Ken Blake said:
If you are saying that there is no built-in firewall in Windows XP SP1,
that is *not* correct. Not only was there a firewall in SP1, but there
was also a firewall in the original release of Windows XP.
Ken, he's talking about SPI (Stateful Package Inspection) rather than
SP1. Anyway, you're correct - even WinXP RTM had a built-in firewall.
SPI (mostly hardware firewalls) vs. SPF (mostly personal firewalls) has
nothing to do with outgoing traffic that he prefers to monitor since he
has no security concept at all. The user cannot really make the decision
if it's secure to allow Internet Explorer or Firefox to access the net
since these requests might be driven by malware as well. On the other
hand, the user might block "svchost.exe" and complains about the weird
behavior of the system.
In other words, it's way better to configure the system correctly in
order to keep any malware away from the system rather than depending
on ZoneAlarm & Co. which can be bypassed easily (tunneling) while
confusing the user with strange messages.