"Whereas one job of a personal firewall is to block potentially malicious inbound connections to your machine, another is to block potentially malicious outbound connections. For example, if some malware does find its way onto your system and then it attempts to "phone home" with whatever sensitive data it may have found, a good personal firewall should stop most outbound communications dead in their tracks until the end-user explicitly allows it (one problem with such conditional blocking is that end-users are rarely presented with enough information on which to base a decision).
But, with Windows Vista's firewall, it works the other way around. All outbound communications are allowed permanently until a rule has been created to explicitly block it. Despite Vamosi having routinely voiced his concerns about Vista's firewall before Vista shipped, Microsoft moved forward with what he believes to be a "half-cocked" design anyway. According to Vamosi, Microsoft's explanation for its decision has been that having to walk through the many wizard-driven pop-ups that would occur shortly after the first time Vista gets installed would be a poor out-of-the-box experience and that users would become de-sensitized to the prompts. Vamosi disagrees and so do I. Offering an outbound-blocking that, out-of-the-box blocks nothing until an end-user or network administrator takes explicit and deliberate steps to block it."
Click on the link below for the full article:
http://blogs.zdnet.com/Berlind/?p=331&tag=nl.e539
No comments:
Post a Comment