A Better Firewall
Vista's improved firewall is another story. It offers the ability to block both inbound and outbound connections (XP's firewall blocks only incoming traffic). Outbound filtering provides a second layer of defense in blocking sophisticated forms of malware that make invisible connections from your system to remote hacker-controlled servers--but as with many forms of secondary protection, deciding which apps should and shouldn't be blocked takes some technical know-how. For that reason, Microsoft turned it off by default. But even without outbound filtering, the firewall "is better than good enough," says Ed Bott, coauthor of Windows Vista Inside Out.
"It blocks all unsolicited incoming connections and is almost invisible in operation," he says. And advanced users can configure outbound filtering for additional protection, while nontechnical users--who would be just as likely to break something as to prevent an attack, Bott says--are not forced to set up any rules for outbound filtering.
The Vista firewall passed most tests in AV-Test's analysis. However, it was not able to filter incoming mail attachments, as some firewalls do. Also, it failed a large percentage of so-called leaktests, which use a specially crafted program to see whether a firewall will block outbound connection attempts.
Still, many security companies and researchers, including AV-Test's Marx, argue that since these programs are artificial (as opposed to the real malware thrown at antivirus products), they may not provide accurate assessments of a firewall's abilities.
A Route for Incursions
The Vista firewall, along with many others, may do a good job at blocking outside attempts to infiltrate your computer. But Internet programs must go through the firewall to browse a Web page, access your e-mail, or carry on an IM chat--and this itself creates an avenue for attack.
Because Internet Explorer opens up the door to your PC and has such a huge user base, the browser is constantly under seige. To improve IE 7's defenses, the Windows Vista version of the browser by default runs in Protected Mode, preventing IE--or any successful Internet attack that hijacks it--from changing sensitive parts of the operating system. This defense tactic has already been successful against current attacks that target holes such as the animated cursor flaw.
Besides these up-front defenses, Vista also includes a number of back-end protections. PatchGuard attempts to block rootkits, which can hide virus infections. A technique called Address Space Layout Randomization makes it harder for malware to find and infect running processes. Finally, several changes to the kernel, the heart of any operating system, increase its resistance to hacker attacks.