Vista Firewall outbound control

Hi,
Vista FW with advanced security comes with an outbound traffic default
setting "allow everything which is not denied". I think this is completely
useless, because the main reason for outbound traffic filter is to block
UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule to
deny an unknown program/destination port. On the other hand if I change the
outbound setting to "block everything that does not match a rule" it is
nearly impossible to design a rule for legitimate programs because, as far
as I understand, there is no "display notification" for outbound breaking
rule, and it is not simple to know applications/services/ports of the
majority of legitimate applications (apart from browser mailer and few
others).
My question is: is there a way to have a kind of display notification of the
outbound offended rule with applications/services/ports of the offending
programs?
Thanks in advance
Riccardo

You can use Vista Firewall Control (free) from
http://www.sphinx-soft.com/Vista/order.html

OR

You can use PCTools Firewall Plus (free) from
http://www.pctools.com/firewall/

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)



"Riccardo" <> wrote in message
news:%...
> Hi,
> Vista FW with advanced security comes with an outbound traffic default
> setting "allow everything which is not denied". I think this is completely
> useless, because the main reason for outbound traffic filter is to block
> UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule
> to
> deny an unknown program/destination port. On the other hand if I change
> the
> outbound setting to "block everything that does not match a rule" it is
> nearly impossible to design a rule for legitimate programs because, as far
> as I understand, there is no "display notification" for outbound breaking
> rule, and it is not simple to know applications/services/ports of the
> majority of legitimate applications (apart from browser mailer and few
> others).
> My question is: is there a way to have a kind of display notification of
> the
> outbound offended rule with applications/services/ports of the offending
> programs?
> Thanks in advance
> Riccardo
>

I never use Windows firewall, They are inferiorat the best of times to a
good stand alone. I use the one that comes with Panda VP, nothing appears to
get past it and it can be set for in's and out's.



--
Ian

"Riccardo" <> wrote in message
news:#...
> Hi,
> Vista FW with advanced security comes with an outbound traffic default
> setting "allow everything which is not denied". I think this is completely
> useless, because the main reason for outbound traffic filter is to block
> UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule
> to
> deny an unknown program/destination port. On the other hand if I change
> the
> outbound setting to "block everything that does not match a rule" it is
> nearly impossible to design a rule for legitimate programs because, as far
> as I understand, there is no "display notification" for outbound breaking
> rule, and it is not simple to know applications/services/ports of the
> majority of legitimate applications (apart from browser mailer and few
> others).
> My question is: is there a way to have a kind of display notification of
> the
> outbound offended rule with applications/services/ports of the offending
> programs?
> Thanks in advance
> Riccardo
>
>

Ian,
That's your opinion.
I use the Windows Firewall with minimal outbound control (Vista), AVG
anti-virus and am behind a router/firewall. Nothing disasterous has gotten
past it for over three years on two computers that remain on 24/7. My
opinion is based solely on my experience.
"Ian Betts" <> wrote in message
news:01800B40-CA63-4EE0-8979-...
>I never use Windows firewall, They are inferiorat the best of times to a
>good stand alone. I use the one that comes with Panda VP, nothing appears
>to get past it and it can be set for in's and out's.
>
>
>
> --
> Ian
>
> "Riccardo" <> wrote in message
> news:#...
>> Hi,
>> Vista FW with advanced security comes with an outbound traffic default
>> setting "allow everything which is not denied". I think this is
>> completely
>> useless, because the main reason for outbound traffic filter is to block
>> UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule
>> to
>> deny an unknown program/destination port. On the other hand if I change
>> the
>> outbound setting to "block everything that does not match a rule" it is
>> nearly impossible to design a rule for legitimate programs because, as
>> far
>> as I understand, there is no "display notification" for outbound breaking
>> rule, and it is not simple to know applications/services/ports of the
>> majority of legitimate applications (apart from browser mailer and few
>> others).
>> My question is: is there a way to have a kind of display notification of
>> the
>> outbound offended rule with applications/services/ports of the offending
>> programs?
>> Thanks in advance
>> Riccardo
>>
>>

No firewall that runs locally on a computer can be relied upon to stop
outgoing traffic from malware. If the malware is running on the computer it
can alter anything on the computer including the firewall. The firewall can
make this hard to do but not impossible.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca


"Ian Betts" <> wrote in message
news:01800B40-CA63-4EE0-8979-...
>I never use Windows firewall, They are inferiorat the best of times to a
>good stand alone. I use the one that comes with Panda VP, nothing appears
>to get past it and it can be set for in's and out's.
>
>
>
> --
> Ian
>
> "Riccardo" <> wrote in message
> news:#...
>> Hi,
>> Vista FW with advanced security comes with an outbound traffic default
>> setting "allow everything which is not denied". I think this is
>> completely
>> useless, because the main reason for outbound traffic filter is to block
>> UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule
>> to
>> deny an unknown program/destination port. On the other hand if I change
>> the
>> outbound setting to "block everything that does not match a rule" it is
>> nearly impossible to design a rule for legitimate programs because, as
>> far
>> as I understand, there is no "display notification" for outbound breaking
>> rule, and it is not simple to know applications/services/ports of the
>> majority of legitimate applications (apart from browser mailer and few
>> others).
>> My question is: is there a way to have a kind of display notification of
>> the
>> outbound offended rule with applications/services/ports of the offending
>> programs?
>> Thanks in advance
>> Riccardo
>>
>>

Ah but your router firewall is the one that you can rely on most IMHO.



