Greetings --
If your switch/router has NAT capability, you're already as safe
as WinXP's built-in firewall could make you. You'll not derive any
additional benefit from using the built-in firewall.
WinXP's built-in firewall is fine at stopping incoming attacks, and
hiding your ports from probes. It doesn't give you any alarms to tell
you that it is working, though. What WinXP's firewall also does not
do, is protect you from any Trojans or spyware that you might download
and install inadvertently. It doesn't monitor out-going traffic at
all, much less block (or at least ask you about) the bad or the
questionable out-going packets. It "assumes" that any applications
sending out-going data are doing what _you_ want them to do.
ZoneAlarm, Kerio, or Sygate are all much better, and are much more
easily configured, and there are a free versions of each readily
available. Even Symantec's Norton Personal Firewall is superior,
although it does take a heavier toll of performance then do ZoneAlarm,
Kerio, or Sygate.
Even good hardware firewalls (and NAT-capable routers) do nothing
to protect the user from him/herself. Again -- and I _cannot_
emphasize this enough -- almost all spyware and many Trojans and worms
are downloaded and installed deliberately (albeit unknowingly) by the
user. So a software firewall, such as Sygate or ZoneAlarm, that can
detect and warn the user of unauthorized out-going traffic is an
important element of protecting one's privacy and security. Most
antivirus applications do not scan for or protect you from
adware/spyware, because, after all, you've installed them yourself, so
you must want them there, right?
I use both a router with NAT and Sygate Personal Firewall, even
though I generally know better than to install scumware. When it
comes to computer security and protecting my privacy, I prefer the old
"belt and suspenders" approach.
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH