Windows Firewalls - blocking outbound traffic - best set-up?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I used to own ZoneAlarm Pro but when I bought a new Vista based machine in
March I had to use Windows Firewall and have been very happy with it
except....

I'm not sure what it's vetting on outbound traffic. All the rules (private,
public, domain) are set to 'allow (default)' and I never get asked for
permission for traffic in the way I was used to with ZAP. I tried turning
all 3 to block but then lost internet connectivity until I reversed the
settings.

Can anybody explain what a secure set-up should be and am I on the right
track?

ZAP is STILL not ready for Vista, in what seems like a marketing scam by
Checkpoint (trying to force you to upgrade to their full Suite). Also, ZA
Free seems to slow the traffic down to a crawl and mess Vista up when trying
to uninstall it....

Thanks.
Steve

System Specs:

Vista Ultimate 32 bit
Asus P5B Deluxe motherboard
Core 2 Duo 6700 clocked @ 3GHz
4 GB Corsair 8500 Dominator RAM clocked @ 900MHz
Gigabyte 8800GTS 640MB
Western Digital 150GB Raptor SATA
Western Digital 500GB Caviar SATA2
Creative XFi Xtreme Music
Samsung SH-W183 DVD-RW SATA
Enermax 850W Galaxy PSU
Akasa Mirage 62 case
plus e-SATA Western Digital 500GB Caviar SATA2
 
Steve Campbell said:
I used to own ZoneAlarm Pro but when I bought a new Vista based machine in
March I had to use Windows Firewall and have been very happy with it
except....

I'm not sure what it's vetting on outbound traffic. All the rules
(private,
public, domain) are set to 'allow (default)' and I never get asked for
permission for traffic in the way I was used to with ZAP. I tried turning
all 3 to block but then lost internet connectivity until I reversed the
settings.

Can anybody explain what a secure set-up should be and am I on the right
track?
Click to expand...

Blocking outbound traffic isn't going to improve the security situation
unless you have a very specific use in mind. If your machine is already
compromised it can probably get around any outgoing filtering anyway.

--
Paul Smith,
Yeovil, UK.
Microsoft MVP Windows Shell/User.
http://www.dasmirnov.net/blog/
http://www.windowsresource.net/

*Remove nospam. to reply by e-mail*
 
Ah.... I thought that the problem with the XP firewall was that it was one
way only. Am I confusing 2 separate things?

Thanks for getting back.

Steve
 
Steve Campbell said:
Ah.... I thought that the problem with the XP firewall was that it was one
way only. Am I confusing 2 separate things?
Click to expand...

Sure its one way, setup as an inbound firewall by default, in that an
application internal to your machine can talk to an outside server freely.

Outbound firewalls are designed to help prevent a compromised machine from
talking to an external server, but if the machine is already compromised it
can probably turn the firewall off, or hide in another application and talk
to the external server anyway.

--
Paul Smith,
Yeovil, UK.
Microsoft MVP Windows Shell/User.
http://www.dasmirnov.net/blog/
http://www.windowsresource.net/

*Remove nospam. to reply by e-mail*
 
Thanks Paul. All the advice I've seen so far has always been to secure
outgoing connections as well, though I take your point. I suppose I'm
looking for an albeit 'lockdown' period whilst I find and eliminate any
security breach.

Steve
 
Back
Top