now offering our special coffee cups and mouse pads with the PCSOFT logo... at a great price!!! http://freepctech.com/goodies/promotions.shtml