Vista Firewall outbound control

  • Thread starter Thread starter Riccardo
  • Start date Start date
R

Riccardo

Hi,
Vista FW with advanced security comes with an outbound traffic default
setting "allow everything which is not denied". I think this is completely
useless, because the main reason for outbound traffic filter is to block
UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule to
deny an unknown program/destination port. On the other hand if I change the
outbound setting to "block everything that does not match a rule" it is
nearly impossible to design a rule for legitimate programs because, as far
as I understand, there is no "display notification" for outbound breaking
rule, and it is not simple to know applications/services/ports of the
majority of legitimate applications (apart from browser mailer and few
others).
My question is: is there a way to have a kind of display notification of the
outbound offended rule with applications/services/ports of the offending
programs?
Thanks in advance
Riccardo
 
I never use Windows firewall, They are inferiorat the best of times to a
good stand alone. I use the one that comes with Panda VP, nothing appears to
get past it and it can be set for in's and out's.
 
Ian,
That's your opinion.
I use the Windows Firewall with minimal outbound control (Vista), AVG
anti-virus and am behind a router/firewall. Nothing disasterous has gotten
past it for over three years on two computers that remain on 24/7. My
opinion is based solely on my experience.
 
No firewall that runs locally on a computer can be relied upon to stop
outgoing traffic from malware. If the malware is running on the computer it
can alter anything on the computer including the firewall. The firewall can
make this hard to do but not impossible.
 
Correct but the firewall in Vista is fully capable of doing this. Unless the
firewall also does some threat profiling as some hardware firewalls do the
built in firewall is as good as any and better than most for inbound
access. I always rely on a hardware firewall as the first line of defense
and a software firewall to protect against worms that are already inside the
perimeter.
 
Kerry. May I ask as to what hardware firewall you are using?

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)
 
Daze N. Knights,

ZoneAlarm does not make a product that is compatible with Vista. I don't
care what ZoneAlarm says. I used ZoneAlarm for years on XP and it was a great
application. However, if you try to download and install the free ZoneAlarm
firewall for Vista or the ZoneAlarm Internet Security Suite for Vista you are
asking for trouble.

I tried in vain to get the ZoneAlarm Vista products to install and run
correctly to no avail. What a nightmare! I have never had to do so many
System Restores in my life. I also had to go into the registry and delete the
remnants of ZoneAlarm after the System Restores. You should read the reviews
of ZoneAlarm's Vista products and you will understand what I am saying. I do
not have any problems downloading and installing any of the other security
applications from other vendors.
Of course, this does not include Norton/Symantec and McAfee, which I would
advise staying away from (both of them are resource hogs and cause more
problems than they fix. Also, once they are entrenched in your system it is
almost impossible to eliminate them unless you reformat and do a clean
install).

My wireless router/modem has a hardware firewall and my software firewall is
the Windows firewall. I have had no problems. Of course, some people will
undoubtably be able to download ZoneAlarm products for Vista and have no
problems whatsoever. This seems to be the exception rather than the rule.

Have a nice day.

C.B.
 
I have tested the Vista compatible versions of ZA and find that any of them
will slow down the system tremendously.

I used to say that I was willing to sacrifice a 5% slowdown for, what I
perceived to be, the extra security. But these new versions slow down the
system perceptibly - likely about 20% in my case.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)
 
Hmm. I have been using ZA7.1.078.000 Free for Vista for over two weeks
with no problems at all and no noticeable slowdown. So, it's apparently
a case of YMMV.

Daze
 
I use a DFL-210. It's fairly expensive. I need the VPN performance it offers
with the firewall. It also does traffic shaping and more.

http://www.dlink.com/products/?sec=2&pid=512

The DFL-CP310 is also good if you don't need the VPN performance of the
DFL-210.

http://www.dlink.com/products/?sec=2&pid=481

I like DLink because I'm a dealer. SonicWall and others have equally good
solutions for around $250.00 and up. It may sound expensive but a good
router/firewall can actually give you a noticeable speed increase on a
broadband connection if you have more than a couple of computers. It's
surprising what a decent CPU and RAM does for a router. They are a little
more complicated to setup and there is the ongoing expense of the security
update subscription but the results are worth it. Note that this doesn't
mean you don't need an antivirus on your computer :-)

You could also use an old computer with Linux. There are some distros
designed just for this purpose. The Linux solution could be very cheap if
you have the hardware already in a closet somewhere.

This is probably overkill for most people. For the average home I'd
recommend something like the DIR-330. The firewall isn't as sophisticated
but it's decent enough and easy to configure.

http://www.dlink.com/products/?sec=0&pid=564

Even Checkpoint (Zonealarm) is getting into the home/soho hardware firewall
market.

http://www.zonealarm.com/store/content/catalog/products/z100g/index.jsp

As malware becomes more sophisticated software firewalls will become less
useful for protection against malware. With root kits and hardware
virtualization malware can hide from the OS and easily communicate around
the OS.
 
Ian Betts said:
But a good hardware and software firewall should stop the malware
getting in.
Click to expand...

Only if configured properly, no firewall can protect you against
something you or another user invite into your machine.
 
Only if configured properly, no firewall can protect you against
something you or another user invite into your machine.
Click to expand...


That is correct. But a good software firewall just may prevent that key
logger you inadvertently installed last week from phoning home with your
credit card and pin numbers, your social security card #, your Full Name and
address - in short, everything that someone needs to steal your identity.

A key logger can be on you computer for years and never do any damage - if
it's outgoing communication is flagged and then denied.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

CNET on Vista's firewall 1
PC Tools Firewall experience 2
Firewall vs. Parental Controls 5
Vista Firewall - Windows Updates 3
Vista Advanced Firewall Config 2
Firewall Rules - Outbound 3
Help, Vista's firewall started to work with outbound traffic, and I don't know how to stop it!!!!! 10
Firewall blocks outbound traffic even if outbound rule exists 21

Back
Top