Better than nothing, but not good enough

"Yooohoo .. firewall !" "Yessir!" "Turn yourself off please" "Aye Aye, Sir!"

According to David Berlind, that's what happens with Windows Firewall even after much-talked-about secure Win XP SP2. According to him, the firewall lacks outbound traffic blocking, and it allows itself to be turned off programmatically.

Well, only if the user has admin privileges. But this might not have been the best way to do stuff, after so much anticipation on SP2. These two 'features' would make the firewall practically useless unless it gives us 200% assurance on blocking inbound traffic. And I thought the major part of what can happen to a guy like me would consist of outbound traffic: with all these new worms 'calling home' and using built-in SMTP servers to send hundreds of email from my computer, and lots of spyware and adware reporting home with my details. If the firewall blocks outbound traffic, I could detect these stuff. Unless I'm a well known server, the chances that every hacker in world to attack me from outside would not be that much. On the other hand, the guys who expect more inbound attacks than a possible Worm --a big guy with a popular server-- would have an industry standard firewall in the first place.

MS can say, "well, inbound protection is better than nothing, and once you get infected, then there's nothing much to do anyway": well, then this is going the same was as WRM. Nothing significantly better than Voluntary abstinence - and giving up fighting. It could easily do something to reduce the damage on whole world, thinking of DDoS attacks and everything that happen - in reality.

And about that API to turn the firewall off, well, may be MS had a point there: there's a risk running your PC as admin, whether it's Windows or Unix. What's disturbing is the facts: Dave points out that most WinXP users DO log in with Admin powers. I have to assume that he's right with his statistics - which he usually is.