Microsoft Windows Vista includes a two-way firewall. TO THE TOP

February 14, 2009

Some of us want to choose what "gets out" and what doesn't. And this info

doesn't work since there is nowhere to make such a change in the Windows

Firewall window that comes up. Configure it - HOW? Can someone explain how

it's configured to actually work without being a programmer writing strange

unknown confusing rules for everything that wants to connect to the net? If

not, can someone recommend a good free easy to use two-way FireWall like

ZoneAlarm that's compatible with Vista? Thanks.

http://www.vistastic.com/2007/03/09/window...ound-filtering/

I bet you didn't know that Microsoft Windows Vista includes a two-way

firewall.

Unfortunately, the outbound filtering has been disabled. I'm not quite sure

why Microsoft made this decision but from a security point of view it would

have made perfect sense to have it enabled by default. I suspect it's due to

Microsoft not wanting to frustrate customers when their internet dependent

applications suddenly stopped working.

Windows Vista Firewall: How To Turn On Outbound Filtering

Click the Start Button (Windows Orb)

In the search bar type "wf.msc" and press the Enter key

Click the Windows Firewall Properties link

Change Outbound connections from Allow (default) to Block

From the Windows Firewall with Advanced Security properties you can also

configure additional rules for incoming as well as outbound connections.

February 14, 2009

On Sat, 14 Feb 2009 02:15:33 -0600, I.C. Greenfields wrote:

> Some of us want to choose what "gets out" and what doesn't. And this info

> doesn't work since there is nowhere to make such a change in the Windows

> Firewall window that comes up. Configure it - HOW? Can someone explain how

> it's configured to actually work without being a programmer writing strange

> unknown confusing rules for everything that wants to connect to the net? If

> not, can someone recommend a good free easy to use two-way FireWall like

> ZoneAlarm that's compatible with Vista? Thanks.

>

> http://www.vistastic.com/2007/03/09/window...ound-filtering/

> I bet you didn't know that Microsoft Windows Vista includes a two-way

> firewall.

>

> Unfortunately, the outbound filtering has been disabled. I'm not quite sure

> why Microsoft made this decision but from a security point of view it would

> have made perfect sense to have it enabled by default. I suspect it's due to

> Microsoft not wanting to frustrate customers when their internet dependent

> applications suddenly stopped working.

> Windows Vista Firewall: How To Turn On Outbound Filtering

>

> Click the Start Button (Windows Orb)

> In the search bar type "wf.msc" and press the Enter key

> Click the Windows Firewall Properties link

> Change Outbound connections from Allow (default) to Block

>

> From the Windows Firewall with Advanced Security properties you can also

> configure additional rules for incoming as well as outbound connections.

You are not going to find anything better than the Vista FW and Vista in

itself due to the advanced features the FW and Vista are using.

Vista by default contains 82 default filters that prevent 34 services from

communicating out other than on a very narrow set of defined ports.

PFW Criticism.

http://en.wikipedia.org/wiki/Personal_firewall#Criticisms

Jesper's Blogs-

At Least This Snake Oil Is Free.

http://msinfluentials.com/blogs/jesper/arc...il-is-free.aspx

Exploring The Windows Firewall.

http://www.microsoft.com/technet/technetma...ll/default.aspx

Tap into the Vista firewall's advanced configuration features

http://articles.techrepublic.com.com/5100-10877-6098592.html

Configure Vista Firewall to support outbound packet filtering

http://searchwindowssecurity.techtarget.co...1247138,00.html

Easy guide to make Windows Firewall better in Windows Vista.

http://www.expertvista.com/2009/01/08/twea...ndows-firewall/

SolutionBase: Take a look at the Windows Vista Firewall

http://articles.techrepublic.com.com/5100-...?tag=rbxccnbtr1

Windows Firewall: the best new security feature in Vista?

http://blogs.technet.com/jesper_johansson/.../01/426921.aspx

Managing the Windows Vista Firewall

http://technet.microsoft.com/en-us/magazine/cc510323.aspx

(read twice!)

Vista Firewall Control (Free versions available).

Protects your applications from undesirable network incoming and outgoing

activity, controls applications internet access.

http://sphinx-soft.com/Vista/

The free version may be all you need, check the comparisons under

the "Download and Buy" link.

February 14, 2009

In article <eUpWrxnjJHA.1168@TK2MSFTNGP05.phx.gbl>, none@nospam.net

says...

>

> Unfortunately, the outbound filtering has been disabled. I'm not quite sure

> why Microsoft made this decision but from a security point of view it would

> have made perfect sense to have it enabled by default. I suspect it's due to

> Microsoft not wanting to frustrate customers when their internet dependent

> applications suddenly stopped working.

Who need and want to turn it on will also know how to do it.

The opposite would make trouble to huge number of nontech people.

Clicking allow/deny while having no idea what I exactly did

is not more secure and can mess windows alot.

--

Poutnik

February 14, 2009

"I.C. Greenfields" wrote

> Some of us want to choose what "gets out" and what doesn't. And this info

> doesn't work since there is nowhere to make such a change in the Windows

> Firewall window that comes up. Configure it - HOW? Can someone explain

> how it's configured to actually work without being a programmer writing

> strange unknown confusing rules for everything that wants to connect to

> the net? If not, can someone recommend a good free easy to use two-way

> FireWall like ZoneAlarm that's compatible with Vista? Thanks.

>

> http://www.vistastic.com/2007/03/09/window...ound-filtering/

> I bet you didn't know that Microsoft Windows Vista includes a two-way

> firewall.

>

> Unfortunately, the outbound filtering has been disabled. I'm not quite

> sure why Microsoft made this decision but from a security point of view it

> would have made perfect sense to have it enabled by default. I suspect

> it's due to Microsoft not wanting to frustrate customers when their

> internet dependent applications suddenly stopped working.

> Windows Vista Firewall: How To Turn On Outbound Filtering

>

> Click the Start Button (Windows Orb)

> In the search bar type "wf.msc" and press the Enter key

> Click the Windows Firewall Properties link

> Change Outbound connections from Allow (default) to Block

>

> From the Windows Firewall with Advanced Security properties you can also

> configure additional rules for incoming as well as outbound connections.

Check this

http://www.sphinx-soft.com/Vista/index.html

Q

February 14, 2009

"I.C. Greenfields" <none@nospam.net> wrote in message

news:eUpWrxnjJHA.1168@TK2MSFTNGP05.phx.gbl...

> Some of us want to choose what "gets out" and what doesn't. And this info

> doesn't work since there is nowhere to make such a change in the Windows

> Firewall window that comes up. Configure it - HOW? Can someone explain

> how it's configured to actually work without being a programmer writing

> strange unknown confusing rules for everything that wants to connect to

> the net? If not, can someone recommend a good free easy to use two-way

> FireWall like ZoneAlarm that's compatible with Vista? Thanks.

>

> http://www.vistastic.com/2007/03/09/window...ound-filtering/

> I bet you didn't know that Microsoft Windows Vista includes a two-way

> firewall.

Windows Firewall with Advanced Security includes an API that allows

services, applications, and installers to write their own ticket through the

firewall. In other words, they can add themselves to the exclusions list.

http://msdn.microsoft.com/en-us/library/aa366453(VS.85).aspx

So, it doesn't really do what most people think it does.

The key to not having programs make outbound connections, or opening up

ports for receiving unsolicited inbound traffic, is to not run those

programs on

the machine.

Third party firewalls don't make it that easy - but they don't make it

much

harder either. They provide the illusion that they can stop outbound

traffic.

February 14, 2009

Re: Microsoft Windows Vista includes a two-way firewall. TO THETOP

I.C. Greenfields wrote:

> Some of us want to choose what "gets out" and what doesn't. And this

> info doesn't work since there is nowhere to make such a change in the

> Windows Firewall window that comes up. Configure it - HOW? Can someone

> explain how it's configured to actually work without being a programmer

> writing strange unknown confusing rules for everything that wants to

> connect to the net? If not, can someone recommend a good free easy to

> use two-way FireWall like ZoneAlarm that's compatible with Vista? Thanks.

>

> http://www.vistastic.com/2007/03/09/window...ound-filtering/

>

> I bet you didn't know that Microsoft Windows Vista includes a two-way

> firewall.

>

> Unfortunately, the outbound filtering has been disabled. I'm not quite

> sure why Microsoft made this decision but from a security point of view

> it would have made perfect sense to have it enabled by default. I

> suspect it's due to Microsoft not wanting to frustrate customers when

> their internet dependent applications suddenly stopped working.

> Windows Vista Firewall: How To Turn On Outbound Filtering

>

> Click the Start Button (Windows Orb)

> In the search bar type "wf.msc" and press the Enter key

> Click the Windows Firewall Properties link

> Change Outbound connections from Allow (default) to Block

>

> From the Windows Firewall with Advanced Security properties you can

> also configure additional rules for incoming as well as outbound

> connections.

MS does not want you to stop them from phoning home. Yet another way

for them to prevent you from having control over your own computer.

--

"Software is like sex, it's better when it's free."

- Linus Torvalds

DRM and unintended consequences:

http://blogs.techrepublic.com.com/security...435&tag=nl.e101

February 14, 2009

"FromTheRafters" <erratic@nomail.afraid.org> wrote in message

news:OEciVUqjJHA.4880@TK2MSFTNGP02.phx.gbl...

>

> "I.C. Greenfields" <none@nospam.net> wrote in message

> news:eUpWrxnjJHA.1168@TK2MSFTNGP05.phx.gbl...

>> Some of us want to choose what "gets out" and what doesn't. And this

>> info doesn't work since there is nowhere to make such a change in the

>> Windows Firewall window that comes up. Configure it - HOW? Can someone

>> explain how it's configured to actually work without being a programmer

>> writing strange unknown confusing rules for everything that wants to

>> connect to the net? If not, can someone recommend a good free easy to use

>> two-way FireWall like ZoneAlarm that's compatible with Vista? Thanks.

>>

>> http://www.vistastic.com/2007/03/09/window...ound-filtering/

>> I bet you didn't know that Microsoft Windows Vista includes a two-way

>> firewall.

>

> Windows Firewall with Advanced Security includes an API that allows

> services, applications, and installers to write their own ticket through

> the

> firewall. In other words, they can add themselves to the exclusions list.

>

> http://msdn.microsoft.com/en-us/library/aa366453(VS.85).aspx

>

> So, it doesn't really do what most people think it does.

>

> The key to not having programs make outbound connections, or opening up

> ports for receiving unsolicited inbound traffic, is to not run those

> programs on

> the machine.

>

> Third party firewalls don't make it that easy - but they don't make it

> much

> harder either. They provide the illusion that they can stop outbound

> traffic.

Which is why I never use the Windows firewall. Every app thinks they are

special and should be able to contact big brother with news about me and

retrieve info on things they feel I need. Some companies are especially bad.

I know because I don't use Windows firewall so I see the requests and deny

them. Over the years it seems to have gotten much worse.

--

Richard Mueller

MVP Directory Services

Hilltop Lab - http://www.rlmueller.net

--

February 14, 2009

Re: Microsoft Windows Vista includes a two-way firewall. TO THETOP

I.C. Greenfields wrote:

> Some of us want to choose what "gets out" and what doesn't. And this

> info doesn't work since there is nowhere to make such a change in the

> Windows Firewall window that comes up. Configure it - HOW? Can someone

> explain how it's configured to actually work without being a programmer

> writing strange unknown confusing rules for everything that wants to

> connect to the net? If not, can someone recommend a good free easy to

> use two-way FireWall like ZoneAlarm that's compatible with Vista? Thanks.

>

> http://www.vistastic.com/2007/03/09/window...ound-filtering/

>

> I bet you didn't know that Microsoft Windows Vista includes a two-way

> firewall.

>

> Unfortunately, the outbound filtering has been disabled. I'm not quite

> sure why Microsoft made this decision but from a security point of view

> it would have made perfect sense to have it enabled by default. I

> suspect it's due to Microsoft not wanting to frustrate customers when

> their internet dependent applications suddenly stopped working.

> Windows Vista Firewall: How To Turn On Outbound Filtering

>

> Click the Start Button (Windows Orb)

> In the search bar type "wf.msc" and press the Enter key

> Click the Windows Firewall Properties link

> Change Outbound connections from Allow (default) to Block

>

> From the Windows Firewall with Advanced Security properties you can

> also configure additional rules for incoming as well as outbound

> connections.

This is very old "news." For instance, from a post of my own, back in

June of 2007:

Vista's built-in Windows Firewall is adequate for most users, but

not particularly easy to configure. Vista's built-in firewall, although

superior to that of WinXP, is of a rudimentary nature, intended to meet

the simpler needs of most home consumers (or business/enterprise clients

already ensconced behind more advanced perimeter defenses).

One 3rd-party add-on (Sphinx's Vista Firewall Control

http://sphinx-soft.com/Vista/) might make the Vista Firewall a bit more

useful to you, but nothing but a completely independent product will be

able to provide the detailed control you want.

There are two interfaces for Vistas built-in firewall:

1) A simplified one accessed through the Control Panel that is the only

one most people see.

2) And the more advanced "Windows Firewall with Advanced Security

(WF.msc)," accessed via the Start Menu's Administrative Tools folder,

for the experienced user who wants better control.

--

Bruce Chambers

Help us help you:

http://www.catb.org/~esr/faqs/smart-questions.html

http://support.microsoft.com/default.aspx/kb/555375

They that can give up essential liberty to obtain a little temporary

safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has

killed a great many philosophers.

~ Denis Diderot

February 14, 2009

On Sat, 14 Feb 2009 09:55:40 -0600, "Richard Mueller [MVP]"

<rlmueller-nospam@ameritech.nospam.net> wrote:

>

>"FromTheRafters" <erratic@nomail.afraid.org> wrote in message

>news:OEciVUqjJHA.4880@TK2MSFTNGP02.phx.gbl...

