The firewall component in Microsoft's Windows OneCare security bundle has holes, experts have warned. The security software, available in a public beta version, by default allows applications that use the Java Virtual Machine or have a digital signature to connect to the Internet. Like any blanket security-bypass rule, these default settings are a bad idea, said Mark Curphey, vice president at vulnerability management specialist Foundstone, a part of McAfee. Read More . . .