There is an on going debate   ever since Microsoft announced that outbound filtering in Windows Vista's firewall will be turned off by default. Obviously, Microsoft again valued usability above security. Whereas I understand it in this context, I was a bit surprised how Microsoft staff justified this move.
- If an EC2 Reserved Instance is not applied or used - Thu, Jan 20 2022
- Midnight Commander remote connect via Shell link (copy files over SSH) and SFTP link using FISH and public key authentication - Mon, Jan 17 2022
- Root login via SSH and SFTP on EC2 instances running Linux - Wed, Jan 12 2022
Michael Kleef, for example, thinks that other security measures should be used to prevent malware from infecting the computer in the first place. He listed several new technologies of Windows Vista, like User Access Protection, Windows Defender and Sandbox of IE7, that should do the job.
I think, this is not a good argument. The more lines of defences you have, the better it is. If the malware manages to get around one defence line, there is still the next in line which stops the malicious program from causing more damage. So, enumerating other features of software to explain away a security weakness is not convincing.
A second argument, which was also put forward by Mitch Tulloch, is that outbound filtering is not important anyway since clever malware can simply use another open port like port 80 to connect to other computers in the network.
There is a big difference between personal firewalls and gateway firewalls. Good personal firewalls don't just filter ports; they also allow you to specify which desktop applications can connect to the internet. This is very important in corporate networks. If a user starts an application which is infected by a virus or other malware from his USB stick, for example, it can't infect other computers in the network even if it uses port 80 since the personal firewall will block this application. I wonder, if the firewall of Windows Visa has this feature?
In my view it only makes sense for the home edition of Windows Vista to disable outbound filtering by default. Usually, the configuration is too complicated and time consuming that most users would just turn off the firewall, anyway. This way usability does improve security since security software that is too complicated to handle will simply not be used. So the overall security of the internet wouldn't be improved.
Subscribe to 4sysops newsletter!
However, in a corporate environment outbound filtering is very useful even if there is gateway firewall. As network administrators can do the configuration, usability is not an issue here.