Microsoft likes to point out the fact that its firewall in Windows Vista is superior to the one in XP because it includes outbound as well as inbound filtering. What it forgets to say, however, is that the outbound filtering is turned off, and pretty much impossible to configure to kill spyware.
As I point out in an article for Computerworld, the Vista firewall by default doesn’t provide any outbound filtering.
Worse yet, there’s no practical way to have the outbound filtering protect against spyware, Trojans, and bots. As set up, the outbound rules permit every connection. If you want to block a program from making an outbound connection, you have to set a specific rule to block that individual program. There’s no way for someone to create an all-purpose rule to block malware making outbound connections.
As I point out in my article: “To stop all malware from making outbound connections, you’d have to know all those details of all the thousands of pieces of malware in existence, and create rules for each one individually. But even that wouldn’t work, because you wouldn’t know about malware that has not yet been detected.”
Microsoft claims that outbound filtering isn’t really needed, and that key is making sure that malware doesn’t infect the PC in the first place. That’s true as far as it goes — but if that’s the case, why include outbound filtering on the firewall, and then saying they’ve improved the firewall?
Vista security is clearly superior to XP’s in many ways. But when it comes to the firewall, despite hype to the contrary, there doesn’t seem to be any extra safety at all.