>>

>> "I.C. Greenfields" <none@nospam.net> wrote in message

>> news:eUpWrxnjJHA.1168@TK2MSFTNGP05.phx.gbl...

>>> Some of us want to choose what "gets out" and what doesn't. And this

>>> info doesn't work since there is nowhere to make such a change in the

>>> Windows Firewall window that comes up. Configure it - HOW? Can someone

>>> explain how it's configured to actually work without being a programmer

>>> writing strange unknown confusing rules for everything that wants to

>>> connect to the net? If not, can someone recommend a good free easy to use

>>> two-way FireWall like ZoneAlarm that's compatible with Vista? Thanks.

>>>

>>> http://www.vistastic.com/2007/03/09/window...ound-filtering/

>>> I bet you didn't know that Microsoft Windows Vista includes a two-way

>>> firewall.

>>

>> Windows Firewall with Advanced Security includes an API that allows

>> services, applications, and installers to write their own ticket through

>> the

>> firewall. In other words, they can add themselves to the exclusions list.

>>

>> http://msdn.microsoft.com/en-us/library/aa366453(VS.85).aspx

>>

>> So, it doesn't really do what most people think it does.

>>

>> The key to not having programs make outbound connections, or opening up

>> ports for receiving unsolicited inbound traffic, is to not run those

>> programs on

>> the machine.

>>

>> Third party firewalls don't make it that easy - but they don't make it

>> much

>> harder either. They provide the illusion that they can stop outbound

>> traffic.

>

>Which is why I never use the Windows firewall. Every app thinks they are

>special and should be able to contact big brother with news about me and

>retrieve info on things they feel I need. Some companies are especially bad.

>I know because I don't use Windows firewall so I see the requests and deny

>them. Over the years it seems to have gotten much worse.

>

>--

>Richard Mueller

>MVP Directory Services

>Hilltop Lab - http://www.rlmueller.net

Have you had to update your tinfoil beanie or is the original one

working OK?

February 14, 2009

Re: Microsoft Windows Vista includes a two-way firewall. TO THETOP

Jim Moriarty wrote:

> On Sat, 14 Feb 2009 09:55:40 -0600, "Richard Mueller [MVP]"

> <rlmueller-nospam@ameritech.nospam.net> wrote:

>

>> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message

>> news:OEciVUqjJHA.4880@TK2MSFTNGP02.phx.gbl...

>>> "I.C. Greenfields" <none@nospam.net> wrote in message

>>> news:eUpWrxnjJHA.1168@TK2MSFTNGP05.phx.gbl...

>>>> Some of us want to choose what "gets out" and what doesn't. And this

>>>> info doesn't work since there is nowhere to make such a change in the

>>>> Windows Firewall window that comes up. Configure it - HOW? Can someone

>>>> explain how it's configured to actually work without being a programmer

>>>> writing strange unknown confusing rules for everything that wants to

>>>> connect to the net? If not, can someone recommend a good free easy to use

>>>> two-way FireWall like ZoneAlarm that's compatible with Vista? Thanks.

>>>>

>>>> http://www.vistastic.com/2007/03/09/window...ound-filtering/

>>>> I bet you didn't know that Microsoft Windows Vista includes a two-way

>>>> firewall.

>>> Windows Firewall with Advanced Security includes an API that allows

>>> services, applications, and installers to write their own ticket through

>>> the

>>> firewall. In other words, they can add themselves to the exclusions list.

>>>

>>> http://msdn.microsoft.com/en-us/library/aa366453(VS.85).aspx

>>>

>>> So, it doesn't really do what most people think it does.

>>>

>>> The key to not having programs make outbound connections, or opening up

>>> ports for receiving unsolicited inbound traffic, is to not run those

>>> programs on

>>> the machine.

>>>

>>> Third party firewalls don't make it that easy - but they don't make it

>>> much

>>> harder either. They provide the illusion that they can stop outbound

>>> traffic.

>> Which is why I never use the Windows firewall. Every app thinks they are

>> special and should be able to contact big brother with news about me and

>> retrieve info on things they feel I need. Some companies are especially bad.

>> I know because I don't use Windows firewall so I see the requests and deny

>> them. Over the years it seems to have gotten much worse.

>>

>> --

>> Richard Mueller

>> MVP Directory Services

>> Hilltop Lab - http://www.rlmueller.net

>

> Have you had to update your tinfoil beanie or is the original one

> working OK?

And this person is an MVP? He should not speak of FW technology that's

for sure. He must have been on Gibson's site all of this time and became

paranoid.

