Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Vista Firewall (Ultimate SP1)

    Here's the deal - I've removed Zone Alarm free from my Vista installation and the hangs of Firefox that I was having seem to have stopped. But that's a bit more than a 24 hour run, so I don't know if it will hold or not. If you want the background reading, see <post#=722,629>post 722,629</post#> (and in a minor way, <post#=722,777>post 722,777</post#> )

    Here, I'd like to find out if there is (are) anyone who's using the Vista firewall to protect the OUTBOUND traffic on a computer. Of course, as has been stated before, Vista turned on its firewall when I removed ZA. I simply made a few early visits to the advanced firewall window and started reading. It doesn't look as difficult to "use" as I thought, but I quickly admit that I don't understand most of the built-in "rules." However, a like set of rules exist on the inbound side as well, so I'm sure there's a long story behind each one. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

    Anyway, it's easy to turn outgoing on, one click and it's done, but I'd like to hear the early warning thoughts of anyone who has tried it - whether you've stayed with it or quit. If it doesn't drive me any whackier than ZA did during the "teaching" phase, I won't mind that. Thanks...

  2. #2
    3 Star Lounger
    Join Date
    Jun 2001
    Location
    Lewiston, Maine, USA
    Posts
    293
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Vista Firewall (Ultimate SP1)

    Morning Al,
    I've been running Windows Firewall on my Vista Home Premium laptop for the past 4 months - no problems, inbound and outbound. Am also running Firefox 3.0 - no problems.
    Haven't gone into the setting too often, but the few times I looked at them they seemed rather straightforward.
    Overall, am a happy camper.
    Btw, also running Defender and Avast. - smooth system.

  3. #3
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Swanzey, New Hampshire, USA
    Posts
    1,707
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Vista Firewall (Ultimate SP1)

    Al,

    I haven't done anything with Vista Firewall other than enable it (default). And, I don't have a 3rd-party software firewall either. Why? Because #1 I ain't paranoid about security as some are. #2 Since I have good "incoming" protection (Linksys router, Kaspersky AV 8.0.0.357, Windows Defender, safe computing practices) . . . there isn't anything "bad" that is going to want to get out. <img src=/S/wink.gif border=0 alt=wink width=15 height=15>

    <IMG SRC=http://www.the-highway.com/Smileys/3stooges.gif>
    Jeff
    simul iustus et peccator

  4. #4
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Vienna, Wien, Austria
    Posts
    5,009
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Vista Firewall (Ultimate SP1)

    The range of apps that require internet access - for me - are limited. On that basis, I have both Inbound & Outbound traffic banned by default - subject to a list of exceptions for both. As this list is saveable Action->Export Policy, it is not high maintenance. Any (permanent) new install gets its own Inbound & Outbound exceptions.
    Gre

  5. #5
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Vista Firewall (Ultimate SP1)

    Thanks everyone so far for the comments. I just gave it a shot and set the outbound to "block" as well. I'm a bit surprised (disappointed?) that the Vista variety doesn't ask for permission when you try to run a program, kinda like ZA does. I made the change right after booting and the first program I ran was Firefox. It wouldn't go to any web sites. So, I tried creating a rule using the attached route (I put it in all three profiles - domain, private and public. No soap, I still can't connect. I went back and turned OFF outbound to make sure it wasn't another problem and it's not - Fx is running as I post.

    Did I miss something in the menus? Must one create some kind of rule allowing everything, which I saw in there? I won't do that since it defeats the "purpose" of this whole exercise.
    Attached Images Attached Images

  6. #6
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,588
    Thanks
    5
    Thanked 1,059 Times in 928 Posts

    Re: Vista Firewall (Ultimate SP1)

    By default, the Windows Firewall only controls inbound access. You must specifically access the Windows Firewall with Advanced Security (All Programs | Accessories) and turn on outbound control.

    Joe
    Joe

  7. #7
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,588
    Thanks
    5
    Thanked 1,059 Times in 928 Posts

    Re: Vista Firewall (Ultimate SP1)

    Did you completely fill out the rule including the profile to which it belongs? Is there also a corresponding inbound rule?

    Joe
    Joe

  8. #8
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Vista Firewall (Ultimate SP1)

    I'll say that although this article is quite old now, it seems to tell the story, unless as I said I'm missing something somewhere in the menus. So much for Vista Outbound Firewall!

    PC World - New Windows Vista Firewall Fails on Outbound Security

  9. #9
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,588
    Thanks
    5
    Thanked 1,059 Times in 928 Posts

    Re: Vista Firewall (Ultimate SP1)

    I disagree with the premise that the outbound protection can't stop malware. All you need to do is change the Firewall Properties for the profile to block instead of allow for outbound connections. You'd need to review all existing rules and add what you want. Then anything that does not have a rule will be blocked. I've not read enough to know how to identify or get notified of blocked attempts.

    Joe
    Joe

  10. #10
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Vista Firewall (Ultimate SP1)

    Just a small clip to show that I tried that Joe, and it didn't work. Now, I'll quickly admit that there may be something I missed in the creation of my added rule. BUT if I had to go through that process for every program that I want to allow, I wouldn't bother. MS needs to change it to something like ZA (and others) that are prompting for user approval. It couldn't be any simpler than ZA has it.
    Attached Images Attached Images

  11. #11
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Vienna, Wien, Austria
    Posts
    5,009
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Vista Firewall (Ultimate SP1)

    >Did I miss something in the menus?

    Did you change the radio button from "deny" to "allow".

    The default of "deny all" still turns up with Outbound - just like the default of "allow all" turns up on Inbound.

    RightClick on the rule & select Properties - the first tab you see will tell you whether the rule is set to Deny or Allow.

    BTW putting a "_" in front of "homemade" rules makes sure that they bubble to the top when you're looking in the list.
    Gre

  12. #12
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Vista Firewall (Ultimate SP1)

    Yep, I think I did all of those including the radio button, so I don't understand why it wouldn't allow Fx to connect. I think later today I'll try some different program just for the heck of it. Thanks for looking.

  13. #13
    Star Lounger
    Join Date
    Mar 2008
    Location
    Auckland, New Zealand
    Posts
    64
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Vista Firewall (Ultimate SP1)

    Woody's "Windows Vista All-in-one Desk Reference" has a good section on "Coping with Vista's Outbound Firewall". After explaining in detail how to set up a specific block he makes the following comment:
    "Imagine setting up rules like that, manually, for every program that you want to block from going out on the Internet. Now you know why I say that Vista's outbound firewall is an ornery, snarly piece of software."

  14. #14
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Vista Firewall (Ultimate SP1)

    No offense to Woody but it ain't the ones I want blocked that I'm concerned with. I want EVERYBODY blocked except the ones I say are OK. Which, to me, means when I run Firefox the firewall should ask me if it's OK. When I run Thunderbird, the firewall should........ well, I think you get the idea.

    My main concern about outbound (now, with no offense to Jeff) is - how about the alleged legit shareware or freeware that I knowingly download, only to discover that there's some not-so-good stuff included or buried within. I want my firewall to yell at me that this program is trying to phone home. If it's something I expect, like a program that checks for updates, I'll OK it, otherwise my detective work begins. And folks, I for one have had a few. Fortunately it has been only a few.

  15. #15
    Star Lounger
    Join Date
    Mar 2008
    Location
    Auckland, New Zealand
    Posts
    64
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Vista Firewall (Ultimate SP1)

    According to Woody, Vista's outbound firewall "doesn't block a thing unless you tell it to". It has only two basic functions: blocking a program (or port, or something else) you select and unblocking a program you've previously blocked. Therefore it appears to be unable to work as you would wish.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •