New Vista firewall fails on outbound security

07.02.2007

Microsoft's reaction

Microsoft claims that the firewall does perform some outbound filtering, but that the filtering is invisible to users. Jason Leznek, Microsoft senior product manager, told Computerworld that outbound filtering rules "are enabled by default for core Windows services as part of Windows Service Hardening, which enables the firewall to understand specific behaviors Windows services should have, and block them if they are doing something unexpected (ie, via an exploited vulnerability). Windows Firewall also protects the computer by blocking certain outgoing messages to help prevent the computer against certain port scanning attacks."

In other words, Microsoft claims that the firewall can block some malware. But Leznek concedes that it cannot block all malware, and he claims that a more effective approach than outbound filtering is to use antispyware such as Windows Defender, which the company claims will stop malware from being installed on the PC in the first place.

This reflects what Vista group product manager Greg Sullivan told BusinessWeek. Outbound filtering is "a high cost to pay for what we thought was not that much benefit," he told the magazine. "The support burden it would generate for us and our partners, mostly manufacturers, is a very high cost to pay for very little benefit."

But Microsoft has a somewhat schizophrenic approach to outbound protection. When questioned about the need for outbound filtering, Leznek told Computerworld that Windows Live OneCare, a product and subscription service Microsoft sells for US$49.95 a year "provides outbound filtering as a service and may also be an attractive option...."