What OS (Windows 7, Vista, XP) are you using?
There is always the option to use Windows built-in Firewall
. Most concerns you may have heard or read about the Windows Firewall were in the XP operating system so many users were advised to use third-party alternatives. Microsoft significantly improved the firewall
to address these concerns in Vista
and then added more improvements in Windows 7
.Windows Vista Firewall offers two-way filtering for better security
than it did in XP but it is still limited. The firewall is combined with IPsec
, turned on by default
and set to a basic configuration
that works in tandem with the Windows Service Hardening
feature. If the firewall detects activity that it considers prohibited behavior according to the Service Hardenings preset rules, the firewall will block the suspicious activity. Another feature in the Vista firewall is that it can set rules based on three different types of networks using the Rules Wizard so creating firewall rules is much simpler.
By default, most (not all) outbound filtering is turned off
(outbound connections are allowed
) and inbound filtering is turned on
(inbound connections are blocked/not allowed
This is what Microsoft has to say:
Matt Parretta, a former spokesperson for Microsoft's PR agency, Waggener Edstrom, offered this defense: "If we turned on outbound filtering by default for consumers, it forces the user to make a trust decision for every application they run which touches the network. After they upgrade to Windows Vista or purchase a new PC with that OS, they will be prompted on the first launch of every application that touches the network: Instant Messaging, IE, e-mail, Windows Media, iTunes, every self-updating app such as Adobe, and so on. Unless they click 'allow', the app will be broken and won't function properly. The out of box experience would be poor, and they would soon be desensitized to the prompts."
Although most outbound filtering is disabled, Vista’s firewall does provide limited outbound filtering which users may not be aware of as it is essentially invisible.
Jason Leznek, Microsoft senior product manager, told Computerworld that outbound filtering rules "are enabled by default for core Windows services as part of Windows Service Hardening, which enables the firewall to understand specific behaviors Windows services should have, and block them if they are doing something unexpected (ie, via an exploited vulnerability). Windows Firewall also protects the computer by blocking certain outgoing messages to help prevent the computer against certain port scanning attacks."
Outbound filtering can be configured to provide an additional layer of security and it does provide corporate and business administrators control over applications (i.e. peer-to-peer file sharing) they may want to restrict. Any such applications that require outbound access must be added to the rules list by using the firewall with the Advanced Security Microsoft Management Console (MMC). Configuration may be confusing for some and there is no practical way to to configure outbound filtering to stop all unwanted outbound connections. Inbound filtering can be turned on or off and through various tabs and configuration settings.
For more specific information about configuration and security, please refer to these articles:
For an independent review read these articles (some include a response by Microsoft regarding outbound filtering as quoted above):Windows 7 Firewall
is similar to Vista and also offers two-way filtering for inbound and outbound traffic. However, Windows 7 adds a few new features in the firewall and related network-safety areas such as separate configuration settings for private (Home or Work) and public networks.
What's new in the Windows 7 Firewall?
The Vista firewall was built on a new Windows Filtering Platform (WFP) and added the ability to filter outbound traffic via the Advanced Security MMC snap-in. With Windows 7, Microsoft has tweaked the firewall further and made it much more useable, especially on mobile computers, by adding support for multiple active firewall policies.
The Windows 7 Firewall refines the much-improved firewall that was included in Windows Vista, and brings its "hidden" advanced features out into the open. Many users, including some IT professionals, were unaware that you could filter outbound traffic, monitor and otherwise perform advanced configuration tasks for the Vista firewall, because none of that was apparent from the Firewall applet in Control Panel. With Windows 7, Microsoft has created a built-in host firewall that is much more functional than its predecessors and now poses a viable alternative to third party host firewall products.
What's new in the Windows 7 Firewall?
As with Vista, the basic settings for the Windows 7 firewall are accessed via the Control Panel applet. Unlike Vista, you can also access the advanced settings (including configuration of filtering for outbound connections) through the Control Panel instead of having to create an empty MMC and add a snap-in...
The Vista firewall allows you to choose whether you are on a public or private network. With Windows 7, you have three choices - public network, home network or work network. The two latter options are treated as private networks...With all network types, by default the Windows 7 firewall blocks connections to programs that are not on the list of allowed programs. Windows 7 allows you to configure the settings for each network type separately,...
For information about using the Windows 7 firewall, managing settings, block programs from accessing the Internet, open/close ports or disabling firewall notifications, please refer to:
For an independent review read:
Edited by quietman7, 05 November 2010 - 02:29 PM.