Does Windows Vista Firewall prompt you for outgoing connection?

[Guest]

Does Windows Vista Firewall prompt you for outgoing connections in order to
allow, deny or create a rule for outgoing connections? Any screenshots?

 

[Puppy Breath]

You can block incoming and outgoing based on all kinds of things: program,
group membership, protocol, address, and such. You can allow only secure
connections and require encryption. You can define rules and base the whole
thing on policies. I suppose it can prompt rather than just block. But I
haven't messed around with it enough to be sure.



I can't do a screenshot here but maybe someone else can send you to one. The
console is in Administrative Tools under Windows Firewall with Advanced
Security.

 

[roman modic]

Hello!

Does Windows Vista Firewall prompt you for outgoing connections in order to
allow, deny or create a rule for outgoing connections? Any screenshots?

Here are some nice articles :>

Crippled Vista
http://www.securitypronews.com/news/securitynews/spn-45-20060428CrippledVista.html

Vista To Handcuff Firewall
http://www.techweb.com/wire/security/187000304

OTOH: How to enable two-way firewall?
http://www.edbott.com/weblog/?p=1219

Roman

 

[John Jay Smith]

why cant you do a screenshot?

Just curious...

 

[Zack Whittaker]

If you're going to play with the Firewall, head on over to the MMC console
in Administrative Tools as that has a hell of a lot more options with it, as
opposed to the Control Panel applet )

--
Zack Whittaker
» ZackNET Enterprises: www.zacknet.co.uk
» MSBlog on ResDev: www.msblog.org
» Vista Knowledge Base: www.vistabase.co.uk
» This mailing is provided "as is" with no warranties, and confers no
rights. All opinions expressed are those of myself unless stated so, and not
of my employer, best friend, Ghandi, my mother or my cat. Glad we cleared
that up!

--: Original message follows :--

 

[Puppy Breath]

why cant you do a screenshot?

Don't know how.

(Kidding). I can do the shot but WinMail doesn't want to send it. Don't know
why yet. Maybe I shouldn'ta been screwing around with the firewall. .

 

[Puppy Breath]

Here's a screenshot of the main outgoing port window (all crunched
together). Assumins WinMail cooperates. You can also configure through a
dialog box.

 

[Guest]

You can block incoming and outgoing based on all kinds of things: program,
group membership, protocol, address, and such. You can allow only secure
connections and require encryption. You can define rules and base the whole
thing on policies. I suppose it can prompt rather than just block. But I
haven't messed around with it enough to be sure.

yes I know you can create an off-line rule from the MMC, but I want to know
if Windows Vista firewall prompt you with a pop-up when a program need
estabilish an outgoing connection or you must create an off-line rule. Why I
didn't see in Internet an article about this? I read this
http://www.microsoft.com/technet/community/columns/cableguy/cg0106.mspx but
there's not a screenshot or an explaination about prompt for outgoing
connection (I only see you can create a rule, but not prompt?).

 

[Puppy Breath]

Oh, sorry. Don't know about that part of it. Haven't played with it much.
Maybe someone else knows.

 

[Puppy Breath]

Ooops, sorry. The screesnshot was intended for Franz (who apparently doesn't
need the one I sent).

 

[Andre Da Costa [Extended64]]

As Puppy says, you can't do that with the default Windows Firewall in
Windows Vista located in the Control Panel. You have to use the Windows
Firewall with Advanced Security.

Here is a great article from the Cable Guy about using it:
http://www.microsoft.com/technet/community/columns/cableguy/cg0106.mspx
--
--
Andre
Windows Connected | http://www.windowsconnected.com
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta

"Franz" <[email protected]

rosoft.com> wrote in message
news:[email protected]...

 

[Zack Whittaker]

Has to be less than about 50-75kb or so - save it as a JPG or cut down
whatever you can out of the screenshot.
Alternatively, stick it on a web host somewhere and send in the link )

--
Zack Whittaker
» ZackNET Enterprises: www.zacknet.co.uk
» MSBlog on ResDev: www.msblog.org
» Vista Knowledge Base: www.vistabase.co.uk
» This mailing is provided "as is" with no warranties, and confers no
rights. All opinions expressed are those of myself unless stated so, and not
of my employer, best friend, Ghandi, my mother or my cat. Glad we cleared
that up!

--: Original message follows :--

 

[roman modic]

Hello!

As Puppy says, you can't do that with the default Windows Firewall in Windows Vista located in the Control Panel. You have to use
the Windows Firewall with Advanced Security.

Here is a great article from the Cable Guy about using it:
http://www.microsoft.com/technet/community/columns/cableguy/cg0106.mspx

And another from Jesper Johansson:
http://blogs.technet.com/jesper_johansson/archive/2006/05/01/426921.aspx

The key problem is that most people think outbound host-based firewall filtering will keep a compromised asset from attacking other
assets. This is impossible. Putting protective measures on a compromised asset and asking it not to compromise any other assets
simply does not work. Protection belongs on the asset you are trying to protect, not the one you are trying to protect against!
Asking the bad guys not to steal stuff after they have already broken into your house is unlikely to be nearly as effective as
keeping them from breaking into the house in the first place.

In addition, as the dialogs above suggest, the vast majority of users are unable to make intelligent security decisions based on the
information presented. Presenting information that does allow them to make intelligent decisions is much harder than it sounds
because it would require the firewall to not just understand ports, protocols, and the application that is making the request, but
also to understand what it is the request really is trying to do and what that means to the user. This information is very difficult
to obtain programmatically. For instance, the fact that Microsoft Word is attempting to make an outbound connection is not nearly as
interesting as what exactly Word is trying to do with that connection. A plethora of dialogs, particularly ones devoid of any
information that helps an ordinary mortal make a security decision, are simply another fast clicking exercise. We need to reduce the
number of meaningless dialogs, not increase them, and outbound filtering firewalls do not particularly help there. While writing
this article I went and looked at the sales documentation for a major host-based firewall vendor. They tout their firewall's
outbound filtering capacity and advising capability with a screen shot that says "Advice is not yet available for this program.
Choose below or click More Info for assistance." Below are two buttons with the texts "Allow" and "Deny." Well, that clarifies
things tremendously! My mom will surely understand what that means: "Unless you click 'Allow' below you won't get to see the naked
dancing pigs that you just spent 8 minutes downloading." I rest my case.

Fundamentally, it is incumbent on the administrator to configure all outbound filtering because the end user will not be able to,
and once the administrator does that, if there are enough systems using the same protection mechanism, automated malware will just
adapt and exploit the weaknesses mentioned above.

Now, given what I just said about outbound filtering, why is it even included in Windows Vista? Here is why: there is one particular
area where outbound host-based firewall filtering provides real security value, but only in Windows Vista. In that operating system,
services can run with a highly restricted token. In essence, each service has its own security identifier (SID) which is unique to
that service and different even from the SIDs of other services running in the same account. This Service SID can be used to
restrict access to resources, such as network ports. What that means is that even though two services run as NetworkService, they
cannot manage each others processes and the firewall can be configured to allow only one of them to communicate out. If the other
one, the blocked one, is compromised, it cannot hijack the allowed service and use its allowed port to communicate out. This
functionality is another one of the very cool security features added to Windows Vista, and the new Firewall uses it to actually
provide real security value by outbound firewall filtering. In fact, firewall filtering on service SIDs is enabled by default in
Windows Vista. The rules are predefined in the
HKLM\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\RestrictedServices registry key.

Cheers, Roman