Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Why does Windows Firewall?


  • Please log in to reply
3 replies to this topic

#1 kissthesky420

kissthesky420

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 14 October 2010 - 09:27 PM

Why is it Windows firewall (vista and up I guess) have the outbound disabled on default? And is it then as reliable as a private firewall if outbound turned on?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:59 AM

Posted 15 October 2010 - 09:20 AM

Windows Vista Firewall offers two-way filtering for better security than it did in XP but it is still limited. The firewall is combined with IPsec, turned on by default and set to a basic configuration that works in tandem with the Windows Service Hardening feature. If the firewall detects activity that it considers prohibited behavior according to the Service Hardenings preset rules, the firewall will block the suspicious activity. Another feature in the Vista firewall is that it can set rules based on three different types of networks using the Rules Wizard so creating firewall rules is much simpler.

By default, most (not all) outbound filtering is turned off (outbound connections are allowed) and inbound filtering is turned on (inbound connections are blocked/not allowed). Why? This is what Microsoft has to say:

Matt Parretta, a former spokesperson for Microsoft's PR agency, Waggener Edstrom, offered this defense: "If we turned on outbound filtering by default for consumers, it forces the user to make a trust decision for every application they run which touches the network. After they upgrade to Windows Vista or purchase a new PC with that OS, they will be prompted on the first launch of every application that touches the network: Instant Messaging, IE, e-mail, Windows Media, iTunes, every self-updating app such as Adobe, and so on. Unless they click 'allow', the app will be broken and won't function properly. The out of box experience would be poor, and they would soon be desensitized to the prompts."

Although most outbound filtering is disabled, Vista’s firewall does provide limited outbound filtering which users may not be aware of as it is essentially invisible.

Jason Leznek, Microsoft senior product manager, told Computerworld that outbound filtering rules "are enabled by default for core Windows services as part of Windows Service Hardening, which enables the firewall to understand specific behaviors Windows services should have, and block them if they are doing something unexpected (ie, via an exploited vulnerability). Windows Firewall also protects the computer by blocking certain outgoing messages to help prevent the computer against certain port scanning attacks."

Outbound filtering can be configured to provide an additional layer of security and it does provide corporate and business administrators control over applications (i.e. peer-to-peer file sharing) they may want to restrict. Any such applications that require outbound access must be added to the rules list by using the firewall with the Advanced Security Microsoft Management Console (MMC). Configuration may be confusing for some and there is no practical way to to configure outbound filtering to stop all unwanted outbound connections. Inbound filtering can be turned on or off and through various tabs and configuration settings. For more specific information about configuration and security, please refer to these articles:Another very good resource is Microsoft Technet: Windows Firewall which includes information for troubleshooting.

For an independent review read these articles (some include a response by Microsoft regarding outbound filtering as quoted above):If you are going to use Vista's firewall, see Using Windows Vista firewall. If not, see How to turn off the firewall in Vista.

Edited by quietman7, 15 October 2010 - 09:21 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 kissthesky420

kissthesky420
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 29 October 2010 - 10:58 AM

The out of box experience would be poor, and they would soon be desensitized to the prompts."


But all your credit card info going out the door wouldn't make the out of box experience poor.
And instead of a properly working firewall they added that stupid user acct control that pops every time you fart.

Thank you for the response, very informative.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:59 AM

Posted 29 October 2010 - 12:25 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users