Agnitum, a company which makes an outstanding competitor to my Kerio firewall, has analyzed the OneCare firewall and concluded the following:
- The OneCare firewall failed all but the simplest leak tests and does not offer even the most basic intrusion detection capability, leaving users’ PCs wide open to being hijacked into a botnet
- The OneCare firewall database of pre-approved applications is very small, and adding each new application requires several user interactions and a reboot
- Application access rules are limited to ‘allowed’ and ‘not allowed’—users cannot configure different rules for different types or times of usage, such as allowing IE to connect with some but not all websites
- Similar limitations apply to network file access and remote desktop operations
- The Windows Defender anti-spyware component of OneCare imposes significant delays on program execution, and is updated on a separate schedule than other OneCare components
Keep in mind that the Agnitum crew are highly respected, very technical and very experienced in security.