The new firewall will filter both incoming and outgoing network traffic, meaning that it can be used to block machines that are trying to connect to the Windows PC as well as applications on the PC that are trying to connect to other systems on the network. Microsoft is dubbing it a "two-way" firewall.
The ability to block outgoing traffic does not exist in Windows XP, but will give powerful options to Vista admins, Wilson said. They could, for example, ensure that their PCs only use a preferred instant messaging application. "If you tried a different instant messaging application, it would be blocked," he said. "It's really something that we're targeting toward enterprise administrators in corporations."
so that wasn't that hard
and the difference it can make if it is well configured..... no more rogue open attacks into networks, every pc in the network is an island