Quick Links

Firewalls are an important piece of security software, and someone is always trying to sell you a new one. However, Windows has come with its own solid firewall since Windows XP SP2, and it's more than good enough.

You also don't need a full Internet security suite. All you really need to install on Windows 7 is an antivirus -- and Windows 8 finally comes with an antivirus.

Why You Definitely Need a Firewall

The primary function of a firewall is to block unrequested incoming connections. Firewalls can block different types of connections intelligently -- for example, they can allow access to network file shares and other services when your laptop is connected to your home network, but not when it's connected to a public Wi-Fi network in a coffee shop.

A firewall helps block connections to potentially vulnerable services and controls access to network services -- particularly file shares, but also other types of services -- that should only be accessible on trusted networks.

Before Windows XP SP2, when the Windows Firewall was upgraded and enabled by default, Windows XP systems connected directly to the Internet became infected after four minutes on average. Worms like the Blaster worm tried to connect directly to everyone. Because it didn't have a firewall, Windows let the Blaster worm right in.

A firewall would have protected against this, even if the underlying Windows software as vulnerable. Even if a modern version of Windows is vulnerable to such a worm, it will be extremely difficult to infect the computer because the firewall blocks all such incoming traffic.

Why the Windows Firewall is Usually Good Enough

The Windows Firewall does the exact same job of blocking incoming connections as a third-party firewall. Third-party firewalls like the one included with Norton may pop up more often, informing you that they're working and asking for your input, but the Windows firewall is constantly doing its thankless job in the background.

It's enabled by default and should still enabled unless you've disabled it manually or installed a third-party firewall. You can find its interface under Windows Firewall in the Control Panel.

When a program wants to receive incoming connections, it must create a firewall rule or pop up a dialog and prompt you for permission.

If all you care about is having a firewall to block incoming connections, there's nothing wrong with the Windows firewall.

When You Would Want a Third-Party Firewall

By default, the Windows firewall only does what's really important: block incoming connections. It has some more advanced features, but they're in a hidden, harder-to-use interface.

For example, most third-party firewalls allow you to easily control which applications on your computer can connect to the Internet. They'll pop up a box when an application first initiates an outgoing connection. This allows you to control which applications on your computer can access the Internet, blocking certain applications from connecting. This can be a little annoying, but it does give you more control if you're a power user.

Editor's Note: If you want a firewall with loads of features, GlassWire is a third party firewall that we really love. Rather than just being a firewall, it also shows you beautiful graphs of network activity, lets you drill down into exactly which application is connecting to where, and how much bandwidth an individual application is using.

GlassWire also has a toolbox of network security checks like system file change detection, device list change detection, app info change detection, ARP spoofing monitoring. It's not just a firewall, but a full intrusion detection system.

They have a free version that works well, but we suggest paying for the full version, which has more features than we can even list. It's well worth it.

Windows_10

Advanced Windows Firewall Features

The Windows firewall actually has more features than you might expect, though its interface isn't as friendly:

Compare this interface with GlassWire and the decision is pretty clear: If you just want basic, stick with the Windows Firewall. If you want something more advanced, GlassWire is much better than the "Advanced" Windows Firewall.


A third-party firewall is a power-user tool -- not an essential piece of security software. The Windows firewall is solid and trustworthy. While people can quibble about the Microsoft Security Essentials/Windows Defender virus detection rate, the Windows firewall does just as good a job of blocking incoming connections as other firewalls.