This is a good example of how Microsoft has been forced into the security business. Its in a classic damned-if-you-do, damned-if-you-dont position. If it provides a good firewall as part of Windows, then its using its "monopoly power" to foreclose a third-party market. If it doesnt, then its providing an insecure operating system. The trick is to make Windows Firewall good enough that users can run it without problems, while still leaving a clear competitive advantage for third parties.Windows Firewall does have some protection against this, but it also comes configured with exceptions for some prominent applications, such as Internet Explorer. Doubtless there will be many testing stories soon looking at the practical differences in real-world use. Manageability can be another big difference. Windows Firewall will be manageable through group policies in Active Directories, but other firewalls, such as the Sygate Secure Enterprise personal firewall, have much more powerful management features and are not tied into Active Directoryalthough AD integration is good for a lot of people. Too bad that just by providing an adequate firewall, Microsoft is foreclosing third-party markets to some degree. People are cheap, and some number of users wont buy a third-party firewall because the Windows one is good enough. This is bad for everyone in a way, but in the big picture its just necessary that a good firewallbut not too goodcome with Windows. Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.
I asked Zone Labs about the gaps between Windows Firewall, and it has plenty of arguments to make. The biggest one is that Microsoft claims its firewall is much more sophisticated about outbound protection, which means protection against outbound communication by potentially unauthorized software on your system.