Vista Firewall Shortcoming?

**nihil** · February 15th, 2007, 10:02 PM

http://www.itworldcanada.com/Pages/D...vious=Previous

It appears that the firewall that ships with Windows Vista is not as good as was promised.

Apparently it filters for outgoing connections but doesn't stop very much by default.

Sure, you can configure it, but the way you would have to is mission impossible because you have to do it by application

***HTRegz*** · February 16th, 2007, 08:40 AM

Originally Posted by nihil

http://www.itworldcanada.com/Pages/D...vious=Previous

It appears that the firewall that ships with Windows Vista is not as good as was promised.

Apparently it filters for outgoing connections but doesn't stop very much by default.

Sure, you can configure it, but the way you would have to is mission impossible because you have to do it by application

Nihil, all you have to do is enable outbound connection filtering... then you allow programs you want to allow out.. just like every other firewall operates... You have to remember that Mr. Gralla is a... well useless when it comes to technical matters... He's the one who said "Justice Prevails" when the school teacher was found guilty of viewing porn that came up because of spyware..

I highly suggest you read my latest blog post -- http://www.computerdefense.org/?p=262 which dispels the myths that Mr. Gralla provides.

**alakhiyar** · February 16th, 2007, 08:53 AM

Originally Posted by nihil

http://www.itworldcanada.com/Pages/D...vious=Previous

It appears that the firewall that ships with Windows Vista is not as good as was promised.

Apparently it filters for outgoing connections but doesn't stop very much by default.

Sure, you can configure it, but the way you would have to is mission impossible because you have to do it by application

Another kick in the pants,
Decent third party firewalls appear to be few and far in between...

**alakhiyar** · March 3rd, 2007, 09:58 AM

In terms of what I want in a firewall, my XP box runs Kerio with a complete deny-by-default approach. Every application that wants to listen from the Internet has to have permission, every application that wants to connect out to the Internet has to have permission (I use it to stop a handful of apps from phoning home). I hardly notice it's there now that it's trained, but that's pretty much what I want. When a new application comes up then I check the remember box, pick Allow or Deny and it's all sorted.

I've been trying to do the same with Windows Firewall in Vista. It bites.

Enabling outbound control is easy enough -- Administrative Tools | Windows Firewall With Advanced Security, and a couple of clicks from there. Done.

Okay, now IE can't connect out. That's pretty much what I expected. Why didn't I get a prompt about it?

Oh, you only get prompted about incoming connections. Blocked outbound connections just silently fail. No way to get outbound prompts.

Alright, so I'll turn on the firewall log and see what's getting blocked. Not quite as one-click as Kerio, but I can still make this work.

Except the firewall log is a pain to get to (you need to be elevated just to read it), and only includes port numbers and IP addresses, not process names.

So allowing a program out through the firewall is now down to this:
Work out that a program's failure actually is due to the firewall.
Use a combination of Task Manager and Windows Explorer to try and work out which process is actually responsible for the connection. This is fun with virus scanners etc -- the process which tries to download the updates isn't generally the UI you launch an update from.
Open Windows Firewall With Advanced Security and create a new outbound rule. Probably about 10-15 clicks here, plus having to know the full path to the executable you want to allow out.
See if it worked, and repeat the process if it didn't (ie you picked the wrong process to let out).
I see Kerio in my future again...

**nihil** · March 3rd, 2007, 10:42 AM

Much as I suspected................. and remember Vista is not a professional operating system. It is supposed to be all things to all men?

To have a firewall that blocks everything and doesn't prompt is pretty useless for the majority of PC users IMO.

The ignorant are in the majority, which is useful, because it keeps us in jobs

***morganlefay*** · March 3rd, 2007, 07:26 PM

yes lets dumb it down for the masses...

The ignorant are in the majority, which is useful, because it keeps us in jobs

and wine

MLF

**alakhiyar** · March 4th, 2007, 06:19 AM

Unfortunately Sunbelt/Kerio still don't have a Vista-compatible version out yet, so I've been slugging along with the Windows one.

Now that it's had a couple of weeks to train, it's not too bad. Much like Kerio -- I hardly notice it. It's just a pain having to identify what's trying to connect out. I've only had to give up and switch the outgoing firewall off once so far, and that was to activate Office 2007 -- I couldn't work out what was doing that.

I suspect I may even end up keeping Windows Firewall, just because I'd have to re-train Sunbelt if I install their Vista version when it comes out. And I'm pretty sure this one isn't giving me bluescreens, unlike a handful of Kerio builds in the past.

But still, Not Recommended.

**Aardpsymon** · March 4th, 2007, 10:53 AM

Well, lets face it: its not just dumbing it down for the users. If us superior beings who know how to use a computer can configure the firewall with a click rather than a trawl through logs we will. 90% of invention is driven by laziness. Don't believe me? Then what is power steering?

Bottom line, given a GUI I can do something in and a shell window I can do the same task, I will go with the GUI unless there is a good reason to use the shell, which sometimes there is.

Thread: Vista Firewall Shortcoming?

Thread Tools

Display

Vista Firewall Shortcoming?

Similar Threads

firewall detection and network probing

Wait a minute... HOW many versions of Vista?

Looking to protect yourself?

Firewall security flaws by Sharepro

Posting Permissions