--
Ian

"Charles W Davis" <> wrote in message
news:A1C774F1-C82F-4F19-9BC1-...
> Ian,
> That's your opinion.
> I use the Windows Firewall with minimal outbound control (Vista), AVG
> anti-virus and am behind a router/firewall. Nothing disasterous has gotten
> past it for over three years on two computers that remain on 24/7. My
> opinion is based solely on my experience.
> "Ian Betts" <> wrote in message
> news:01800B40-CA63-4EE0-8979-...
>>I never use Windows firewall, They are inferiorat the best of times to a
>>good stand alone. I use the one that comes with Panda VP, nothing appears
>>to get past it and it can be set for in's and out's.
>>
>>
>>
>> --
>> Ian
>>
>> "Riccardo" <> wrote in message
>> news:#...
>>> Hi,
>>> Vista FW with advanced security comes with an outbound traffic default
>>> setting "allow everything which is not denied". I think this is
>>> completely
>>> useless, because the main reason for outbound traffic filter is to block
>>> UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule
>>> to
>>> deny an unknown program/destination port. On the other hand if I change
>>> the
>>> outbound setting to "block everything that does not match a rule" it is
>>> nearly impossible to design a rule for legitimate programs because, as
>>> far
>>> as I understand, there is no "display notification" for outbound
>>> breaking
>>> rule, and it is not simple to know applications/services/ports of the
>>> majority of legitimate applications (apart from browser mailer and few
>>> others).
>>> My question is: is there a way to have a kind of display notification of
>>> the
>>> outbound offended rule with applications/services/ports of the offending
>>> programs?
>>> Thanks in advance
>>> Riccardo
>>>
>>>
>
>

But a good hardware and software firewall should stop the malware getting
in.



--
Ian

"Kerry Brown" <*a*m> wrote in message
news:1C1C7D21-37AC-4326-8BC3-...
> No firewall that runs locally on a computer can be relied upon to stop
> outgoing traffic from malware. If the malware is running on the computer
> it can alter anything on the computer including the firewall. The firewall
> can make this hard to do but not impossible.
>
> --
> Kerry Brown
> Microsoft MVP - Shell/User
> http://www.vistahelp.ca
>
>
> "Ian Betts" <> wrote in message
> news:01800B40-CA63-4EE0-8979-...
>>I never use Windows firewall, They are inferiorat the best of times to a
>>good stand alone. I use the one that comes with Panda VP, nothing appears
>>to get past it and it can be set for in's and out's.
>>
>>
>>
>> --
>> Ian
>>
>> "Riccardo" <> wrote in message
>> news:#...
>>> Hi,
>>> Vista FW with advanced security comes with an outbound traffic default
>>> setting "allow everything which is not denied". I think this is
>>> completely
>>> useless, because the main reason for outbound traffic filter is to block
>>> UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule
>>> to
>>> deny an unknown program/destination port. On the other hand if I change
>>> the
>>> outbound setting to "block everything that does not match a rule" it is
>>> nearly impossible to design a rule for legitimate programs because, as
>>> far
>>> as I understand, there is no "display notification" for outbound
>>> breaking
>>> rule, and it is not simple to know applications/services/ports of the
>>> majority of legitimate applications (apart from browser mailer and few
>>> others).
>>> My question is: is there a way to have a kind of display notification of
>>> the
>>> outbound offended rule with applications/services/ports of the offending
>>> programs?
>>> Thanks in advance
>>> Riccardo
>>>
>>>
>
>

Another option is ZoneAlarm Free for Vista (32-bit)
http://www.pcworld.com/downloads/fil...scription.html

Richard Urban wrote:
> You can use Vista Firewall Control (free) from
> http://www.sphinx-soft.com/Vista/order.html
>
> OR
>
> You can use PCTools Firewall Plus (free) from
> http://www.pctools.com/firewall/
>

Correct but the firewall in Vista is fully capable of doing this. Unless the
firewall also does some threat profiling as some hardware firewalls do the
built in firewall is as good as any and better than most for inbound
access. I always rely on a hardware firewall as the first line of defense
and a software firewall to protect against worms that are already inside the
perimeter.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca


