Windows Vista Firewall: Not What Microsoft Promised

by Preston Gralla

Microsoft likes to point out the fact that its firewall in Windows Vista is superior to the one in XP because it includes outbound as well as inbound filtering. What it forgets to say, however, is that the outbound filtering is turned off, and pretty much impossible to configure to kill spyware.

4 Comments

Terces
2007-02-25 11:42:10
I'm just going to copy and paste what I wrote on another blog as I don't see why anyone seems to think you can't make a general all-purpose rule to block malware like you could with a good 3-rd party firewall:


Maybe I'm missing something here but there is a practical way to stop all outbound connections unless specifically allowed. Go to Administrative Tools -> Windows Firewall with Advanced Security, create some outbound rules such as:


TCP - originating port (all) - destination ports (25,53,80,110,443) and that will cover most basic users. You can get much more granular obviously. Then go to the three Firewall profiles and then select Outbound connections that do not match a rule are blocked - Presto... what am I missing here?

JSertic
2007-03-13 12:53:30
I have to agree with Terces, because that is exactly what i have done.
I'm blocking everything that has not been explicitly allowed by a rule, adding more rules as I need them.
Pretty simple, actually!
Of course it is not as confugrable as Comodo, but I think it does the job (and i feel safer as I would using ZoneAlarm). I think I'll keep using Windows Firewall until version 3 of Comodo, which will support Vista.
Tony Lucio
2007-05-06 13:22:43
TO QUOTE:


"Maybe I'm missing something here but there is a practical way to stop all outbound connections unless specifically allowed. Go to Administrative Tools -> Windows Firewall with Advanced Security, create some outbound rules . . . Then go to the three Firewall profiles and then select Outbound connections that do not match a rule are blocked - Presto... what am I missing here?"


THEY DON'T WORK! The only way to obtain any degree of real control over the Firewall is to login to Vista as THE DOMAIN ADMINISTRATIOR, which means you need to run Ultimate. I've already setup Ultimate as a Home User on a Private Network, so now I have to uninstall, wipe and reinstall Vista under Domain. I'm sure there are more tricks waiting, and will post on them once I do.


Vista Outbound Rules simply don't work, it's still possible for anything to get through just by attaching itself to a program or a service. Golly. Bill Gates cares alright, about making sure he has all the backdoors he needs to your computer. Longhorn rules, or if it doesn't it wants to. I recommend NO ONE install Vista until a FULL AND COMPATIBLE THIRD-PARTY FIREWALL is developed for it.


al
2008-07-28 03:04:03
great thank you.