February 15, 2009

"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in

message news:eSb72yrjJHA.6124@TK2MSFTNGP02.phx.gbl...

>

> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message

> news:OEciVUqjJHA.4880@TK2MSFTNGP02.phx.gbl...

>>

>> "I.C. Greenfields" <none@nospam.net> wrote in message

>> news:eUpWrxnjJHA.1168@TK2MSFTNGP05.phx.gbl...

>>> Some of us want to choose what "gets out" and what doesn't. And this

>>> info doesn't work since there is nowhere to make such a change in the

>>> Windows Firewall window that comes up. Configure it - HOW? Can someone

>>> explain how it's configured to actually work without being a programmer

>>> writing strange unknown confusing rules for everything that wants to

>>> connect to the net? If not, can someone recommend a good free easy to

>>> use two-way FireWall like ZoneAlarm that's compatible with Vista?

>>> Thanks.

>>>

>>> http://www.vistastic.com/2007/03/09/window...ound-filtering/

>>> I bet you didn't know that Microsoft Windows Vista includes a two-way

>>> firewall.

>>

>> Windows Firewall with Advanced Security includes an API that allows

>> services, applications, and installers to write their own ticket through

>> the

>> firewall. In other words, they can add themselves to the exclusions list.

>>

>> http://msdn.microsoft.com/en-us/library/aa366453(VS.85).aspx

>>

>> So, it doesn't really do what most people think it does.

>>

>> The key to not having programs make outbound connections, or opening up

>> ports for receiving unsolicited inbound traffic, is to not run those

>> programs on

>> the machine.

>>

>> Third party firewalls don't make it that easy - but they don't make it

>> much

>> harder either. They provide the illusion that they can stop outbound

>> traffic.

>

> Which is why I never use the Windows firewall. Every app thinks they are

> special and should be able to contact big brother with news about me and

> retrieve info on things they feel I need. Some companies are especially

> bad. I know because I don't use Windows firewall so I see the requests and

> deny them. Over the years it seems to have gotten much worse.

I think it comes down to trust. If you don't trust a program - don't execute

it.

If you do trust it, let it do whatever it is programmed to do. By all

means,

traffic should be logged - audit trails are good to have. Maybe an alert

from

a daemon, or even outright blocking of attempts to 'phone home' are a good

thing too. But this isn't really how one should judge the value of a

software

firewall.

February 15, 2009

Re: Microsoft Windows Vista includes a two-way firewall. TO THETOP

On Sat, 14 Feb 2009 21:31:29 -0500, mayayana wrote:

>>>> Which is why I never use the Windows firewall. Every app thinks they

> are

>>>> special and should be able to contact big brother with news about me

> and

>>>> retrieve info on things they feel I need. Some companies are especially

> bad.

>>>> I know because I don't use Windows firewall so I see the requests and

> deny

>>>> them. Over the years it seems to have gotten much worse.

>>>>

>>> Have you had to update your tinfoil beanie or is the original one

>>> working OK?

>>

>> And this person is an MVP? He should not speak of FW technology that's

>> for sure. He must have been on Gibson's site all of this time and became

>> paranoid.

>

> Why are people who want more privacy than you

> do by definition paranoid and unbalanced? A PC is

> private property. Why should any Tom, Dick, or Microsoft

> be allowed to disrespect that boundary?

>

> And what about the malware problem? How do you

> think "bot herders" manage to maintain herds in the

> hundreds of thousands? IE holes might get them onto

> a PC, but the malware still has to call out if it's going

> to follow the bot herder's orders. It's a safe bet that

> those zombie boxes are not running 2-way firewalls.

Managing the Windows Vista Firewall

http://technet.microsoft.com/en-us/magazine/cc510323.aspx

(read twice!)

> For another angle, some might find this

> recent Wired article interesting:

> http://blog.wired.com/business/2009/02/why-googles-sof.html

>

> Appparently Google has decided it's not enough to

> install "crapware-trackware" to anyone who's fool enough

> to take it. Now they're installing their alleged software

> updater as an always-running service ... without permission.

You are either misinformed or don't fully understand the issue.

Prior installing a program read the EULA and if you don't trust a

particular program than don't install it! Simple, really.

February 15, 2009

Re: Microsoft Windows Vista includes a two-way firewall. TO THETOP

Kayman have said in previous article, that...

>

> You are either misinformed or don't fully understand the issue.

> Prior installing a program read the EULA and if you don't trust a

> particular program than don't install it! Simple, really.

Not sure, if mentioned in thread,

but there also non security reasons,

why one can want to manage outgoing connections.