"Ian Betts" <> wrote in message
news:4943AB5B-FB57-4B44-B523-...
> But a good hardware and software firewall should stop the malware getting
> in.
>
>
>
> --
> Ian
>
> "Kerry Brown" <*a*m> wrote in message
> news:1C1C7D21-37AC-4326-8BC3-...
>> No firewall that runs locally on a computer can be relied upon to stop
>> outgoing traffic from malware. If the malware is running on the computer
>> it can alter anything on the computer including the firewall. The
>> firewall can make this hard to do but not impossible.
>>
>> --
>> Kerry Brown
>> Microsoft MVP - Shell/User
>> http://www.vistahelp.ca
>>
>>
>> "Ian Betts" <> wrote in message
>> news:01800B40-CA63-4EE0-8979-...
>>>I never use Windows firewall, They are inferiorat the best of times to a
>>>good stand alone. I use the one that comes with Panda VP, nothing appears
>>>to get past it and it can be set for in's and out's.
>>>
>>>
>>>
>>> --
>>> Ian
>>>
>>> "Riccardo" <> wrote in message
>>> news:#...
>>>> Hi,
>>>> Vista FW with advanced security comes with an outbound traffic default
>>>> setting "allow everything which is not denied". I think this is
>>>> completely
>>>> useless, because the main reason for outbound traffic filter is to
>>>> block
>>>> UNKNOWN programs (worm, trojans ....) so it is impossible to make a
>>>> rule to
>>>> deny an unknown program/destination port. On the other hand if I change
>>>> the
>>>> outbound setting to "block everything that does not match a rule" it is
>>>> nearly impossible to design a rule for legitimate programs because, as
>>>> far
>>>> as I understand, there is no "display notification" for outbound
>>>> breaking
>>>> rule, and it is not simple to know applications/services/ports of the
>>>> majority of legitimate applications (apart from browser mailer and few
>>>> others).
>>>> My question is: is there a way to have a kind of display notification
>>>> of the
>>>> outbound offended rule with applications/services/ports of the
>>>> offending
>>>> programs?
>>>> Thanks in advance
>>>> Riccardo
>>>>
>>>>
>>
>>

Kerry. May I ask as to what hardware firewall you are using?

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)



"Kerry Brown" <*a*m> wrote in message
news:8EFBFF1E-AC59-4623-B762-...
> Correct but the firewall in Vista is fully capable of doing this. Unless
> the firewall also does some threat profiling as some hardware firewalls do
> the built in firewall is as good as any and better than most for inbound
> access. I always rely on a hardware firewall as the first line of defense
> and a software firewall to protect against worms that are already inside
> the perimeter.
>
> --
> Kerry Brown
> Microsoft MVP - Shell/User
> http://www.vistahelp.ca
>
>
> "Ian Betts" <> wrote in message
> news:4943AB5B-FB57-4B44-B523-...
>> But a good hardware and software firewall should stop the malware getting
>> in.
>>
>>
>>
>> --
>> Ian
>>
>> "Kerry Brown" <*a*m> wrote in message
>> news:1C1C7D21-37AC-4326-8BC3-...
>>> No firewall that runs locally on a computer can be relied upon to stop
>>> outgoing traffic from malware. If the malware is running on the computer
>>> it can alter anything on the computer including the firewall. The
>>> firewall can make this hard to do but not impossible.
>>>
>>> --
>>> Kerry Brown
>>> Microsoft MVP - Shell/User
>>> http://www.vistahelp.ca
>>>
>>>
>>> "Ian Betts" <> wrote in message
>>> news:01800B40-CA63-4EE0-8979-...
>>>>I never use Windows firewall, They are inferiorat the best of times to a
>>>>good stand alone. I use the one that comes with Panda VP, nothing
>>>>appears to get past it and it can be set for in's and out's.
>>>>
>>>>
>>>>
>>>> --
>>>> Ian
>>>>
>>>> "Riccardo" <> wrote in message
>>>> news:#...
>>>>> Hi,
>>>>> Vista FW with advanced security comes with an outbound traffic default
>>>>> setting "allow everything which is not denied". I think this is
>>>>> completely
>>>>> useless, because the main reason for outbound traffic filter is to
>>>>> block
>>>>> UNKNOWN programs (worm, trojans ....) so it is impossible to make a
>>>>> rule to
>>>>> deny an unknown program/destination port. On the other hand if I
>>>>> change the
>>>>> outbound setting to "block everything that does not match a rule" it
>>>>> is
>>>>> nearly impossible to design a rule for legitimate programs because, as
>>>>> far
>>>>> as I understand, there is no "display notification" for outbound
>>>>> breaking
>>>>> rule, and it is not simple to know applications/services/ports of the
>>>>> majority of legitimate applications (apart from browser mailer and few
>>>>> others).
>>>>> My question is: is there a way to have a kind of display notification
>>>>> of the
>>>>> outbound offended rule with applications/services/ports of the
>>>>> offending
>>>>> programs?
>>>>> Thanks in advance
>>>>> Riccardo
>>>>>
>>>>>
>>>
>>>
>