Jay said:
Has this been improved enough to be considered useable?
Can I employ this with a certain amount of confidence or am I best to
stick with a 3rd party product?
As far as I know, not even the XP SP2 firewall has ever been exploited. But
Vista's firewall (See Windows Firewall with Advanced Security in
Administrative Tools) is now very configurable and offers some level of
outbound protection -- although it's debatable whether or not that's really
necessary, given Vista's other new security features. I've never really
cared much about outbound protection because I don't install naughty
programs on my machines. Every once in a while I'll use Lavasoft and some
other software to scan for malware that NOD32 might have missed, but all
they ever find are some tracking cookies that I hadn't already blocked by
other means. And the average user, who might actually need outbound
protection, will simply click "Yes" to allow some bad guy program to call
home to momma anyway.
I do, however, want to make sure that no one I don't want is getting /into/
my machines.
IMHO, nothing beats ISA Server's intelligence. It's much more than just a
stateful packet inspection firewall. If you want the best protection and
you've got the dough (and an old Win2K server lying around somewhere), get
it and spend the time to learn it.
But I think that most users will get the same level of relative safety with
Windows Firewall as they would with other software firewalls, especially if
they're also running behind a NAT device, e.g., a DSL modem (many cable
modems do not offer NAT). I don't think that Symantec, McAfee, or anyone
else's software or hardware firewalls offer any better real protection. (I
think the hype in the marketplace is a little over-the-top). If they close
ports, inspect packets for suspect content, an allow you to create custom
rules, they're all pretty much the same.
Of course, this is just my opinion, and there are a lot of real fans of
other products out there.