--

Poutnik

February 18, 2009

"FromTheRafters" <erratic@nomail.afraid.org> wrote:

> "Richard Mueller [MVP]" wrote

>> "FromTheRafters" <erratic@nomail.afraid.org> wrote

>>> "I.C. Greenfields" <none@nospam.net> wrote

>>>> Some of us want to choose what "gets out" and what doesn't.

>>>> And this info doesn't work since there is nowhere to make such

>>>> a change in the Windows Firewall window that comes up.

>>>> Configure it - HOW? Can someone explain how it's configured to

>>>> actually work without being a programmer writing strange

>>>> unknown confusing rules for everything that wants to connect to

>>>> the net? If not, can someone recommend a good free easy to

>>>> use two-way FireWall like ZoneAlarm that's compatible with

>>>> Vista? Thanks.

>>>>

>>>> http://www.vistastic.com/2007/03/09/window...ound-filtering/

>>>> I bet you didn't know that Microsoft Windows Vista includes a

>>>> two-way firewall.

>>>

>>> Windows Firewall with Advanced Security includes an API that

>>> allows services, applications, and installers to write their own

>>> ticket through the firewall. In other words, they can add

>>> themselves to the exclusions list.

>>>

>>> http://msdn.microsoft.com/en-us/library/aa366453(VS.85).aspx

Thanks for the information.

>>> So, it doesn't really do what most people think it does.

>>>

>>> The key to not having programs make outbound connections, or

>>> opening up ports for receiving unsolicited inbound traffic, is

>>> to not run those programs on

>>> the machine.

>>>

>>> Third party firewalls don't make it that easy - but they don't

>>> make it much

>>> harder either. They provide the illusion that they can stop

>>> outbound traffic.

Apparently the makers of ZoneAlarm fixed such a problem by

preventing ZoneAlarm from being shut down. After that , I have never

heard an authoritative claim that an application snuck through

ZoneAlarm.

>> Which is why I never use the Windows firewall. Every app thinks

>> they are special and should be able to contact big brother with

>> news about me and retrieve info on things they feel I need. Some

>> companies are especially bad. I know because I don't use Windows

>> firewall so I see the requests and deny them. Over the years it

>> seems to have gotten much worse.

>

> I think it comes down to trust. If you don't trust a program -

> don't execute it. If you do trust it, let it do whatever it is

> programmed to do.

Sounds like a symptom of the ones and zeros disease.

February 18, 2009

On Sat, 14 Feb 2009 09:55:40 -0600, "Richard Mueller [MVP]"

<rlmueller-nospam@ameritech.nospam.net> wrote:

>Every app thinks they are special and should be able to contact big brother

>with news about me

"news about you" - got any evidence of that or are you just being

paranoid?

>and retrieve info on things they feel I need.

Like product updates that might be security related? You're just

shooting yourself in the foot.

>Some companies are especially bad.

Then why do you use their products?

>I know because I don't use Windows firewall so I see the requests and deny

>them. Over the years it seems to have gotten much worse.

Stop whining, please.

February 18, 2009

On Wed, 18 Feb 2009 12:32:02 GMT, John Doe <jdoe@usenetlove.invalid>

wrote:

>Apparently the makers of ZoneAlarm fixed such a problem by

>preventing ZoneAlarm from being shut down.

What makes you believe shutting it down is the only possible way to

circumvent it? And why would malware writers choose a method which

makes you as a user suspicious to what is going on. No, no. They will

of course just circumvent your illusionware why letting you continue

to believe all is fine and well.

>After that , I have never heard an authoritative claim that an application

>snuck through ZoneAlarm.

LOL. Better check your "authoritative" sources then.

>>> Which is why I never use the Windows firewall. Every app thinks

>>> they are special and should be able to contact big brother with

>>> news about me and retrieve info on things they feel I need. Some

>>> companies are especially bad. I know because I don't use Windows

>>> firewall so I see the requests and deny them. Over the years it

>>> seems to have gotten much worse.

>>

>> I think it comes down to trust. If you don't trust a program -

>> don't execute it. If you do trust it, let it do whatever it is

>> programmed to do.

>

>Sounds like a symptom of the ones and zeros disease.

No. Sounds like a well considered response to a problem you don't seem

to fully understand.

February 18, 2009

On Sat, 14 Feb 2009 02:15:33 -0600, "I.C. Greenfields"

<none@nospam.net> wrote:

>http://www.vistastic.com/2007/03/09/window...ound-filtering/

>I bet you didn't know that Microsoft Windows Vista includes a two-way

>firewall.

>

>Unfortunately, the outbound filtering has been disabled.

Who wrote this crap in the first place? That outbound filtering is

completely disabled by default in Vista is one of those lies that

continue to spread unhindered because of ignorance and "common

knowledge". Truth is, several outbound rules are enabled already by

default. Unfortunately, the fact that it doesn't pop up silly messages

like the ones people are getting used to from the usual PFW

illusionwares helps spreading that wrong impression.

