I don't mean to impuign (sp?) the results of this analysis, but everyone should remember that Agnitium being a company that sells security software, have a reason to be biased in their analysis.

To be more fair, I would like to see their analysis of say ZoneAlarm's firewall and maybe Sunbelt's firewall and their own firewall.


So I am purposely trying to argue it more from Microsoft's point of view - in the interest of fairness. ie what they may argue to Outpost's analysis.


1. The OneCare firewall database of pre-approved applications is very small, and adding each new application requires several user interactions and a reboot

- Having a small database of pre-approved applications could be argued to be a good thing. I can imagine many security experts and the like would say "I don't want Real Player to be automatically configured to access the internet,....I want the choice". ie common applications that they may approve, end users may not want to allow through.
Though I can definetly see that having to reboot the machine would be annoying for each application (if this part is true).


2.The OneCare firewall failed all but the simplest leak tests and does not offer even the most basic intrusion detection capability, leaving users’ PCs wide open to being hijacked into a botnet.

- A lot of firewalls fail leaktests.....even Outpost does not pass them all. 20/27...failing some leaktests. And if the pricing scheme is right, your going to pay almost three times as much for Outpost? Not one single firewall passed those tests.

http://www.firewallleaktester.co...r.com/ tests.php


3. The Windows Defender anti-spyware component of OneCare imposes significant delays on program execution, and is updated on a separate schedule than other OneCare components

- I note it says that it works quite well on a mid range PC. Many other antispyware programs have the exact same delay on slower older machines. Taking up loads of memory for their antispyware shield and slowing the machine right down.


4. Application access rules are limited to ‘allowed’ and ‘not allowed’—users cannot configure different rules for different types or times of usage, such as allowing IE to connect with some but not all websites

I admit this may be annoying for advanced users, however, extensive surveying has shown that joe public does not want to have to do lots and lots of configuring for each application. Why do people think Zone Alarm took off so well? It was the simplest easiest design of a firewall - in fact I think it may have been one of the first application based firewall (though I don't know about that). Now it is a major player in the game....

By doing it this way, you cut down the number of annoying popups asking if you want to allow an application access for all the various ports etc.


5., we found that OneCare worked smoothly alongside Outpost Firewall Pro, and that Outpost Firewall was the first to monitor the system, ask questions and protect the user – not OneCare. That’s not good news for OneCare.
(Taken from article)

And thats a bad thing? That it runs alongside other firewalls is a great thing I think...it means you don't HAVE to uninstall your old firewall, and you can compare the two to see how they are doing.


6. OneCare’s packet filtering is on a par with its competition, and the ability to select a port range for any chosen protocol is a useful feature.

I note they slip that in there almost like an aside. With that particular feature, an advanced technical person could easily block off most off the ports that could cause damage......leaving only a small number of ports open.



I am not suggesting that OneCare is a good or a bad package, I am just suggesting that the results can easily be read in another way.......
k1 | 06.28.06 - 2:58 pm | #