Why is the "Two way" feature of Vista's Firewall such a secret?

  • Thread starter Thread starter six-h
  • Start date Start date
S

six-h

I am totally unable to find out how to enable this feature, though I'm told
that it exists.
I'm running Vista Ultimate.
I've attempted to follow an article in PC Advisor (issue 165) and fell at
the first hurdle!
Quote from Mag :-
I've heard tell of this "Search Field", but it does not appear when I click
my start button. Using the "Search" > "For files and folders" method which is
the only "search" I can find doesn't recognise the entry "wf.msc".
No where in the "Help" files can I find reference to enabling it, only some
guidance which assumes that you already have it enabled.
Help!!....Please!
 
Eurika!
Having found out where Microsoft buried it, I think I can understand why it
has been so deliberately hidden!
Truth is it's so complicated to configure, all but committed geeks will
quail at the prospect and turn to "Comodo", which according to the grapevine
is not only free, but : -
More secure:
Easier to configure:
More user friendly:

Why can't Microsoft offer a product like this??
 
Vista firewall, when configured correctly, is superior to Comodo firewall.
Even just incoming control, Vista's is better.
 
If "Mad" Mike's opinion is true, then I am indeed sad that I am not clever
enough to be able to configure the rules for "out going" traffic.
Is there anyone that can offer a "fool's guide" to help me?

I am inclined to think that I should set the all three profiles to "Block"
all outbound traffic.
Since my PC is in splendid isolation, connected to the Internet by wireless
router, not part of a corporate "intranet", and is also "static", the only
profile that concerns me is the "Private" one.
Is that correct?

Assuming for the moment that the answer to the above is "yes", the next
step, creating rules for outbound traffic brings me to the rather daunting
list.
Some of the items are "enabled" and "allowed", others not, and I do not
understand most of them so am loathe to make any alterations here.

Having "blocked" all three domains, and left "the list" unchanged, do I move
on and select "New Rule", firstly allowing "Internet Explorer.exe" outbound
access?

Will I be advised of other attempted outbound communications, with the
opportunity to allow or block as and when these attempts are made, as with
"Comodo"?

Any help appreciated,
Thanks.
 
six-h said:
I am totally unable to find out how to enable this feature, though I'm told
that it exists.
I'm running Vista Ultimate.
I've attempted to follow an article in PC Advisor (issue 165) and fell at
the first hurdle!
Quote from Mag :-

I've heard tell of this "Search Field", but it does not appear when I click
my start button. Using the "Search" > "For files and folders" method which is
the only "search" I can find doesn't recognise the entry "wf.msc".
No where in the "Help" files can I find reference to enabling it, only some
guidance which assumes that you already have it enabled.
Help!!....Please!
Click to expand...


It's not a secret, at all.

Vista's built-in Windows Firewall is adequate for most users, but
not particularly easy to configure. Vista's built-in firewall, although
superior to that of WinXP, is of a rudimentary nature, intended to meet
the simpler needs of most home consumers (or business/enterprise clients
already ensconced behind more advanced perimeter defenses).

One 3rd-party add-on (Sphinx's Vista Firewall Control
http://sphinx-soft.com/Vista/) might make the Vista Firewall a bit more
useful to you, but nothing but a completely independent product will be
able to provide the detailed control you want.

There are two interfaces for Vistas built-in firewall:

1) A simplified one accessed through the Control Panel that is the only
one most people see.

2) And the more advanced "Windows Firewall with Advanced Security
(WF.msc)," accessed via the Start Menu's Administrative Tools folder,
for the experienced user who wants better control.



--

Bruce Chambers

Help us help you:


http://support.microsoft.com/default.aspx/kb/555375

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot
 
Sorry Bruce, I can't see how a fire wall with free access to any and all
outgoing traffic meets the needs of any home consumers.
Thanks for the link to Sphinx's Vista Firewall Control, I'll have a look at
it and see if it can help me to configure a workable outgoing regieme.
 
Vista firewall, when configured correctly, is superior to Comodo firewall.
Even just incoming control, Vista's is better.
Click to expand...

The truth is, Vista by default contains 82 default filters that prevent 34
services from communicating out other than on a very narrow set of defined
ports.
You are not going to find anything better than the Vista FW and Vista in
itself due to the advanced features the FW and Vista are using.

PFW Criticism.
http://en.wikipedia.org/wiki/Personal_firewall#Criticisms

Jesper's Blogs-
At Least This Snake Oil Is Free.
http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx
Windows Firewall: the best new security feature in Vista?
http://blogs.technet.com/jesper_johansson/archive/2006/05/01/426921.aspx

Exploring The Windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"If you try to block outbound connections from a computer that’s already
compromised, how can you be sure that the computer is really doing what you
ask? The answer: you can’t. Outbound protection is security theater—it’s a
gimmick that only gives the impression of improving your security without
doing anything that actually does improve your security. This is why
outbound protection didn’t exist in the Windows XP firewall and why it
doesn’t exist in the Windows Vista™ firewall."

Tap into the Vista firewall's advanced configuration features
http://articles.techrepublic.com.com/5100-10877-6098592.html
"...once you discover the secret of accessing its advanced configuration
settings via the MMC snap-in, you'll find it to be far more configurable
and functional. At last, Windows comes with a sophisticated personal
firewall that can be used to set up outbound rules as well as inbound, with
the ability to customize rules to fit your precise needs."
Or
Configure Vista Firewall to support outbound packet filtering
http://searchwindowssecurity.techtarget.com/tip/0,289483,sid45_gci1247138,00.html
Or
Vista Firewall Control (Free versions available).
Protects your applications from undesirable network incoming and outgoing
activity, controls applications internet access.
http://sphinx-soft.com/Vista/
The free version may be all you need, check the comparisons under
the "Download and Buy" link.

Managing the Windows Vista Firewall
http://technet.microsoft.com/en-us/magazine/cc510323.aspx
*(read twice!)*

Easy guide to make Windows Firewall better in Windows Vista.
http://www.expertvista.com/2009/01/08/tweak-windows-firewall/

SolutionBase: Take a look at the Windows Vista Firewall
http://articles.techrepublic.com.com/5100-10877_11-6171339.html?tag=rbxccnbtr1

Vista Firewall Control 32-bit version
http://www.pcadvisor.co.uk/downloads/index.cfm?categoryid=1446&itemId=64950

Windows Firewall: the best new security feature in Vista?
http://blogs.technet.com/jesper_johansson/archive/2006/05/01/426921.aspx

Good luck :)
 
Eurika!
Having found out where Microsoft buried it, I think I can understand why it
has been so deliberately hidden!
Truth is it's so complicated to configure, all but committed geeks will
quail at the prospect and turn to "Comodo", which according to the grapevine
is not only free, but : -
More secure:
Click to expand...

Please explain how the comodo crap can possibly be more secure.
 
If "Mad" Mike's opinion is true, then I am indeed sad that I am not clever
enough to be able to configure the rules for "out going" traffic.
Is there anyone that can offer a "fool's guide" to help me?
Click to expand...

Just pull your network plug. That will effectively block outgoing
traffic.

You could also reconsider whether the Comodo way of dealing with
outgoing traffic makes any sense from a security perspective at all.
 
In message <[email protected]> six-h
Sorry Bruce, I can't see how a fire wall with free access to any and all
outgoing traffic meets the needs of any home consumers.
Click to expand...

It's really simple: If you don't like the behaviour of a piece of
software, don't install it. Playing games to limit malicious behaviour
of software will ultimately be futile.
 
Back
Top