Originally Posted by Hollowman8904
I do have a hardware firewall. But so your saying that if a virus or something got on my computer, as long as it started the connection, it could download whatever it wanted to?
If you are only running Windows XP's firewall and according to the quotes in my previous post that explain how Windows XP's firewall doesn't block outgoing connection attempts... yes that's what I'm saying.
Once the virus resides on your machine then any connections it initiates are considered to be outbound connections (as they start on your machine locally and target a remote machine).
Malware outgoing traffic will usually use TCP port 80 since it can get free access to the internet on about 90% of firewalls on this port. This is the reason why it is pretty hard to filter out only malware with only hardware firewall.
This is why you need a software based firewall that will limit outgoing access to port 80 to a certain number of uniquely identified and accepted applications.
Even with firewalls that only allow outbound connections to certain accepted programs, some malicious programs can still get access to the Internet.
How ? Well if your firewall doesn't have a way of identifying a file (making sure it is who it pretends to be) then the virus can simply rename itself to iexplore.exe, for example, and pretend to be Microsoft's Internet Explorer (which supposedly has a rule in your firewall allowing it to access the remote port 80... otherwise you wouldn't be able to browse the net) and thus get access to the external world.
Some good firewalls like "Tiny Personal Firewall" (which I use) uniquely identify programs by using a checksum method (an algorithm-based method of determining the integrity and authenticity of a digital data object) instead of just checking the program's file name.
IMO, the best is to have a combination of both a hardware and a software based firewall.