We’ve mentioned previously that Microsoft’s new security suite, Windows Live OneCare, is not faring well in reviews. Add one more as the folks at agnitum (which does offer a competing firewall) put the OneCare firewall through its paces. Hit the link for the technical details, but here’s the punch line:
Although the program is very intuitive, nice to look at, and easy to use – which is good for the program’s target audience of inexperienced users – its functionality is a big let-down and does not serve that inexperienced user audience well. It reminds us of those a colorful and feature-rich Graphical User Interfaces (GUI) with nothing behind them that you sometimes see at exhibitions, because the vendors couldn’t finish the whole program in time. Microsoft OneCare needs a serious overhaul before it can be considered anything more than just a fancy interface with no real security under the hood.
Ouch! While I don’t necessarily buy in to all the issues raised, check this out:
After OneCare has worked for a couple of hours and created a reasonable-sized database of application access rules, we subjected the firewall to a slate of leaktests intended to verify how the program would protect users against imaginary malware attempts to upload data from the host computer. The results were very poor, with the OneCare firewall passing only the most basic and simple leaktests and failing the rest. Amusingly, it treated leaktests as if they were normal Windows Explorer (explore.exe), Internet Explorer and other credible applications widely used on a Windows-based computer, failing to detect the tests’ tendency to imitate, implant its code in, or hijack a credible application on which behalf it subsequently gained access credentials.
The implications of this poor performance are far-reaching: any competent piece of malware would have no problem stealing data from a PC ‘protected’ by OneCare, and the firewall uttered not a single peep to prevent this from happening.
Sounds like Microsoft has got some work to do.