There’s been a lot of heat, but little light, in the discussion over whether Microsoft has crippled the firewall in Vista. From what I can gather, it appears that they’ve made a big mistake in turning off a vital firewall feature.
The big complaint about the XP firewall was that it didn’t block outbound connections, and only handled inbound connections. That’s a big problem, because spyware, Trojans, and other malware frequently make outbound connections without your knowledge. Firewalls like ZoneAlarm block both outbound and inbound connections, and are far superior to the XP firewall.
So I was initially pleased to hear that Microsoft was including outbound protection in the Vista firewall.
But now, it’s not so clear that it will even include that protection. Business editions of Vista will have outbound protection — but that protection will be turned off by default. Sys admins will be able to turn it on, and perhaps individual users can as well.
That’s bad enough. Here’s a bigger problem, though: It’s not clear that consumer versions of Vista will include outbound firewall protection. I’ve heard rumors that it won’t. And on the beta of Vista that I have, there’s no outbound protection. There’s not a checkbox anywhere to turn it on — at least, not one I can find.
I’m hoping that’s just a beta problem; I’d prefer not to run a second firewall in addition to the one that ships with Vista. And I’m sure that I’m not alone.