February 18, 2009

>

> >Apparently the makers of ZoneAlarm fixed such a problem by

> >preventing ZoneAlarm from being shut down.

>

> What makes you believe shutting it down is the only possible way to

> circumvent it? And why would malware writers choose a method which

> makes you as a user suspicious to what is going on. No, no. They will

> of course just circumvent your illusionware why letting you continue

> to believe all is fine and well.

>

That's quite a strong statement to make, implying

that 2-way firewalls are basically useless. If you're

going to claim that you should provide some evidence

and explanation. Otherwise you're just adding confusion.

In my experience, ZA has no trouble blocking unauthorized

software from going online. There is a wrinkle, though,

with XP. XP, and NT systems in general, are a security risk

in that they're designed as corporate workstations, with

various vulnerable network-related services that are

unnecessary on Win9x but are typically running, and may

even be critical, on NT (RPC, for example.)

Complicating matters, Microsoft shrouds a number of

services in the svchost.exe process, which can run in

multiple instances. So if you allow svchost through the

firewall it's not so easy to know exactly what you're

allowing. And ZA can't differentiate between the actual

processes running under the svchost "hat".

That wouldn't be a problem if you just block svchost altogether,

except that if you block svchost and use highspeed then you

may block a service critical to your connection! So in most

cases it's difficult to really block Microsoft's stuff and control what

goes out on NT systems. (NT4,2000,XP,Vista.)

Another complication involving different ZA versions:

If you use the earlier ZA versions that were compatible

with XP (v. 2.6.x) you can block svchost, but as noted above,

that might be a problem on highspeed.

With later versions of ZA, ZoneLabs apparently cooperated

with Microsoft and will override your settings. Later versions will

put svchost into the allowed list without telling you, and

put it back again if you remove it. However, I think that someone

using dial-up, and using ZA 2.6 could block all outgoing MS

processes. (Though I don't know whether v. 2.6 runs on Vista.)

I haven't tried more recent versions of ZA. It bloated from

a 2 MB program to a monstrosity of 50 MB in recent versions.

Personally I'd look elsewhere these days if I felt a need for a

new firewall and for some reason didn't think ZA 2.6 was

adequate.

February 18, 2009

On Wed, 18 Feb 2009 10:18:05 -0500, "mayayana" <mayayaXXna@rcXXn.com>

wrote:

>

> Complicating matters, Microsoft shrouds a number of

>services in the svchost.exe process, which can run in

>multiple instances. So if you allow svchost through the

>firewall it's not so easy to know exactly what you're

>allowing. And ZA can't differentiate between the actual

>processes running under the svchost "hat".

Oh, but you don't have to worry about that anymore, because MS's

magical Vista firewall will figure out that programs are hiding as

svchost and stop them! (Right after the Easter Bunny drops in on a

flying pig and brings you your chocolate eggs).

February 18, 2009

On Wed, 18 Feb 2009 14:23:01 +0100, Root Kit <b__nice@hotmail.com>

wrote:

>>Unfortunately, the outbound filtering has been disabled.

>

>Who wrote this crap in the first place? That outbound filtering is

>completely disabled by default in Vista is one of those lies that

>continue to spread unhindered because of ignorance and "common

>knowledge". Truth is, several outbound rules are enabled already by

>default. Unfortunately, the fact that it doesn't pop up silly messages

>like the ones people are getting used to from the usual PFW

>illusionwares helps spreading that wrong impression.

Actually, it's the fact that MS lets all of it's programs, as well as

most others, phone home whenever they want to that bugs most people.

No one objects to actual security (but then again, running MS Windows,

few people have illusions about that).

February 18, 2009

Re: Microsoft Windows Vista includes a two-way firewall. TO THETOP

+Bob+ wrote:

> On Wed, 18 Feb 2009 10:18:05 -0500, "mayayana" <mayayaXXna@rcXXn.com>

> wrote:

>

>> Complicating matters, Microsoft shrouds a number of

>> services in the svchost.exe process, which can run in

>> multiple instances. So if you allow svchost through the

>> firewall it's not so easy to know exactly what you're

>> allowing. And ZA can't differentiate between the actual

>> processes running under the svchost "hat".

>

> Oh, but you don't have to worry about that anymore, because MS's

> magical Vista firewall will figure out that programs are hiding as

> svchost and stop them! (Right after the Easter Bunny drops in on a

> flying pig and brings you your chocolate eggs).

>

>

Is this suppose to be some kind of a joke here, because you seem serious?

