vista firewall: is it really protecting good?

  • Thread starter Thread starter **jerry**
  • Start date Start date
J

**jerry**

Hello,
i'd like to know details about the vista firewall. Does it now indeed block
incoming and outgoing?
i assume microsoft didnot create the firewall for nothing. So is it really
neccesary to install another one, and if so, do i then need to turn off the
windows firewall?
and if i need another one, which one?
Thank you for all help,
Jerry



---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 080409-1, 09-04-2008
Tested on: 9-4-2008 23:45:05
avast! - copyright (c) 1988-2008 ALWIL Software.
http://www.avast.com
 
Hello,
i'd like to know details about the vista firewall. Does it now indeed block
incoming and outgoing?
i assume microsoft didnot create the firewall for nothing. So is it really
neccesary to install another one, and if so, do i then need to turn off the
windows firewall?
and if i need another one, which one?
Thank you for all help,

You are not going to find anything better than the Vista FW and Vista in
itself due to the advanced features the FW and Vista are using.

"Personal Firewalls" are mostly snake-oil.
http://www.samspade.org/d/firewalls.html

Jesper's Blogs-
At Least This Snake Oil Is Free.
http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx
Windows Firewall: the best new security feature in Vista?
http://blogs.technet.com/jesper_johansson/archive/2006/05/01/426921.aspx

Exploring The Windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"If you try to block outbound connections from a computer that’s already
compromised, how can you be sure that the computer is really doing what you
ask? The answer: you can’t. Outbound protection is security theater—it’s a
gimmick that only gives the impression of improving your security without
doing anything that actually does improve your security. This is why
outbound protection didn’t exist in the Windows XP firewall and why it
doesn’t exist in the Windows Vista™ firewall."

Tap into the Vista firewall's advanced configuration features
http://articles.techrepublic.com.com/5100-10877-6098592.html
"...once you discover the secret of accessing its advanced configuration
settings via the MMC snap-in, you'll find it to be far more configurable
and functional. At last, Windows comes with a sophisticated personal
firewall that can be used to set up outbound rules as well as inbound, with
the ability to customize rules to fit your precise needs."
Or
Configure Vista Firewall to support outbound packet filtering
http://searchwindowssecurity.techtarget.com/tip/0,289483,sid45_gci1247138,00.html
Or
Vista Firewall Control (Free versions available).
Protects your applications from undesirable network incoming and outgoing
activity, controls applications internet access.
http://sphinx-soft.com/Vista/

And...
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection. In
fact most experts believe that scanning incoming and outgoing mail causes
e-mail file corruption.
Free antivirus - avast! 4 Home Edition
(Choose Custom Installation and under Resident Protection, uncheck:
Internet Mail and Outlook/Exchange.)
---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 080409-1, 09-04-2008
Tested on: 9-4-2008 23:45:05
avast! - copyright (c) 1988-2008 ALWIL Software.
http://www.avast.com
 
Hello,
i'd like to know details about the vista firewall. Does it now indeed block
incoming and outgoing?
Yes.

i assume microsoft didnot create the firewall for nothing.

They didn't.
So is it really neccesary to install another one,
No.

and if so, do i then need to turn off the windows firewall?

Yes. But the other so called "firewall" will most likely do that for
you.
and if i need another one, which one?

You don't need another one. You need a security concept.
 
The Vista firewall, by default, blocks incoming only. It can be configured
for outbound filtering also. (See the links in the other replies for how to
info.) Less technical users tend to find the outbound functionality in the
Vista firewall somewhat difficult to manage, and for that reason among
others, may prefer a 3rd party firewall product.

Inbound protection is a necessity. There is some disagreement re. outbound
filtering. Personally I believe it has some value, but for non-technical
end users I often do not implement outbound filtering in Vista (or in XP
install a 3rd party firewall with it) as they find it too difficult to
manage effectively.

(I wouldn't put much credence in Microsoft's childish characterization of
outbound filtering as a "gimmick." MS is touchy about this because of past
criticism of it's mediocre early firewall implementations. These issues are
never quite that simple.)
 
**jerry** said:
Hello,
i'd like to know details about the vista firewall. Does it now indeed
block incoming and outgoing?

Yes.

Vista's built-in firewall is perfectly adequate for most people.
While it's not quite up to the ease-of-use standards of Kerio or
ZoneAlarm, it has been noticeably improved over WinXP's version.

There are two interfaces for Vistas built-in firewall:

1) A simplified one accessed through the Control Panel that is the only
one most people see. To further supplement this view, Sphinx's Vista
Firewall Control http://sphinx-soft.com/Vista/) is a piece of freeware
that makes the Vista Firewall much more easily manageable to the average
user.

2) And the more advanced "Windows Firewall with Advanced Security
(WF.msc), accessed via the Start Menu's Administrative Tools folder, for
the experienced user who wants more granular control.

i assume microsoft didnot create the firewall for nothing. So is it
really neccesary to install another one, and if so, do i then need to
turn off the windows firewall?


It's probably not necessary to install a 3rd party firewall, but, if
you do, you definitely should disable the Windows Firewall. My
position is that running two or more software firewalls simultaneously
is generally unnecessary and can _sometimes_ cause conflicts,
potentially negating the protection of both. Even ig there is no
conflict, having two firewalls running simultaneously is most certainly
an unnecessary drain on system resources, without providing any
additional benefit.



--

Bruce Chambers

Help us help you:


http://support.microsoft.com/default.aspx/kb/555375

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot
 
**jerry** said:
Hello,
i'd like to know details about the vista firewall. Does it now indeed
block incoming and outgoing?
i assume microsoft didnot create the firewall for nothing. So is it really
neccesary to install another one, and if so, do i then need to turn off
the windows firewall?
and if i need another one, which one?

The Vista FW/packet filter is very good. If you would like to add another
packet filter NOT a 3rd party FW to supplement the Vista FW/packet it
filter, then may I suggest the IPSEC that's on the O/S too, along with the
AnalogX's Policy rules? I have Vista FW/packet filter and IPSEC running
together, with IPSEC supplementing the Vista FW/packet filter.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://support.microsoft.com/kb/813878
http://www.analogx.com/CONTENTS/articles/ipsec.htm
 
Thanks alot all for the detailed info and links to it.
i feel safe.
i'll read on here if there's more to know.
Jerry

Mr. Arnold said:
The Vista FW/packet filter is very good. If you would like to add another
packet filter NOT a 3rd party FW to supplement the Vista FW/packet it
filter, then may I suggest the IPSEC that's on the O/S too, along with the
AnalogX's Policy rules? I have Vista FW/packet filter and IPSEC running
together, with IPSEC supplementing the Vista FW/packet filter.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://support.microsoft.com/kb/813878
http://www.analogx.com/CONTENTS/articles/ipsec.htm




---
avast! Antivirus: Inbound message clean.
Virus Database (VPS): 080410-1, 10-04-2008
Tested on: 11-4-2008 10:33:36
avast! - copyright (c) 1988-2008 ALWIL Software.
http://www.avast.com


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 080410-1, 10-04-2008
Tested on: 11-4-2008 10:39:31
avast! - copyright (c) 1988-2008 ALWIL Software.
http://www.avast.com
 
The Vista firewall, by default, blocks incoming only.

That's what most people claim, but actually that's not fully correct.

The truth is, Vista by default contains 82 default filters that
prevent 34 services from communicating out other than on a very narrow
set of defined ports.
 
The Windows Vista firewall blocks both incoming and outgoing malicious
traffic so there is not need to install a third party application. Some
people, of course, don't bother with the Vista firewall, replacing it
instead with the free version of Zone Alarm or something similar. Personally
I haven't found the need to do this and have always used the Vista Firewall.
If, on the other hand, you chose to use Windows One Care (an application I
am not particularly keen on) this will actually disable the windows vista
firewall and also Windows defender. It disables them because One Care uses
its own built in copies of both the Vista firewall and Windows defender and
you don't need two running at the same time.

--
--
John Barnett MVP
Associate Expert
Windows Desktop Experience

Web: http://xphelpandsupport.mvps.org
Web: http://vistasupport.mvps.org

The information in this mail/post is supplied "as is". No warranty of any
kind, either expressed or implied, is made in relation to the accuracy,
reliability or content of this mail/post. The Author shall not be liable for
any direct, indirect, incidental or consequential damages arising out of the
use of, or inability to use, information or opinions expressed in this
mail/post..
 
Back
Top