OneCare Firewall: a light-weight approach to a heavy-duty problem

Agnitum, the maker of Outpost Firewall reviewed Microsoft’s OneCare Firewall



Although the program is very intuitive, nice to look at, and easy to use – which is good for the program’s target audience of inexperienced users – its functionality is a big let-down and does not serve that inexperienced user audience well. It reminds us of those a colorful and feature-rich Graphical User Interfaces (GUI) with nothing behind them that you sometimes see at exhibitions, because the vendors couldn’t finish the whole program in time. Microsoft OneCare needs a serious overhaul before it can be considered anything more than just a fancy interface with no real security under the hood.


– The OneCare firewall failed all but the simplest leak tests and does not offer even the most basic intrusion detection capability, leaving users’ PCs wide open to being hijacked into a botnet
– The OneCare firewall database of pre-approved applications is very small, and adding each new application requires several user interactions and a reboot
– Application access rules are limited to ‘allowed’ and ‘not allowed’—users cannot configure different rules for different types or times of usage, such as allowing IE to connect with some but not all websites
– Similar limitations apply to network file access and remote desktop operations
– The Windows Defender anti-spyware component of OneCare imposes significant delays on program execution, and is updated on a separate schedule than other OneCare components


http://www.agnitum.com/news/securityinsight/issues/june2006 (also available in PDF)


via Sunbelt Blog

Leave a Reply