Bruce Chambers said:
WinXP's built-in firewall is fine at stopping incoming attacks, and
hiding your ports from probes. It doesn't give you any alarms to tell
you that it is working, though. What WinXP also does not do, is
protect you from any Trojans or spyware that you might download and
install inadvertently. It doesn't monitor out-going traffic at all,
much less block (or at least ask you about) the bad or the
questionable out-going packets.
That's not completely true. WinXP's firewall can log the packets it
drops, and this is IMHO much better than "noisy" firewalls that keeps
telling you it blocked a packet (usually perfectly harmless).
As for outgoing traffic... Well, if you install trojans on your computer,
you've a problem that no firewall will cure. First rule of security: there
is no subtitute to educating users. Moreover, it's really _easy_ for a
programmer to work around these filters on outgoing packets,
assuming the firewall is configured to let http connections through
(just start a hidden instance of the web browser, inject your
code in it, and use the http port for your connections).
I've a really bad experience with ZoneAlarm. It uses a kernel-mode
driver (of course) that appears to be really buggy and causes WinXP
to crash (blue screen) regularly. Moreover, this one is _really_ noisy.
I'm not advocating a no-firewall solution for everyone, and
blocking outgoing packets can be a way to make users aware
that they are installing software they should not. Just remember
that no firewall will protect you if you install unsafe software.
And WinXP's firewall is really not so bad...