Have you switched to Vista?

[nihil]

This is part of the Microsoft business model dilemma? They have decided to have one product line, instead of the old home/business division. OK they have different versions of the same thing since XP, but it is the same product.

This is a good idea IMO, as it means that you only have one underlying architecture and you are concentrating your resources, by only having to support that.

The problem as I see it, lies with the end users (doesn't it always )

OK the outgoing firewall protection is turned off by default............ that means that it will never get turned on in most domestic situations.

Those who understand enough to turn it on will not neccessarily want to mess about tuning it "longhand". They will probably give up and turn it off.

If you understand the basic concepts of a firewall you will understand why you have to set rules, and will respond to the prompts accordingly. If you just "click through" then the damn thing might as well not be turned on anyway...........that is life as we know it, and has been since the whole internet thing started.

So, what would be my solution?..............hey, I am the first to admit that we all have 20/20 superior hindsight. Perhaps there should have been an option to chose?............. like with XP you could chose "XP" or "Classic?" for your desktop and display? Maybe some sort of "prompt/don't prompt" option?

I see some logical inconsistencies in your arguments as it happens. On the one hand you say that it is good that outgoing blocking is not enabled, because people will wonder why their internet doesn't work? Well, as soon as they turn it on, they will hit the same problem, won't they?

"The standard"????????????? well the standard appears to be to provide pop-up prompts....................so MS are NOT following it. And Cisco is irrelevant given that this is not hardware, it is a software firewall.

We have already seen people complaining about the Vista OS prompting for "do you really want to do this?" and "you must be an administrator" (when you are already logged in as admin)............. the firewall approach is inconsistent with this.

I do not think that this firewall offering is up to standard for something to be given to a home user.

[Moira]

Well, I hear what you're saying but I'd still like to hear of a 3rd party firewall that works with Vista and I'm not impressed with Microsoft's creation. I use Sygate on my other machines and was disappointed to find neither it nor ZA would work in Vista.

Malware is exactly the sort of reason I'd want outbound filtering. Not that I think I'm picking any up that's trying to contact the net, but it's just one more precaution and not something you can write rules about.

[HTRegz]

OK the outgoing firewall protection is turned off by default............ that means that it will never get turned on in most domestic situations.

Those who understand enough to turn it on will not neccessarily want to mess about tuning it "longhand". They will probably give up and turn it off.

If you understand the basic concepts of a firewall you will understand why you have to set rules, and will respond to the prompts accordingly. If you just "click through" then the damn thing might as well not be turned on anyway...........that is life as we know it, and has been since the whole internet thing started.

This is fine though.. Users who will just click through will click through anyways... Users who know a little bit will grab a preconfigured rule set (especially as more of these come available)... Users that know a lot will configure their own rules... The use of the firewall is not unlike it is in the Linux / Unix world... Which is convenient... People wanted security, so Microsoft based their product off a product that is considered by most to be more secure.

So, what would be my solution?..............hey, I am the first to admit that we all have 20/20 superior hindsight. Perhaps there should have been an option to chose?............. like with XP you could chose "XP" or "Classic?" for your desktop and display? Maybe some sort of "prompt/don't prompt" option?

Once again.. as soon as prompt is available you get into the click through users... Which lowers the confidence of the firewall.

I see some logical inconsistencies in your arguments as it happens. On the one hand you say that it is good that outgoing blocking is not enabled, because people will wonder why their internet doesn't work? Well, as soon as they turn it on, they will hit the same problem, won't they?

If you turn on outbound blocking, then you'll know why it's not working... So yes they'll hit the same problem but it will be expected... If you get a new DSL connection (and outbound blocking was enabled by default)... and you can't connect to anything, you're going to be confused... You could spend hours with DSL Tech Support... However, if you have a working connection and then enable the firewall and things stop working, you know that the firewall was the issue.

"The standard"????????????? well the standard appears to be to provide pop-up prompts....................so MS are NOT following it. And Cisco is irrelevant given that this is not hardware, it is a software firewall.

I don't think pop-ups are the standard... It's what's used on some of the "lower quality" firewalls... ZA for example but I don't think it's the standard... Last time I used VisNetic Firewall (Which I consider to be the best Windows firewall available) it didn't have pop-ups... Kerio Firewall in it's default mode also doesn't have pop-ups (although it does have the option you suggest)... As for Cisco... The PIX may be a hardware firewall, but a Cisco Router isn't technically a hardware firewall.. It's a Networking Device with basic software firewall in it's IOS (in my opinion)... I would never refer to a router as a hardware firewall (Although I also hate that home routers call themselves hardware firewalls.. it dilutes the concept)... So I would say Cisco is valid.

We have already seen people complaining about the Vista OS prompting for "do you really want to do this?" and "you must be an administrator" (when you are already logged in as admin)............. the firewall approach is inconsistent with this.

I do not think that this firewall offering is up to standard for something to be given to a home user.

The firewall is an included option... It's not meant to be all encompassing and perfect... if it was then they'd have the firewall companies coming after them... It's an option for those that don't want to purchase a 3rd party firewall... which is the real problem I have with everyone complaining... It's an additional item that Microsoft is providing for their security... They paid for an OS and got a Firewall application as an additional feature... So use it or don't... but don't complain that something that you got for free doesn't do what you want it to do... It's like being given free washer fluid when you buy gas and then complaining about the type of washer fluid they give you...

[Aardpsymon]

I do think that last is an important point. Putting a bit of general background...

I have heard people whining about windows updates.
Surely better an OS with regular patches than an OS that sits there unchanging despite bugs?

Windows comes with too much (ie media player, calculator, IE, firewall and now antispyware)
Well, how do you download firefox without ie?
For the good of the net its better to provide all PCs with MS firewall than rely on users to go and download & configure one themselves. Sure, you are vulnerable to users doing it wrong but better a badly configured firewall than no firewall at all surely?

[Moira]

Does anyone know of a third party firewall that does work in Vista though? Sygate isn't what I would call "low quality" yet it produces pop ups. It only happens till you train your firewall - and ZA came out top in a PC magazine review this month when personal firewalls were reviewed, so don't knock a program just because it produces pop ups.

[HTRegz]

Does anyone know of a third party firewall that does work in Vista though? Sygate isn't what I would call "low quality" yet it produces pop ups. It only happens till you train your firewall - and ZA came out top in a PC magazine review this month when personal firewalls were reviewed, so don't knock a program just because it produces pop ups.

I don't call them low quality because they produce pop-ups, however I think the pop-ups lead to user irritation, which leads to lower confidence in the ability to block the data because they do click through... I call them low quality for other reasons... Something to keep in mind with PC Magazine Reviews is that they quite often review based on who spends the most money advertising with them... If I were looking at firewalls I'd suggest Deerfield.com VisNetic or Kerio (which was purchased by Deerfield.com). As a third choice, although I'm unhappy with their marketing practices, I'd have to say Agnitum Outpost...

A nice corporate solution (which is also useful for a home network) is Kerio's offering... The WinRoute Firewall with the AV Plugin... The AV Plugin for the firewall is a really nice feature.

[Moira]

Cheers .... and do those firewalls work with Vista, do you know?

[JPnyc]

What's your view of Kapersky's FW, HT? I know their detection rating where AV is concerned, but they're not known for firewalls.

[HTRegz]

Cheers .... and do those firewalls work with Vista, do you know?

I'm not sure if they do yet or not... I'm guessing not yet... Security Vendors (Firewall, AV, etc) were very lax in getting software out in time.

[Darksat]

What's your view of Kapersky's FW, HT? I know their detection rating where AV is concerned, but they're not known for firewalls.

Any firewall that is not made by Microsoft and is statefull is an improvement on the Default Vista one.


I used vista on a friends machine and it started messing up as soon as I installed firefox and Ares.