Roof said:
Vista's firewall has a setting "Display notifications to the user
when a program is blocked from receiving inbound connections." Why
doesn't it have a setting "Display notifications to the user when a
program is blocked from initiating outbound connections", like
Zonealarm is able to do?
Design choice, I guess. Obviously there is nothing to stop Microsoft from
adding this feature, other than perhaps they don't want to tread on the toes
of too many 3rd party providers at once, and/or they might agree with my
opinion on the whole firewall thing, which i've outlined below.
//personal opinion follows//
This sort of feature is not as useful as a lot of people think, and in 3rd
party software firewalls such as ZA is more about saying "Hey, I'm here
working hard for you, wouldn't you like to buy the full priced copy, or if
you have already then aren't you glad you did." than about adding any actual
quantifiable protection to the system.
Once code is running on your system, it is totally trivial on MS operating
systems older than Vista to subvert the settings of any firewall program
because the user is usually running as Admin, Admins can modify the
block/allow list of the firewall program, and any malicious program running
in the 'context' of that logged in user can use this admin right to quietly
add itself to an exclusion list in the background.
On systems such as Vista, the cost of doing this has become a little higher,
maybe, but it still exists to some degree at least.
Once malicious code has been executed on your system by an admin level
account, you have lost control of that system and can't trust anything that
happens 'within' that operating system from that point onwards. Sad but
true. So it is far more cost effective to work on preventing malicious code
from entering and executing on a system than it is to worry about trying to
rein it in afterwards.
//personal opinion ends//
Regards
Rob Moir.
