One of the most amusing things to me in the war against viruses and other malware has been the rise of outbound firewalls. I’m talking about all these supposedly extra-secure firewalls that block any attempt your applications make to access the internet. If you upgrade one of your applications, at best you will get re-prompted to give it access to the internet and at worst it will just silently block it.
They’re the single most annoying firewall in the world, and I’ve seen countless posts over the years saying “internet-using application x doesn’t work after I upgraded it” – 99% of the time the user has blamed the application when it’s actually their firewall that caused the problem.
The worst part is, these firewalls are worse than useless; they give a false sense of security when you can’t really stop anyone who knows what they’re doing from making an outbound connection. I was very happy to see that Larry Osterman, one of the senior Windows developers, has the same point of view. He was actually ranting about why Chris Pirillo was wrong to call the Windows Firewall untrustworthy, but in the process he explained why outbound firewalls are stupid.
I love his quote at the end though.
I honestly believe that the main reason you’ve NOT seen any internet worms since 2002 is simply because XP SP2 enabled the firewall by default. There certainly have been vulnerabilities found in Windows and other products that had the ability to be turned into a worm – the fact that nobody has managed to successfully weaponize them is a testament to the excellent work done in XP SP2.
I hadn’t thought about it, but he’s right. There hasn’t been a huge internet worm in years.