Agnitum analyzes OneCare

Agnitum, a company which makes an outstanding competitor to my Kerio firewall, has analyzed the OneCare firewall and concluded the following:

Although the program is very intuitive, nice to look at, and easy to use – which is good for the program’s target audience of inexperienced users – its functionality is a big let-down and does not serve that inexperienced user audience well. It reminds us of those a colorful and feature-rich Graphical User Interfaces (GUI) with nothing behind them that you sometimes see at exhibitions, because the vendors couldn’t finish the whole program in time. Microsoft OneCare needs a serious overhaul before it can be considered anything more than just a fancy interface with no real security under the hood.

  • The OneCare firewall failed all but the simplest leak tests and does not offer even the most basic intrusion detection capability, leaving users’ PCs wide open to being hijacked into a botnet
  • The OneCare firewall database of pre-approved applications is very small, and adding each new application requires several user interactions and a reboot
  • Application access rules are limited to ‘allowed’ and ‘not allowed’—users cannot configure different rules for different types or times of usage, such as allowing IE to connect with some but not all websites
  • Similar limitations apply to network file access and remote desktop operations
  • The Windows Defender anti-spyware component of OneCare imposes significant delays on program execution, and is updated on a separate schedule than other OneCare components

Link here.

Keep in mind that the Agnitum crew are highly respected, very technical and very experienced in security.

And, it looks like users agree, according to our Sunpoll and our blog survey.