Why is the "Two way" feature of Vista's Firewall such a secret?

Discussion in 'Windows Vista Security' started by six-h, Feb 28, 2009.

  1. six-h

    six-h Guest

    I am totally unable to find out how to enable this feature, though I'm told
    that it exists.
    I'm running Vista Ultimate.
    I've attempted to follow an article in PC Advisor (issue 165) and fell at
    the first hurdle!
    Quote from Mag :-
    I've heard tell of this "Search Field", but it does not appear when I click
    my start button. Using the "Search" > "For files and folders" method which is
    the only "search" I can find doesn't recognise the entry "wf.msc".
    No where in the "Help" files can I find reference to enabling it, only some
    guidance which assumes that you already have it enabled.
    Help!!....Please!
     
    six-h, Feb 28, 2009
    #1
    1. Advertisements

  2. six-h

    six-h Guest

    Eurika!
    Having found out where Microsoft buried it, I think I can understand why it
    has been so deliberately hidden!
    Truth is it's so complicated to configure, all but committed geeks will
    quail at the prospect and turn to "Comodo", which according to the grapevine
    is not only free, but : -
    More secure:
    Easier to configure:
    More user friendly:

    Why can't Microsoft offer a product like this??
     
    six-h, Mar 1, 2009
    #2
    1. Advertisements

  3. six-h

    Mick Murphy Guest

    Vista firewall, when configured correctly, is superior to Comodo firewall.
    Even just incoming control, Vista's is better.
     
    Mick Murphy, Mar 1, 2009
    #3
  4. six-h

    six-h Guest

    If "Mad" Mike's opinion is true, then I am indeed sad that I am not clever
    enough to be able to configure the rules for "out going" traffic.
    Is there anyone that can offer a "fool's guide" to help me?

    I am inclined to think that I should set the all three profiles to "Block"
    all outbound traffic.
    Since my PC is in splendid isolation, connected to the Internet by wireless
    router, not part of a corporate "intranet", and is also "static", the only
    profile that concerns me is the "Private" one.
    Is that correct?

    Assuming for the moment that the answer to the above is "yes", the next
    step, creating rules for outbound traffic brings me to the rather daunting
    list.
    Some of the items are "enabled" and "allowed", others not, and I do not
    understand most of them so am loathe to make any alterations here.

    Having "blocked" all three domains, and left "the list" unchanged, do I move
    on and select "New Rule", firstly allowing "Internet Explorer.exe" outbound
    access?

    Will I be advised of other attempted outbound communications, with the
    opportunity to allow or block as and when these attempts are made, as with
    "Comodo"?

    Any help appreciated,
    Thanks.
     
    six-h, Mar 1, 2009
    #4

  5. It's not a secret, at all.

    Vista's built-in Windows Firewall is adequate for most users, but
    not particularly easy to configure. Vista's built-in firewall, although
    superior to that of WinXP, is of a rudimentary nature, intended to meet
    the simpler needs of most home consumers (or business/enterprise clients
    already ensconced behind more advanced perimeter defenses).

    One 3rd-party add-on (Sphinx's Vista Firewall Control
    http://sphinx-soft.com/Vista/) might make the Vista Firewall a bit more
    useful to you, but nothing but a completely independent product will be
    able to provide the detailed control you want.

    There are two interfaces for Vistas built-in firewall:

    1) A simplified one accessed through the Control Panel that is the only
    one most people see.

    2) And the more advanced "Windows Firewall with Advanced Security
    (WF.msc)," accessed via the Start Menu's Administrative Tools folder,
    for the experienced user who wants better control.



