Ugh. :rolleyes2
More seriously, rival firewall makers claim that the API used to manage the Windows Firewall could also be used by attackers to modify the software or turn it off. Major firewall makers, including Zone Labs, McAfee, and Symantec are preparing SP2-compatible versions of their applications which disable Windows Firewall when they are installed, and enable it again when they are uninstalled.
But if an installer can switch off Windows Firewall, so could an attacker, argues Zone Labs, maker of the popular ZoneAlarm firewall.
It takes no more effort to turn off MS' firewall than it takes to turn
any firewall off by code, or anti virus software for that matter.
*Windows Firewall does not block outgoing traffic as some users have reported when they are presented with the following prompt (see screenshot below). Though the prompt appears to be asking if the user wants to block the application from connecting to the internet, it is actually prompting to block a connection from the internet to your computer. (thanks Kelpfries)
Funny; to me is says "has blocked this program from
accepting connections from the Internet or a network". Since when is accepting something a synonym for initiating something? :confused4
According to the test results Windows Firewall does a good job at blocking incoming traffic. However, the fact that it does not monitor outgoing traffic and that it can be turned off easily by other applications really doesn’t make it a safe firewall in my opinion. The resolution, turn it off and get another firewall such as ZoneAlarm or better yet, Sygate Personal Firewall which is free for personal use and offers exceptional protection; both incoming and outgoing.
It does help to keep in mind what Windows Firewall was designed to do: to keep a by default unsecured (no third party firewall installed) from being exploited remotely and it succeeds in doing that.
If Microsoft had implemented full in- and outbound blocking everyone would be screaming in outrage at how the big, evil Microsoft was going to crush the poor, helpless firewall companies.
Is Windows Firewall more secure than a default XP installation? Yes. Is turning it on by default a good thing? Yes. Is it good enough to keep you from using another software firewall? No. It's meant to protect those who don't already have one installed, nothing more, nothing less.
To illustrate:
net stop "Norton AntiVirus Auto Protect Service"
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\navapsvc\Start = 0x4
stops Symantec's antivirus auto protect and will keep it from ever starting again when you reboot.
net stop "Sygate Personal Firewall"
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SmcService\Start = 0x4
*gasp* turns off a non Microsoft firewall and disables it from ever getting started again by the average user.
The issue isn't with Microsoft or it's implementation of a firewall, it's with people running on accounts with administrative privileges. If you weren't running as administrator you'd see a nice "Access denied" on both the registry key and the net stop.
Clueless journalists should stop writing and making claims about things they know nothing about. Also, shame on Zone Labs for saying it can easily be turned off when their own software suffers from the exact same issue. :shame: