Longtime readers know that I feel passionately about having a personal firewall on a desktop PC, especially a home PC. A fair number of malware programs can be stopped at the Internet gateway, before they get to your desktop, creating an in-depth defense. Recognizing this, Microsoft changed the default setting for its Windows Firewall in Windows XP SP2 from Disable to Enable. But the Windows XP SP2 firewall blocks only inbound connections–useful, yes, but this also means that if you have spyware living on your PC, it’ll still be able to phone home as an outbound connection. Thus, I recommend that everyone using Windows XP SP2 also use trusted third-party firewalls from CheckPoint (makers of ZoneAlarm) or security vendors, such as Trend Micro.

With Vista, Microsoft says it’s finally including “bidirectional filtering as well as integrating IPSec protocols.” Microsoft also assures me that in Windows Vista all inbound connections will be blocked by default, whereas all outbound connections will be allowed by default, other than by exception. What does that mean? Well, it’s less than you might think.

Read More