Firewall Applications to Permit

Discussion in 'Windows Vista Security' started by Hangetsu, Apr 7, 2007.

  1. Hangetsu

    Hangetsu Guest

    Hello!

    I'm trying to finish configuration of the Windows Firewall with Advanced
    Security. I've set the default for outgoing apps to Block, and I've
    permitted the applications I've installed access.

    What I can't get to work is Windows Updates / Automatic Updates. Does
    anyone know what Microsoft applications require access to the internet to
    accomplish this? What other Vista apps will require access? In particular,
    I'm looking for the physical file names & locations (since that is what has
    to be entered when creating a rule).

    Thanks in advance!
     
    Hangetsu, Apr 7, 2007
    #1
    1. Advertisements

  2. Hangetsu

    Jesper Guest

    I'm trying to finish configuration of the Windows Firewall with Advanced
    What exact threat are you trying to mitigate by doing this; or are you
    simply trying to fill an otherwise boring Saturday afternoon by breaking your
    computer and seeing how long it will take to fix it?

    There is a really good chance nobody else around here has tried this, for
    the very reason that once you enumerate all the apps you need you may as well
    have left the firewall in its default configuration; combined with the fact
    that it has absolutely no positive security value.
     
    Jesper, Apr 8, 2007
    #2
    1. Advertisements

  3. Hangetsu

    Hangetsu Guest

    Beyond witty sarcasm do you have anything else to offer, such as
    alternatives? The reason I DON'T want to stay with the status-quo as you
    suggest is that the firewall permits ALL applications outbound access BY
    DEFAULT. I don't want to allow that, and this is essentially why XP's
    firewall was only something that was there to be turned off by 3rd party
    firewalls.

    Can anyone please provide me a reasonable alternative to meet this
    requirement then? I want to prevent applications from accessing the internet
    without my OK. I don't want to break Automatic Updates and Windows Update in
    the process. Most 3rd party firewalls are not really Vista-ready yet.
     
    Hangetsu, Apr 8, 2007
    #3
  4. Hangetsu

    CZ Guest

    I'm trying to finish configuration of the Windows Firewall with Advanced
    Security. I've set the default for outgoing apps to Block, and I've
    permitted the applications I've installed access.

    What I can't get to work is Windows Updates / Automatic Updates. Does
    anyone know what Microsoft applications require access to the internet to
    accomplish this? What other Vista apps will require access? In particular,
    I'm looking for the physical file names & locations (since that is what has
    to be entered when creating a rule).


    Hangetsu:

    You might try one of the application gateway firewalls instead:
    PC Tools Firewall Plus
    http://www.pctools.com/firewall/

    VistaFirewallControl
    http://sphinx-soft.com/Vista/index.html

    ZA beta for Vista
    http://download.zonelabs.com/bin/free/beta/index.html


    I have run each of the above with the Vista f/w enabled without problems.

    I am currently using the ZA beta product am I am very impressed with it.
     
    CZ, Apr 8, 2007
    #4
  5. Hangetsu

    Jesper Guest

    Beyond witty sarcasm do you have anything else to offer, such as
    Why skip the witty sarcasm? It's so much fun! :) My preferred alternative
    would be to set the firewall to its original setting and go have a nice cold
    fermented beverage. It will have about the same effect on your security as
    continuing the pointless quest to block malicious outbound traffic.
    If all you want is an alert then install OneCare Live. It works on Vista and
    alerts you when non-malicious programs access the Internet. Of course, it
    goes without saying that it won't be able to alert you when malicious program
    does the same.

    If you actually want to stop malicious programs that are already executing
    as you from communicating out then your options are things like disconnecting
    the network cable or blocking all outbound traffic entirely and running as a
    standard user.

    What I am trying to explain to you is that you cannot permit some software
    that runs as a particular user to connect out and still meaningfully block
    other software, running in the same user context, from connecting out. In
    Windows Vista you *can* block services running as one user from connecting
    out using permitted connections from another service running in the same user
    context. That functionality is new to Vista, but it is already enabled by
    default and requires no additional configuration. On Windows XP doing so was
    impossible, both with the Windows Firewall and any third-party add-on. On
    Windows XP outbound host-based firewall filtering was completely meaningless.
    In Windows Vista all the meaningful filtering is already there by default.
    There is no reason to waste time trying to "improve" it because the
    fundamental facts about how software runs on Windows NT-based operating
    systems does not permit host-based firewall filtering to provide any value.

    I am well aware that there are third-party firewalls that claim the ability
    to block outbound traffic as the main reason to buy them. That type of claim
    used to be called snake-oil. Today it is called an "Internet Security Suite".
    It provides no discernible security value and serves only to aggravate the
    user using it and enrich the unscrupulous vendor producing it.

    In summary:
    You cannot stop malicious programs running as you on your computer from
    communicating outbound. Focus on stopping the malicious programs from running
    on your computer instead.
     
    Jesper, Apr 8, 2007
    #5
  6. Hangetsu

    CZ Guest

    My preferred alternative
    would be to set the firewall to its original setting and go have a nice cold
    fermented beverage. It will have about the same effect on your security as
    continuing the pointless quest to block malicious outbound traffic.

    Jesper:

    His goal may be to have control over outbound requests, malicious or not.
     
    CZ, Apr 8, 2007
    #6
  7. Hangetsu

    Jesper Guest

    His goal may be to have control over outbound requests, malicious or not.

    And, as I said, you can't control malicious ones, but OneCare does permit
    you to control non-malicious ones.
     
    Jesper, Apr 8, 2007
    #7
  8. Hangetsu

    Hangetsu Guest

    Hangetsu:
    Thanks CZ. If I need to go with a 3rd party, ZA is probably the one I'd go
    with for certain. However, I'd like to see if the built-in firewall will
    work too. From my understanding, OneCare is essentially using it, but with a
    pretty front-end.

    To confirm what was said above, I am looking to control all outbound, not
    just for malicious software (although that is the goal). I'm not trying to
    configure block rules, but start with no access and set up allow rules (all
    my software is configured already this way in the firewall). The only part I
    can't figure out entirely is what Windows needs.

    As an update, I think I got it -- Setting up a custom rule, I granted
    svchost.exe access; The only reason I used custom is that it allows you to
    specify the service or services using the application (in this case,
    wuauserv). Solved my problem in this case.

    Next, figuring out what's involved with printing to a network printer
    (Apparently the Print Spooler service isn't enough).
     
    Hangetsu, Apr 8, 2007
    #8
  9. Hangetsu

    Hangetsu Guest

    Spoolsrv takes care of it -- I thought I saved the rule before, must have
    fat-fingered it... :-(
     
    Hangetsu, Apr 8, 2007
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.