while i think many of us will welcome this, i am skeptical of what
the firewall will be 'enabled' to block, and how easy it will be
for the user to set-up rules (and hopefully there will be a sanity
check included so that 'permit in any' is not a valid option, but
then 'permit out any' should not be one either)
but still, it is a step...
my $0.02
"Walk with me through the Universe,
And along the way see how all of us are Connected.
Feast the eyes of your Soul,
On the Love that abounds.
In all places at once, seemingly endless,
Like your own existence."
- Stephen Hawking -
It's a pretty rudimentary "firewall," I suspect enabling that by default
is gonna piss off a hell of a lot of people (I'd venture to say it'll
piss off more than a virus, since most are too clueless to get mad at
that).
John
The firewall in XP appears to perform stateful inspection. I have run scans against my own XP machines using NMAP and other tools. The machine appears completely non-responsive to such scans (i.e. no response on any ports).
I use this feature most especially when using public wifi hot spots, and encourage my clients to do the same (or use some other firewall software) when at such locales.
What Microsoft implemented does seem quite sufficient for many users. The down-side to this and all other firewalls running in software on end hosts is the possibility of an application finding another path in (e.g. email attached virus) and disabling the firewall.
I am no Microsoft apologist and am a proponent of open source, but have to admit they did a good job on this feature. It's good that Microsoft has finally realized the value in defaulting this capability to ON.