Re: Firewalls



I've written about the fallacy of outbound protection several times, most recently in the June issue of TechNet Magazine: http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx. The article mostly explains changes to the firewall in Windows Vista, but includes a section on why we continue to omit the kind of outbound protection you see in other firewalls.

I'll quote one paragraph here:

There’s an important axiom of security that you must understand: protection belongs on the asset you want to protect, not on the thing you’re trying to protect against. The correct approach is to run the lean yet effective Windows firewall on every computer in your organization, to protect each one from every other computer in the world. If you try to block outbound connections from a computer that’s already compromised, how can you be sure that the computer is really doing what you ask? The answer: you can’t. Outbound protection is security theater--it’s a gimmick that only gives the impression of improving your security without doing anything that actually does improve your security. This is why outbound protection didn’t exist in the Windows XP firewall and why it doesn’t exist in the Windows Vista firewall.


Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley


"Mark2006" <Mark2006@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:631C4F31-DEBD-4081-9F50-F1F17FC03995@xxxxxxxxxxxxxxxx
I have used Zonealarm Pro for years. I recently tried to upgrade it and it
blew up. The old version stopped working and the new one could not be
installed. I spent hours working on it to little avail. So I turned windows
firewall back on,

I don't believe that windows firewall is sufficient. What do people
recommend?

Thank you.

.