Notifying user when outbound connections are blocked

Discussion in 'Windows Vista Security' started by Roof Fiddler, Dec 17, 2006.

  1. Roof Fiddler

    Roof Fiddler Guest

    Vista's firewall has a setting "Display notifications to the user when a
    program is blocked from receiving inbound connections." Why doesn't it have
    a setting "Display notifications to the user when a program is blocked from
    initiating outbound connections", like Zonealarm is able to do?
     
    Roof Fiddler, Dec 17, 2006
    #1
    1. Advertisements

  2. Roof Fiddler

    Robert Moir Guest

    Design choice, I guess. Obviously there is nothing to stop Microsoft from
    adding this feature, other than perhaps they don't want to tread on the toes
    of too many 3rd party providers at once, and/or they might agree with my
    opinion on the whole firewall thing, which i've outlined below.

    //personal opinion follows//
    This sort of feature is not as useful as a lot of people think, and in 3rd
    party software firewalls such as ZA is more about saying "Hey, I'm here
    working hard for you, wouldn't you like to buy the full priced copy, or if
    you have already then aren't you glad you did." than about adding any actual
    quantifiable protection to the system.

    Once code is running on your system, it is totally trivial on MS operating
    systems older than Vista to subvert the settings of any firewall program
    because the user is usually running as Admin, Admins can modify the
    block/allow list of the firewall program, and any malicious program running
    in the 'context' of that logged in user can use this admin right to quietly
    add itself to an exclusion list in the background.

    On systems such as Vista, the cost of doing this has become a little higher,
    maybe, but it still exists to some degree at least.

    Once malicious code has been executed on your system by an admin level
    account, you have lost control of that system and can't trust anything that
    happens 'within' that operating system from that point onwards. Sad but
    true. So it is far more cost effective to work on preventing malicious code
    from entering and executing on a system than it is to worry about trying to
    rein it in afterwards.
    //personal opinion ends//

    Regards
    Rob Moir.
     
    Robert Moir, Dec 18, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.