Geeks With Blogs
Technically Speaking All in on IT

 I was reading a post at the SunBelt Blog about Agnitum’s review of Microsoft’s Windows OneCare. Other than to say that the Agnitum crew is highly respected, Alex was basically passing on their findings. It should be noted that both SunBelt and Agnitum make firewall products of their own. This obviously gives them expertise in the space, however, I cannot quite help but read into the comments knowing they sell a competing product. Does this mean that the competition shouldn’t review the performance of your product? Not necessarily. Just keep it in mind. Some of the "findings" are quite subjective! Here are the comments I had an issue with:


  • By default, OneCare firewall is set to address programs in an automatic mode – every program access is managed through the Microsoft-created and supplied application behavior policy. Programs that are allowed to connect to the Internet are included in that policy and the firewall simply lets them connect without restriction. The problem with this policy is that it covers a very limited number of applications, so the user is forever having to respond to notifications from other quite legitimate programs as they attempt to access the Internet. Another weakness of this approach is that, no matter whether the firewall is in automatic or user-definable access mode, it first blocks the application from accessing the Internet and then asks whether the program should be permitted to access the Internet on subsequent occasions. What this means is that a legitimate program soliciting first-time access to the Internet, in our case an IM chat program, cannot connect to the Internet; after a brief delay, a message to this effect appeared on the screen. It’s really not very user friendly to deny connections to programs accessing the Internet for the first time, and it limits the program’s functionality until a restart restores programs’ operations to a normal state. The way unknown programs are treated by the firewall leaves users with the impression that every application is presumed guilty - by being blocked - until proven otherwise.
  • Apparently Agnitum isn't bothered by a firewall that lets programs automatically connect to the interned - it doesn’t like that it lets so few of them do this out of the box! Should Microsoft decide in advance which programs you do and don’t want connecting to the Internet? They then go on to suggest that the firewall should allow unknown programs to connect to the Internet and then ask if you want to allow it or not. That it is a monumental inconvenience to re-connect that IM client after it has been initially blocked from the Internet! Hmmm, answer yes and then click on sign-in again. Seems easy enough … and yes, from a security standpoint, every application should be presumed guilty. That definition is wholly subjective when it comes to an average person's computer integrity.
  • The implications of this poor performance are far-reaching: any competent piece of malware would have no problem stealing data from a PC ‘protected’ by OneCare, and the firewall uttered not a single peep to prevent this from happening. This is a pretty serious shortcoming, since one of the primary functions of a firewall is to protect against unauthorized program connections – both incoming and outgoing; OneCare on this basis does not even meet the minimum requirements for an effective firewall.
  • Without examining the testing methodology used I cannot speak to these results other than to take them at face value. I can say that for the past year since beta testing began, I have run Windows OneCare in its various builds on about 10 different computers and none of them have suffered from an attack or an infection. I could just be lucky; but the odds are against me.
  • The OneCare firewall is so basic that it doesn’t even provide for the creation of advanced application access rules – you can either allow an application to access the Internet or deny it. You cannot make a rule, that, for example, would enable Internet Explorer to access some websites and not others (on the basis of IP address, for example). Nor can you specify, for example, time-based access permissions and apply advanced access parameters to the way applications are allowed to connect to the Internet, such as stipulating trusted access ports and protocols for a particular application
  • As Agnitum pointed out, the audience for this security product is "ordinary users" and "consumers." In the IT world, this group is generally not considered technically savvy (though many are). Hence, I would not add a slew of advanced firewall features for a person to potentially misconfigure. They can either inadvertently configure their computer to be wide-open or shut it down altogether. Keeping it simple is a benefit in a lot of instances.


My view (based on over a year working with the product) is that it is a solid option for consumer computers that don’t require (or want) a complex personal firewall - just one that does the basic job well. Out of the box the software runs smoothly, updates reliably and even provides backup and restore options to protect user data. Integrated Windows Defender anti-spyware software also aides in combating another prevalent Internet pain - spy and malware. It has an interface that is easy to understand and follow for the average computer user. The price point is also nice - roughly $39 a year to protect 3 computers. If you have multiple computers in your household, this is great news!

Posted on Monday, July 10, 2006 7:37 AM | Back to top

Comments on this post: Agnitum Pounds Windows OneCare

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Chris Haaker | Powered by: