i could play Devil's advocate and say you don't need inbound control
either. inbound traffic requires a running service to do any harm.
that would mean a core Windows service, linux daemon, trojan, etc. if
you are careful with what you download, patch your system, and disable
unneeded services, then an inbound FW is as seemingly as useless as an
outbound FW.
I've read of trojans that can shut down firewalls. It shouldn't be
difficult to start a service running if this is true.
As to being careful... not connecting to the internet is being
careful. Once connected and bits start flowing you're on your own. A
trojan is something you thought was safe and wanted to grab. Cunning
and trickery are utilized.
Downloading only from respectable sites is being careful. But simple
browsing with an unpatched IE can lead to program installs that the
user will not be aware of.
There are so many holes in Win that have been exploited and I imagine
that many more that are in the process of discovery. The nominal Win
user (myself included) doesn't know exactly which settings and
services are safe and which can lead to trouble.
In general, using a firewall is a good idea. At least you stand a
chance of being tipped off when a new exploit ot a trojan make it to
your drive.
I'm still using Kerio 2.1.5 and the XP firewall. Together they seem
effective and resource usage is minimal. I'll probably try Sygate when
I have more time.
I've been writing an Oracle client app and Kerio catches any change in
the .exe. I can remove a space character, recompile, run the program
and Kerio alerts me before allowing any connection. This is pretty
valuable in itself. The program .exe cannot be spoofed to another app
or changed without notification.
2 cents, keep the change...