    --

    Bruce Chambers

    Help us help you:
    http://www.catb.org/~esr/faqs/smart-questions.html

    http://support.microsoft.com/default.aspx/kb/555375

    They that can give up essential liberty to obtain a little temporary
    safety deserve neither liberty nor safety. ~Benjamin Franklin

    Many people would rather die than think; in fact, most do. ~Bertrand Russell

    The philosopher has never killed any priests, whereas the priest has
    killed a great many philosophers.
    ~ Denis Diderot
     
    Bruce Chambers, Mar 1, 2009
    #5
  6. six-h

    six-h Guest

    Sorry Bruce, I can't see how a fire wall with free access to any and all
    outgoing traffic meets the needs of any home consumers.
    Thanks for the link to Sphinx's Vista Firewall Control, I'll have a look at
    it and see if it can help me to configure a workable outgoing regieme.
     
    six-h, Mar 1, 2009
    #6
  7. six-h

    Kayman Guest

    The truth is, Vista by default contains 82 default filters that prevent 34
    services from communicating out other than on a very narrow set of defined
    ports.
    You are not going to find anything better than the Vista FW and Vista in
    itself due to the advanced features the FW and Vista are using.

    PFW Criticism.
    http://en.wikipedia.org/wiki/Personal_firewall#Criticisms

    Jesper's Blogs-
    At Least This Snake Oil Is Free.
    http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx
    Windows Firewall: the best new security feature in Vista?
    http://blogs.technet.com/jesper_johansson/archive/2006/05/01/426921.aspx

    Exploring The Windows Firewall.
    http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
    "If you try to block outbound connections from a computer that’s already
    compromised, how can you be sure that the computer is really doing what you
    ask? The answer: you can’t. Outbound protection is security theater—it’s a
    gimmick that only gives the impression of improving your security without
    doing anything that actually does improve your security. This is why
    outbound protection didn’t exist in the Windows XP firewall and why it
    doesn’t exist in the Windows Vista™ firewall."

    Tap into the Vista firewall's advanced configuration features
    http://articles.techrepublic.com.com/5100-10877-6098592.html
    "...once you discover the secret of accessing its advanced configuration
    settings via the MMC snap-in, you'll find it to be far more configurable
    and functional. At last, Windows comes with a sophisticated personal
    firewall that can be used to set up outbound rules as well as inbound, with
    the ability to customize rules to fit your precise needs."
    Or
    Configure Vista Firewall to support outbound packet filtering
    http://searchwindowssecurity.techtarget.com/tip/0,289483,sid45_gci1247138,00.html
    Or
    Vista Firewall Control (Free versions available).
    Protects your applications from undesirable network incoming and outgoing
    activity, controls applications internet access.
    http://sphinx-soft.com/Vista/
    The free version may be all you need, check the comparisons under
    the "Download and Buy" link.

    Managing the Windows Vista Firewall
    http://technet.microsoft.com/en-us/magazine/cc510323.aspx
    *(read twice!)*

    Easy guide to make Windows Firewall better in Windows Vista.
    http://www.expertvista.com/2009/01/08/tweak-windows-firewall/

    SolutionBase: Take a look at the Windows Vista Firewall
    http://articles.techrepublic.com.com/5100-10877_11-6171339.html?tag=rbxccnbtr1

    Vista Firewall Control 32-bit version
    http://www.pcadvisor.co.uk/downloads/index.cfm?categoryid=1446&itemId=64950

    Windows Firewall: the best new security feature in Vista?
    http://blogs.technet.com/jesper_johansson/archive/2006/05/01/426921.aspx

    Good luck :)
     
    Kayman, Mar 1, 2009
    #7
  8. six-h

    Root Kit Guest

    Please explain how the comodo crap can possibly be more secure.
     
    Root Kit, Mar 2, 2009
    #8
  9. six-h

    Root Kit Guest

    Just pull your network plug. That will effectively block outgoing
    traffic.

    You could also reconsider whether the Comodo way of dealing with
    outgoing traffic makes any sense from a security perspective at all.
     
    Root Kit, Mar 2, 2009
    #9
  10. six-h

    Dave Warren Guest

    In message <> six-h
    It's really simple: If you don't like the behaviour of a piece of
    software, don't install it. Playing games to limit malicious behaviour
    of software will ultimately be futile.
     
    Dave Warren, Mar 5, 2009
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.