Vista Firewall ??????

[Davcal]

Engel...I must admit, that is a step in the right direction.
But that's exactly what PC Tools Firewall has been doing all along.
The fact that Vista turns this Filter off as default sure says a lot.

 

[Milhouse Van Houten]

I passed grc's 'Shield's Up' test with 100% , using Vista's Firewall,. but
thanks for asking.

Of course you can; it test incoming only. XP passes it. My cat passes it.
He's talking about a leak test tool you download to test outgoing.

 

[Davcal]

Of course you can; it test incoming only. XP passes it. My cat passes it.
He's talking about a leak test tool you download to test outgoing.

Thanks for that Milhouse, sheesh ! sometimes I wonder...

 

[Jon]

Of course you can; it test incoming only. XP passes it. My cat passes it.
He's talking about a leak test tool you download to test outgoing.

Ok, point taken. Tried the 'leak test' too. Nothing got through. Just a
question of enabling the outgoing firewall.

 

[Milhouse Van Houten]

Ok, point taken. Tried the 'leak test' too. Nothing got through. Just a
question of enabling the outgoing firewall.

Can you expand on that? Are you saying that you've customized your outbound
rules?

 

[Jon]

Can you expand on that? Are you saying that you've customized your
outbound rules?

Yes, that's correct. On this particular installation, which is fairly new,
I currently have outbound rules for

---------------------------
Currently Enabled Outward Bound Rules (Allow)
---------------------------
sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe]
MSASCui.exe [C:\Program Files\Windows Defender\MSASCui.exe]
Windows Update [Service] [C:\Windows\system32\svchost.exe]
Windows Defender [Service] [C:\Windows\System32\svchost.exe]
WinMail.exe [C:\Program Files\Windows Mail\WinMail.exe]
ieuser.exe [C:\Program Files\Internet Explorer\ieuser.exe]
iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe]

+ another rule for my modem

I have a small program that creates rules for programs / services for me
automatically, but you can also do it manually via the 'Windows Firewall
with Advanced Security' console.

If your familiar with the command line, or with vbscript, then you can also
create rules using the 'netsh' command, or
progid "HNetCfg.FwPolicy2" interface.

 

[Paul Smith]

Engel...I must admit, that is a step in the right direction.
But that's exactly what PC Tools Firewall has been doing all along.
The fact that Vista turns this Filter off as default sure says a lot.

Yeah using the firewall as a security measure on outbound packets is
pointless, and for most users creates needless hassle.

That's why outbound filtering is off by default, simple.

--
Paul Smith,
Yeovil, UK.
Microsoft MVP Windows Shell/User.
http://www.windowsresource.net/

*Remove nospam. to reply by e-mail*

 

[Victek]

Yeah using the firewall as a security measure on outbound packets is

pointless, and for most users creates needless hassle.

That's why outbound filtering is off by default, simple.

This is one of those issues that people can't seem to take a middle position
on. Why is outbound filtering "pointless"? It certainly isn't a substitute
for making a best effort to prevent malware from infiltrating the system to
begin with, but if some slips through then sometimes it can be caught by the
firewall if it tries to make an outbound connection. I had this exact
experience. A software firewall is just one of many tools none of which are
perfect, but when combined constitute a layered defense. Yes, it can be a
hassle to use, but I think it's "off" by default so that MS doesn't have to
deal with all the newbie's who don't know how to configure it, not because
it has no use. Why not use outbound filtering and educate people about it's
limitations at the same time?

 

[Davcal]

This is one of those issues that people can't seem to take a middle
position on. Why is outbound filtering "pointless"? It certainly isn't a
substitute for making a best effort to prevent malware from infiltrating
the system to begin with, but if some slips through then sometimes it can
be caught by the firewall if it tries to make an outbound connection. I
had this exact experience. A software firewall is just one of many tools
none of which are perfect, but when combined constitute a layered defense.
Yes, it can be a hassle to use, but I think it's "off" by default so that
MS doesn't have to deal with all the newbie's who don't know how to
configure it, not because it has no use. Why not use outbound filtering
and educate people about it's limitations at the same time?

Well said Victek, I don't understand why people continue to be in denial
to this.
If you don't have any outgoing protection, as in Vista Firewall, then
you'll
never know what's leaving your PC, especially when you first boot up.
As you said, layered protection is the best defense.
Several software progs combined with a Router is what I use.
But when I first discovered "Leaktest" by www.grc,com ( A long time
ago )
I then installed a software firewall which stopped Leaktest.
I was amazed at the number of progs that were trying to call home.
So instead of shooting the messenger, just give Leaktest a try and see
for yourself.
Then install a software firewall. I'm sure you'll be uncomfortable when
you see what's going on.

 

[Straight Talk]

This is one of those issues that people can't seem to take a middle position
on. Why is outbound filtering "pointless"?

Outbound filtering itself isn't pointless. Host-based outbound
filtering as a countermeassure against malware is pointless. Or more
precisely: It's broken by concept.

It certainly isn't a substitute
for making a best effort to prevent malware from infiltrating the system to
begin with, but if some slips through then sometimes it can be caught by the
firewall if it tries to make an outbound connection.

Yes. They sometimes seem to work against malware. The problem is you
can't tell whether a pop-up actually means the malware was prevented
from connecting out. You may just as well feel safe for no good
reason. That's why I label them illusionware. Mostly PFW's are just
attack vectors for malware writers to utilize anyway.

A software firewall is just one of many tools none of which are
perfect, but when combined constitute a layered defense.

In a virtual environment "a layered defense" is often misunderstood.
You increase security by removing attack vectors - not by adding them.

Yes, it can be a
hassle to use, but I think it's "off" by default so that MS doesn't have to
deal with all the newbie's who don't know how to configure it, not because
it has no use.

Why not use outbound filtering and educate people about it's
limitations at the same time?

Why not educate people about real security meassures?

 

[Straight Talk]

Well said Victek, I don't understand why people continue to be in denial
to this.

You're right. You don't understand.

If you don't have any outgoing protection, as in Vista Firewall, then
you'll
never know what's leaving your PC, especially when you first boot up.

If you have such problems you are in big trouble already.

As you said, layered protection is the best defense.

Yes, if one understands what layered protection means in a virtual
environment.

Several software progs combined with a Router is what I use.

Don't worry. That's a common mistake.

But when I first discovered "Leaktest" by www.grc,com ( A long time
ago )
I then installed a software firewall which stopped Leaktest.

Referring to GRC shows what you know. I bet you have already made sure
your router shows up as "stealth". Sigh...

I was amazed at the number of progs that were trying to call home.

All of them were either doing what they were supposed to do (approved
by yourself upon installation) or your "firewall" was simply too
stupid to figure out if the program was actually trying to connect or
if it was just talking to itself.

So instead of shooting the messenger, just give Leaktest a try and see
for yourself.

Get a clue.

Then install a software firewall. I'm sure you'll be uncomfortable when
you see what's going on.

The day you can recommend a PFW that isn't totally broken I will be
happy to try it out.