So, this would normally be the BIG news of the day. But given the horror I'm still recovering from (see the previous post), it's basically back-burner news in my world.
But it's still newsworthy.
A few days ago I got rid of my normal firewall -- it was hosing development on my localhost (completely seizing up the box). Zone Alarm pwns, but I just couldn't hack it messing up my dev environment, so I uninstalled it.
I was GOING to put some other firewall product on my box (tinyfirewall, or kerio), but never got around to it.
I figured that the NEW and IMPROVED SP2 Windows Firewall had my back. Boy was I wrong
Today, I played HL2: Deathmatch. An online game. I played it for an HOUR, sending Ooooodles of packets back and forth... probably a few MegaBytes of data. The game had FREE reign on my computer. (I trust HL2, but want you to get the idea... this game could have been ANYTHING (like spyware), and could have done ANYTHING.)
When I got done playing I was greeted by the following 'SECURITY ALERT.' 
Um... one hour, of unrestricted access between my box and the internet NICE.
They should add a 4th button/option: Go back to SLEEP.
Ha! First I love the story preceding this entry, beautiful. As for the firewall thingy -- now, I'm not defending this (I do like how, for example, Zone Alarm blocks everything until you allow it) but I think this behavior is by design. When alert says blocked some features I think this means it is blocking unsolicited traffic only -- if you explicity ran an app, it will allow solicited traffic. How does it know the difference between hl2.exe that I explicitly ran and spyware.exe (which you wouldn't even want solicited traffic for) that is running as me? I have no idea, perhaps SPI or other metrics. Right or wrong, it's a feature. I think.
Posted by: Brian | April 19, 2005 at 09:58 AM