Jesper Johansson posted the entry Windows Firewall: the best new security feature in Vista? He explains in detail why host-based outbound firewalls are worthless for what people expect them to do (stop/slow malware) as admin access means it can just be bypassed anyways, and actually create more problems by desensitizing people to security dialogs. Anyone who still thinks they're a good idea for the average user's computer should read it. A couple good quotes:
"Putting protective measures on a compromised asset and asking it not to compromise any other assets simply does not work."
"A plethora of dialogs, particularly ones devoid of any information that helps an ordinary mortal make a security decision, are simply another fast clicking exercise. We need to reduce the number of meaningless dialogs, not increase them, and outbound filtering firewalls do not particularly help there."
The naked dancing pigs analogy is way too accurate too. The people who would benefit the most from it are the most likely to click to get around it.
He does somewhat explain where they help (in a general sense on limited non-admin accounts). Apparently it's being added in Vista because they're implementing sub-user SIDs so even two services running under the same user won't have access to the the data or resources of the other. Assuming they don't have admin access either, one could be limited from using the network.
Copyright ©2000-2008 Jeremy Mooney (jeremy-at-qux-dot-net)
The dancing pigs example is back in a new article on how to handle computer security