View Single Post
Old 04-06-2009, 09:18 PM   #8
Japo
Autonomous human
 
Japo's Avatar


 
Join Date: Mar 2006
Location: ,
Posts: 4,613
Default

A connection is either inbound or outbound--both include traffic in both directions, don't get confused, it's about whether it's you or a remote node who started the connection; whether you're the server or the client.

Inbound connections (solicited by just anyone and accepted by a "listening" program or service in your computer) can be dangerous, if there's a vulnerability in your system.

Outbound connections (solicited by a local program or service in your computer) by definition need your computer to be infected to be dangerous. If a program is connecting outside from inside, it must be already inside--duh. So if you should manage to prevent infection effectively, you wouldn't need outbound filtering in your firewall.

FACT: No antivirus program can prevent you from getting infected. There's always some nasty any of them will miss, because they allow by default.

Access restrictions (XP, Vista) or a very thorough HIPS on the other hand, can prevent infections--unless a vulnerability in them is exploited successfully--as long as you don't invite them by circumventing those of course (Trojan horse).

Most programs don't need to listen as server (the most notable exceptions are P2P "clients"), so filtering inbound connections is much much much less hard work than filtering every outbound connection.

The Windows firewall filters inbound connections, so you'll be safe (and pass every ShieldsUP test), as long as you don't let your local system get infected.

The one in Vista even includes some non-intrusive outbound filtering--although it could probably be leaked (circumvented by stealth) if tried a little hard. So can certainly be leaked ZoneAlarm Free, and many others. A mere firewall (network traffic control) cannot guarantee that a program will connect outside stealthily (such as hijacking another program) unless it includes extensive HIPS (application control) features.

If you still want to go for an impregnable outbound firewall, and if you try Comodo and it works for you, you won't find a stronger one. It includes a _full_ HIPS (meaning that _all_ activity is thoroughly monitored, not just network traffic). It has very little resource usage, all things considered. You can opt them full HIPS down to a level that it just makes the network firewall leak-proof, without controlling further activity. Otherwise it includes some tools to reduce need for user intervention when working with programs from really trustworthy sources ("trusted vendors" for digitally signed programs, "clean PC mode", temporary "installation mode", "training mode"--they also work for the firewall component). It now comes bundled with its own Comodo Antivirus, although that's not yet one of the best, and again you can opt it out during installation.

Hope it helps.
__________________
Life starts every day anew. Prospects not so good...
Japo is offline                         Send a private message to Japo
Reply With Quote