Re: Firewall etc

I also have a couple of letters behind my name too.
I don't usually throw them around as any sort of sign of anything, but I'll
let you see my business card and you tell me if they mean anything.

"Kerry Brown" wrote:

"Chappy" <guest@xxxxxxxxxxxxxxxxx> wrote in message

Matousec ran a very comprehensive test of the available products for
'Matousec Firewall Challenge'

Windows firewall in it's default state scored a rather dismal 5% but
does better with some advanced configuration, still not as good as
others tho.
Comodo scored the best for Free firewalls at 95% and is the choice of
many of the security pros here in the Forums. Some in the Newsgroups
here get rather "testy" when anyone mentions (God forbid) using a 3rd
party them "Snake Oil" and the like, but Matousec's test
suite is very comprehensive and runs the toughest firewall attacks and
go-rounds available so I'll take their word over the ...ahem "other" guy
here who may come in and start bashing this post for Blasphemy.

I guess I'd be considered a "security pro". I manage network security for
several businesses for a living. Microsoft has seen fit to award me the
"Most Valuable Professional" award for the past three years. I totally
disagree with your statements. The only time I use third party software
firewalls with older OS's that don't have a built in firewall. Software
firewalls that advertise outbound filtering as some sort of anti-malware
goodness are indeed snake oil. Yes they stop some malware from phoning home.
There is no way they can stop a determined hacker once your computer is
owned. The fact that they stop some poorly programmed malware only gives
people a false sense of security. Outbound filtering can be useful. You may
want to stop business users from using p2p apps or messenger while at work.
You may want to stop your kids from accessing certain sites or using certain
applications. A software firewall running on the computer being used is not
the best solution for this. If you do want to use a software firewall for
these purposes the built in Vista firewall does this better than any 3rd
party software firewall I've seen. Personally I use either a hardware
firewall or a Linux box as a gateway device for doing this kind of stuff.
Even most home routers have these features now. Use the appropriate tool for
the job. Software firewalls aren't really the appropriate tool to stop
malware once it's on your computer.

Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration