Hi,

I've always been reading that Windows XP firewall is not good for outbound protection, only for inbound. However, something puzzles me in this respect:
Whenever I install a new program that needs to make an internet connection, Windows firewall warns me that it has blocked this program, unless I decide on the contrary and make an exception. Wouldn't such a popup show up if some malware program in my computer tries to make an outbound connection (assuming the Firewall wasn't disabled in some way)?
To be clear, I'm not just relying nowadays in Windows firewall and an antivirus for protection: I have also some behaviour-type HIPS and a sandbox type one, besides a router firewall. I believe this behaviour-type HIPS will in some way protect against outbound connections from unknown (or known to be bad) sources, and with a minimum of popup messages, so I've been hesitating in going to a firewall more advanced than the Windows one. Then I probably would have to learn how to configure it, deal with much more popup warnings and also more resources would be used in the computer.
That's the reason why I would like to learn more about how effective Windows firewall is with respect with its outbound blocking procedure.

Regards,
acaetano.

Heya acaetano



Good shot, but malware developers know all that secrets, the programmers of f.e. MS Windows knew too.

Try to imagine this here:
If you were a "Bad Boy", a developer of malware, won't it be your highest goal to trespass all kind of detection when opening/establishing an connection to the internet without getting monitored or carmouflaged?

BU

Windows firewall outbound protection is about as basic as it gets. If i were to use it i would combine it with something like appdefend or system safety monitor to control outbound connections.