By Neil J. Rubenking  |  Posted 2006-06-14 Print this article Print

When I evaluated the Microsoft Windows Live OneCare beta this past January, it wasnt quite ready for the real world. The antivirus hadnt been certified, the firewall had glitches, and the antispyware component was MIA. The products final release fixes most of the problems I found in the beta, but its still not a substitute for a full-scale security suite like those offered by Zone Labs, Symantec, or McAfee. Yet the security-as-a-service model, which seemed unusual at OneCares inception, is now almost commonplace. Symantecs Norton 360 (formerly Genesis) and McAfees Falcon project are both moving toward release, and AOL has unspecified plans to offer a similar service to both members and nonmembers.

Firewall protection is central to a security suite, and OneCares firewall successfully puts a systems ports in stealth mode, making them invisible to outside attackers. So does the Windows XP SP2 firewall, but OneCares firewall also limits outbound Internet and network access to authorized programs. Even when its nominally turned off, OneCares firewall leaves all but a handful of ports in stealth mode. The beta firewall left some crucial ports open and interfered with file sharing; these problems have both been fixed. The firewalls program-control feature recognizes thousands of valid programs and automatically allows them access. OneCares handling of unknown programs is a bit different from the usual. Where most personal firewalls ask the user whether to block or allow an unknown program, OneCare always blocks unknowns. After blocking a program, it asks whether to continue blocking it or allow it in the future. Thus, youll often need to relaunch a program after telling the firewall to allow it. I was quite surprised, though, to find that the firewall recognizes and allows programs from adware vendor 180solutions, only to have them immediately removed by Windows Defender, the suites antispyware solution! It seems as if theres more integration work to be done.

The OneCare firewall doesnt attempt to block sneaky malware that evades program control by manipulating or imitating approved programs. I ran ten leak-test utilities that exercise these techniques and the firewall didnt stop any of them—but the antivirus detected and eliminated two. Thats teamwork! This final version seems somewhat more resistant to direct attack by malware. I "killed" all its processes using Task Manager, but they mysteriously rose from the dead to continue their protection. However, when I stopped and disabled the corresponding services (something a malware program could conceivably do) the firewall was stymied.— Read the full story on PCMag.com: Windows Live OneCare Check out eWEEK.coms for Microsoft and Windows news, views and analysis.

Neil J. Rubenking Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted by readers. By 1990 he had become PC Magazine's technical editor, and a coast-to-coast telecommuter. His 'User to User' column supplied readers with tips and solutions on using DOS and Windows, his technical columns clarified fine points in programming and operating systems, and his utility articles (over forty of them) provided both useful programs and examples of programming in Pascal, Visual Basic, and Delphi. Mr. Rubenking has also written seven books on DOS, Windows, and Pascal/Delphi programming, including PC Magazine DOS Batch File Lab Notes and the popular Delphi Programming for Dummies. In his current position as a PC Magazine Lead Analyst he evaluates and reports on client-side operating systems and security solutions such as firewalls, anti-virus, anti-spyware, anti-spam and full security suites. He continues to answer questions for readers in the ongoing 'Solutions' column and in PC Magazine's discussion forums.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel