Vista Firewall ??????

Discussion in 'Windows Vista Security' started by Davcal, May 19, 2007.

  1. Davcal

    Davcal Guest

    Engel...I must admit, that is a step in the right direction.
    But that's exactly what PC Tools Firewall has been doing all along.
    The fact that Vista turns this Filter off as default sure says a lot.
     
    Davcal, May 20, 2007
    #21
    1. Advertisements

  2. Of course you can; it test incoming only. XP passes it. My cat passes it.
    He's talking about a leak test tool you download to test outgoing.
     
    Milhouse Van Houten, May 21, 2007
    #22
    1. Advertisements

  3. Davcal

    Davcal Guest


    Thanks for that Milhouse, sheesh ! sometimes I wonder...
     
    Davcal, May 21, 2007
    #23
  4. Davcal

    Jon Guest

    Ok, point taken. Tried the 'leak test' too. Nothing got through. Just a
    question of enabling the outgoing firewall.
     
    Jon, May 21, 2007
    #24
  5. Can you expand on that? Are you saying that you've customized your outbound
    rules?
     
    Milhouse Van Houten, May 21, 2007
    #25
  6. Davcal

    Jon Guest


    Yes, that's correct. On this particular installation, which is fairly new,
    I currently have outbound rules for

    ---------------------------
    Currently Enabled Outward Bound Rules (Allow)
    ---------------------------
    sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe]
    MSASCui.exe [C:\Program Files\Windows Defender\MSASCui.exe]
    Windows Update [Service] [C:\Windows\system32\svchost.exe]
    Windows Defender [Service] [C:\Windows\System32\svchost.exe]
    WinMail.exe [C:\Program Files\Windows Mail\WinMail.exe]
    ieuser.exe [C:\Program Files\Internet Explorer\ieuser.exe]
    iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe]

    + another rule for my modem

    I have a small program that creates rules for programs / services for me
    automatically, but you can also do it manually via the 'Windows Firewall
    with Advanced Security' console.

    If your familiar with the command line, or with vbscript, then you can also
    create rules using the 'netsh' command, or
    progid "HNetCfg.FwPolicy2" interface.
     
    Jon, May 21, 2007
    #26
  7. Davcal

    Paul Smith Guest

    Yeah using the firewall as a security measure on outbound packets is
    pointless, and for most users creates needless hassle.

    That's why outbound filtering is off by default, simple.

    --
    Paul Smith,
    Yeovil, UK.
    Microsoft MVP Windows Shell/User.
    http://www.windowsresource.net/

    *Remove nospam. to reply by e-mail*
     
    Paul Smith, May 22, 2007
    #27
  8. Davcal

    Victek Guest

    Yeah using the firewall as a security measure on outbound packets is
    This is one of those issues that people can't seem to take a middle position
    on. Why is outbound filtering "pointless"? It certainly isn't a substitute
    for making a best effort to prevent malware from infiltrating the system to
    begin with, but if some slips through then sometimes it can be caught by the
    firewall if it tries to make an outbound connection. I had this exact
    experience. A software firewall is just one of many tools none of which are
    perfect, but when combined constitute a layered defense. Yes, it can be a
    hassle to use, but I think it's "off" by default so that MS doesn't have to
    deal with all the newbie's who don't know how to configure it, not because
    it has no use. Why not use outbound filtering and educate people about it's
    limitations at the same time?
     
    Victek, May 22, 2007
    #28
  9. Davcal

    Davcal Guest

    Well said Victek, I don't understand why people continue to be in denial
    to this.
    If you don't have any outgoing protection, as in Vista Firewall, then
    you'll
    never know what's leaving your PC, especially when you first boot up.
    As you said, layered protection is the best defense.
    Several software progs combined with a Router is what I use.
    But when I first discovered "Leaktest" by www.grc,com ( A long time
    ago )
    I then installed a software firewall which stopped Leaktest.
    I was amazed at the number of progs that were trying to call home.
    So instead of shooting the messenger, just give Leaktest a try and see
    for yourself.
    Then install a software firewall. I'm sure you'll be uncomfortable when
    you see what's going on.
     
    Davcal, May 22, 2007
    #29
  10. Outbound filtering itself isn't pointless. Host-based outbound
    filtering as a countermeassure against malware is pointless. Or more
    precisely: It's broken by concept.
    Yes. They sometimes seem to work against malware. The problem is you
    can't tell whether a pop-up actually means the malware was prevented
    from connecting out. You may just as well feel safe for no good
    reason. That's why I label them illusionware. Mostly PFW's are just
    attack vectors for malware writers to utilize anyway.
    In a virtual environment "a layered defense" is often misunderstood.
    You increase security by removing attack vectors - not by adding them.
    Why not educate people about real security meassures?
     
    Straight Talk, May 23, 2007
    #30
  11. You're right. You don't understand.
    If you have such problems you are in big trouble already.
    Yes, if one understands what layered protection means in a virtual
    environment.
    Don't worry. That's a common mistake.
    Referring to GRC shows what you know. I bet you have already made sure
    your router shows up as "stealth". Sigh...
    All of them were either doing what they were supposed to do (approved
    by yourself upon installation) or your "firewall" was simply too
    stupid to figure out if the program was actually trying to connect or
    if it was just talking to itself.
    Get a clue.
    The day you can recommend a PFW that isn't totally broken I will be
    happy to try it out.
     
    Straight Talk, May 23, 2007
    #31
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.