Vista Firewall Shortcoming?
Results 1 to 8 of 8

Thread: Vista Firewall Shortcoming?

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190

    Vista Firewall Shortcoming?

    http://www.itworldcanada.com/Pages/D...vious=Previous

    It appears that the firewall that ships with Windows Vista is not as good as was promised.

    Apparently it filters for outgoing connections but doesn't stop very much by default.

    Sure, you can configure it, but the way you would have to is mission impossible because you have to do it by application

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by nihil
    http://www.itworldcanada.com/Pages/D...vious=Previous

    It appears that the firewall that ships with Windows Vista is not as good as was promised.

    Apparently it filters for outgoing connections but doesn't stop very much by default.

    Sure, you can configure it, but the way you would have to is mission impossible because you have to do it by application
    Nihil, all you have to do is enable outbound connection filtering... then you allow programs you want to allow out.. just like every other firewall operates... You have to remember that Mr. Gralla is a... well useless when it comes to technical matters... He's the one who said "Justice Prevails" when the school teacher was found guilty of viewing porn that came up because of spyware..

    I highly suggest you read my latest blog post -- http://www.computerdefense.org/?p=262 which dispels the myths that Mr. Gralla provides.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Senior Member alakhiyar's Avatar
    Join Date
    Dec 2006
    Location
    Land of Oryx
    Posts
    255
    Quote Originally Posted by nihil
    http://www.itworldcanada.com/Pages/D...vious=Previous

    It appears that the firewall that ships with Windows Vista is not as good as was promised.

    Apparently it filters for outgoing connections but doesn't stop very much by default.

    Sure, you can configure it, but the way you would have to is mission impossible because you have to do it by application

    Another kick in the pants,
    Decent third party firewalls appear to be few and far in between...
    (\__/)
    (='.'=)
    (")_(")

  4. #4
    Senior Member alakhiyar's Avatar
    Join Date
    Dec 2006
    Location
    Land of Oryx
    Posts
    255
    In terms of what I want in a firewall, my XP box runs Kerio with a complete deny-by-default approach. Every application that wants to listen from the Internet has to have permission, every application that wants to connect out to the Internet has to have permission (I use it to stop a handful of apps from phoning home). I hardly notice it's there now that it's trained, but that's pretty much what I want. When a new application comes up then I check the remember box, pick Allow or Deny and it's all sorted.

    I've been trying to do the same with Windows Firewall in Vista. It bites.

    Enabling outbound control is easy enough -- Administrative Tools | Windows Firewall With Advanced Security, and a couple of clicks from there. Done.

    Okay, now IE can't connect out. That's pretty much what I expected. Why didn't I get a prompt about it?

    Oh, you only get prompted about incoming connections. Blocked outbound connections just silently fail. No way to get outbound prompts.

    Alright, so I'll turn on the firewall log and see what's getting blocked. Not quite as one-click as Kerio, but I can still make this work.

    Except the firewall log is a pain to get to (you need to be elevated just to read it), and only includes port numbers and IP addresses, not process names.

    So allowing a program out through the firewall is now down to this:
    Work out that a program's failure actually is due to the firewall.
    Use a combination of Task Manager and Windows Explorer to try and work out which process is actually responsible for the connection. This is fun with virus scanners etc -- the process which tries to download the updates isn't generally the UI you launch an update from.
    Open Windows Firewall With Advanced Security and create a new outbound rule. Probably about 10-15 clicks here, plus having to know the full path to the executable you want to allow out.
    See if it worked, and repeat the process if it didn't (ie you picked the wrong process to let out).
    I see Kerio in my future again...
    (\__/)
    (='.'=)
    (")_(")

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Much as I suspected................. and remember Vista is not a professional operating system. It is supposed to be all things to all men?

    To have a firewall that blocks everything and doesn't prompt is pretty useless for the majority of PC users IMO.

    The ignorant are in the majority, which is useful, because it keeps us in jobs

  6. #6
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    yes lets dumb it down for the masses...

    The ignorant are in the majority, which is useful, because it keeps us in jobs
    and wine

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #7
    Senior Member alakhiyar's Avatar
    Join Date
    Dec 2006
    Location
    Land of Oryx
    Posts
    255
    Unfortunately Sunbelt/Kerio still don't have a Vista-compatible version out yet, so I've been slugging along with the Windows one.

    Now that it's had a couple of weeks to train, it's not too bad. Much like Kerio -- I hardly notice it. It's just a pain having to identify what's trying to connect out. I've only had to give up and switch the outgoing firewall off once so far, and that was to activate Office 2007 -- I couldn't work out what was doing that.

    I suspect I may even end up keeping Windows Firewall, just because I'd have to re-train Sunbelt if I install their Vista version when it comes out. And I'm pretty sure this one isn't giving me bluescreens, unlike a handful of Kerio builds in the past.

    But still, Not Recommended.
    (\__/)
    (='.'=)
    (")_(")

  8. #8
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    Well, lets face it: its not just dumbing it down for the users. If us superior beings who know how to use a computer can configure the firewall with a click rather than a trawl through logs we will. 90% of invention is driven by laziness. Don't believe me? Then what is power steering?

    Bottom line, given a GUI I can do something in and a shell window I can do the same task, I will go with the GUI unless there is a good reason to use the shell, which sometimes there is.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

Similar Threads

  1. firewall detection and network probing
    By heatwave in forum AntiOnline's General Chit Chat
    Replies: 4
    Last Post: October 12th, 2012, 09:53 AM
  2. Wait a minute... HOW many versions of Vista?
    By gore in forum Operating Systems
    Replies: 20
    Last Post: March 1st, 2006, 04:40 PM
  3. Firewall Basics by stevecronin
    By stevecronin in forum The Security Tutorials Forum
    Replies: 7
    Last Post: January 23rd, 2005, 04:47 AM
  4. Looking to protect yourself?
    By mjk in forum Firewall & Honeypot Discussions
    Replies: 6
    Last Post: March 12th, 2004, 05:40 AM
  5. Firewall security flaws by Sharepro
    By Zato in forum Firewall & Honeypot Discussions
    Replies: 2
    Last Post: February 1st, 2004, 01:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •