Firewall Applications to Permit

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello!

I'm trying to finish configuration of the Windows Firewall with Advanced
Security. I've set the default for outgoing apps to Block, and I've
permitted the applications I've installed access.

What I can't get to work is Windows Updates / Automatic Updates. Does
anyone know what Microsoft applications require access to the internet to
accomplish this? What other Vista apps will require access? In particular,
I'm looking for the physical file names & locations (since that is what has
to be entered when creating a rule).

Thanks in advance!
 
I'm trying to finish configuration of the Windows Firewall with Advanced
Security. I've set the default for outgoing apps to Block, and I've
permitted the applications I've installed access.
Click to expand...

What exact threat are you trying to mitigate by doing this; or are you
simply trying to fill an otherwise boring Saturday afternoon by breaking your
computer and seeing how long it will take to fix it?

There is a really good chance nobody else around here has tried this, for
the very reason that once you enumerate all the apps you need you may as well
have left the firewall in its default configuration; combined with the fact
that it has absolutely no positive security value.
 
Jesper said:
What exact threat are you trying to mitigate by doing this; or are you
simply trying to fill an otherwise boring Saturday afternoon by breaking your
computer and seeing how long it will take to fix it?

There is a really good chance nobody else around here has tried this, for
the very reason that once you enumerate all the apps you need you may as well
have left the firewall in its default configuration; combined with the fact
that it has absolutely no positive security value.
Click to expand...

Beyond witty sarcasm do you have anything else to offer, such as
alternatives? The reason I DON'T want to stay with the status-quo as you
suggest is that the firewall permits ALL applications outbound access BY
DEFAULT. I don't want to allow that, and this is essentially why XP's
firewall was only something that was there to be turned off by 3rd party
firewalls.

Can anyone please provide me a reasonable alternative to meet this
requirement then? I want to prevent applications from accessing the internet
without my OK. I don't want to break Automatic Updates and Windows Update in
the process. Most 3rd party firewalls are not really Vista-ready yet.
 
I'm trying to finish configuration of the Windows Firewall with Advanced
Security. I've set the default for outgoing apps to Block, and I've
permitted the applications I've installed access.

What I can't get to work is Windows Updates / Automatic Updates. Does
anyone know what Microsoft applications require access to the internet to
accomplish this? What other Vista apps will require access? In particular,
I'm looking for the physical file names & locations (since that is what has
to be entered when creating a rule).


Hangetsu:

You might try one of the application gateway firewalls instead:
PC Tools Firewall Plus
http://www.pctools.com/firewall/

VistaFirewallControl
http://sphinx-soft.com/Vista/index.html

ZA beta for Vista
http://download.zonelabs.com/bin/free/beta/index.html


I have run each of the above with the Vista f/w enabled without problems.

I am currently using the ZA beta product am I am very impressed with it.
 
Beyond witty sarcasm do you have anything else to offer, such as
alternatives?
Click to expand...

Why skip the witty sarcasm? It's so much fun! :-) My preferred alternative
would be to set the firewall to its original setting and go have a nice cold
fermented beverage. It will have about the same effect on your security as
continuing the pointless quest to block malicious outbound traffic.
Can anyone please provide me a reasonable alternative to meet this
requirement then? I want to prevent applications from accessing the internet
without my OK.
Click to expand...

If all you want is an alert then install OneCare Live. It works on Vista and
alerts you when non-malicious programs access the Internet. Of course, it
goes without saying that it won't be able to alert you when malicious program
does the same.

If you actually want to stop malicious programs that are already executing
as you from communicating out then your options are things like disconnecting
the network cable or blocking all outbound traffic entirely and running as a
standard user.

What I am trying to explain to you is that you cannot permit some software
that runs as a particular user to connect out and still meaningfully block
other software, running in the same user context, from connecting out. In
Windows Vista you *can* block services running as one user from connecting
out using permitted connections from another service running in the same user
context. That functionality is new to Vista, but it is already enabled by
default and requires no additional configuration. On Windows XP doing so was
impossible, both with the Windows Firewall and any third-party add-on. On
Windows XP outbound host-based firewall filtering was completely meaningless.
In Windows Vista all the meaningful filtering is already there by default.
There is no reason to waste time trying to "improve" it because the
fundamental facts about how software runs on Windows NT-based operating
systems does not permit host-based firewall filtering to provide any value.

I am well aware that there are third-party firewalls that claim the ability
to block outbound traffic as the main reason to buy them. That type of claim
used to be called snake-oil. Today it is called an "Internet Security Suite".
It provides no discernible security value and serves only to aggravate the
user using it and enrich the unscrupulous vendor producing it.

In summary:
You cannot stop malicious programs running as you on your computer from
communicating outbound. Focus on stopping the malicious programs from running
on your computer instead.
 
My preferred alternative
would be to set the firewall to its original setting and go have a nice cold
fermented beverage. It will have about the same effect on your security as
continuing the pointless quest to block malicious outbound traffic.

Jesper:

His goal may be to have control over outbound requests, malicious or not.
 
His goal may be to have control over outbound requests, malicious or not.

And, as I said, you can't control malicious ones, but OneCare does permit
you to control non-malicious ones.
 
Hangetsu:
You might try one of the application gateway firewalls instead:
PC Tools Firewall Plus
http://www.pctools.com/firewall/

VistaFirewallControl
http://sphinx-soft.com/Vista/index.html

ZA beta for Vista
http://download.zonelabs.com/bin/free/beta/index.html


I have run each of the above with the Vista f/w enabled without problems.

I am currently using the ZA beta product am I am very impressed with it.
Click to expand...

Thanks CZ. If I need to go with a 3rd party, ZA is probably the one I'd go
with for certain. However, I'd like to see if the built-in firewall will
work too. From my understanding, OneCare is essentially using it, but with a
pretty front-end.

To confirm what was said above, I am looking to control all outbound, not
just for malicious software (although that is the goal). I'm not trying to
configure block rules, but start with no access and set up allow rules (all
my software is configured already this way in the firewall). The only part I
can't figure out entirely is what Windows needs.

As an update, I think I got it -- Setting up a custom rule, I granted
svchost.exe access; The only reason I used custom is that it allows you to
specify the service or services using the application (in this case,
wuauserv). Solved my problem in this case.

Next, figuring out what's involved with printing to a network printer
(Apparently the Print Spooler service isn't enough).
 
Spoolsrv takes care of it -- I thought I saved the rule before, must have
fat-fingered it... :-(
 
Back
Top