ZIFFPAGE TITLEAt A Glance
>
ZIFFPAGE TITLEFull Review
When I evaluated the Microsoft Windows Live OneCare beta this past January, it wasnt quite ready for the real world. The antivirus hadnt been certified, the firewall had glitches, and the antispyware component was MIA. The products final release fixes most of the problems I found in the beta, but its still not a substitute for a full-scale security suite like those offered by Zone Labs, Symantec, or McAfee. Yet the security-as-a-service model, which seemed unusual at OneCares inception, is now almost commonplace. Symantecs Norton 360 (formerly Genesis) and McAfees Falcon project are both moving toward release, and AOL has unspecified plans to offer a similar service to both members and nonmembers.
Firewall protection is central to a security suite, and OneCares firewall successfully puts a systems ports in stealth mode, making them invisible to outside attackers. So does the Windows XP SP2 firewall, but OneCares firewall also limits outbound Internet and network access to authorized programs. Even when its nominally turned off, OneCares firewall leaves all but a handful of ports in stealth mode. The beta firewall left some crucial ports open and interfered with file sharing; these problems have both been fixed. The firewalls program-control feature recognizes thousands of valid programs and automatically allows them access. OneCares handling of unknown programs is a bit different from the usual. Where most personal firewalls ask the user whether to block or allow an unknown program, OneCare always blocks unknowns. After blocking a program, it asks whether to continue blocking it or allow it in the future. Thus, youll often need to relaunch a program after telling the firewall to allow it. I was quite surprised, though, to find that the firewall recognizes and allows programs from adware vendor 180solutions, only to have them immediately removed by Windows Defender, the suites antispyware solution! It seems as if theres more integration work to be done.
The OneCare firewall doesnt attempt to block sneaky malware that evades program control by manipulating or imitating approved programs. I ran ten leak-test utilities that exercise these techniques and the firewall didnt stop any of them—but the antivirus detected and eliminated two. Thats teamwork! This final version seems somewhat more resistant to direct attack by malware. I “killed” all its processes using Task Manager, but they mysteriously rose from the dead to continue their protection. However, when I stopped and disabled the corresponding services (something a malware program could conceivably do) the firewall was stymied.—