It's not a host based packet filer/FW's job to figure out what is

running on the computer, which those snake-oil solution personal

firewalls try to figure out, stop things, and they can't.

A host based packet filter such a Vista FW/packet filter's job is to

stop unsolicited inbound traffic by port, protocol, IP etc. And it does

the same on outbound by setting outbound rules.

February 18, 2009

"John Doe" <jdoe@usenetlove.invalid> wrote in message

news:6dTml.10887$hc1.1606@flpi150.ffdc.sbc.com...

> "FromTheRafters" <erratic@nomail.afraid.org> wrote:

>

>> "Richard Mueller [MVP]" wrote

>

>>> "FromTheRafters" <erratic@nomail.afraid.org> wrote

>

>>>> "I.C. Greenfields" <none@nospam.net> wrote

>

>>>>> Some of us want to choose what "gets out" and what

>>>>> doesn't.

>>>>> And this info doesn't work since there is nowhere to

>>>>> make such

>>>>> a change in the Windows Firewall window that comes up.

>>>>> Configure it - HOW? Can someone explain how it's

>>>>> configured to

>>>>> actually work without being a programmer writing

>>>>> strange

>>>>> unknown confusing rules for everything that wants to

>>>>> connect to

>>>>> the net? If not, can someone recommend a good free

>>>>> easy to

>>>>> use two-way FireWall like ZoneAlarm that's compatible

>>>>> with

>>>>> Vista? Thanks.

>>>>>

>>>>> http://www.vistastic.com/2007/03/09/window...ound-filtering/

>>>>> I bet you didn't know that Microsoft Windows Vista

>>>>> includes a

>>>>> two-way firewall.

>>>>

>>>> Windows Firewall with Advanced Security includes an API

>>>> that

>>>> allows services, applications, and installers to write

>>>> their own

>>>> ticket through the firewall. In other words, they can

>>>> add

>>>> themselves to the exclusions list.

>>>>

>>>> http://msdn.microsoft.com/en-us/library/aa366453(VS.85).aspx

>

> Thanks for the information.

>

>>>> So, it doesn't really do what most people think it

>>>> does.

>>>>

>>>> The key to not having programs make outbound

>>>> connections, or

>>>> opening up ports for receiving unsolicited inbound

>>>> traffic, is

>>>> to not run those programs on

>>>> the machine.

>>>>

>>>> Third party firewalls don't make it that easy - but

>>>> they don't

>>>> make it much

>>>> harder either. They provide the illusion that they can

>>>> stop

>>>> outbound traffic.

>

> Apparently the makers of ZoneAlarm fixed such a problem by

> preventing ZoneAlarm from being shut down. After that , I

> have never

> heard an authoritative claim that an application snuck

> through

> ZoneAlarm.

>

>>> Which is why I never use the Windows firewall. Every app

>>> thinks

>>> they are special and should be able to contact big

>>> brother with

>>> news about me and retrieve info on things they feel I

>>> need. Some

>>> companies are especially bad. I know because I don't use

>>> Windows

>>> firewall so I see the requests and deny them. Over the

>>> years it

>>> seems to have gotten much worse.

>>

>> I think it comes down to trust. If you don't trust a

>> program -

>> don't execute it. If you do trust it, let it do

>> whatever it is

>> programmed to do.

>

> Sounds like a symptom of the ones and zeros disease.

When there is no "grey area" ones and zeroes describe things

accurately.

February 18, 2009

Re: Microsoft Windows Vista includes a two-way firewall. TO THETOP

FromTheRafters wrote:

> "John Doe" <jdoe@usenetlove.invalid> wrote in message

> news:6dTml.10887$hc1.1606@flpi150.ffdc.sbc.com...

>> "FromTheRafters" <erratic@nomail.afraid.org> wrote:

>>

>>> "Richard Mueller [MVP]" wrote

>>>> "FromTheRafters" <erratic@nomail.afraid.org> wrote

>>>>> "I.C. Greenfields" <none@nospam.net> wrote

>>>>>> Some of us want to choose what "gets out" and what

>>>>>> doesn't.

>>>>>> And this info doesn't work since there is nowhere to

>>>>>> make such

>>>>>> a change in the Windows Firewall window that comes up.

>>>>>> Configure it - HOW? Can someone explain how it's

>>>>>> configured to

>>>>>> actually work without being a programmer writing

>>>>>> strange

>>>>>> unknown confusing rules for everything that wants to

>>>>>> connect to

>>>>>> the net? If not, can someone recommend a good free

>>>>>> easy to

>>>>>> use two-way FireWall like ZoneAlarm that's compatible

>>>>>> with

>>>>>> Vista? Thanks.

>>>>>>

>>>>>> http://www.vistastic.com/2007/03/09/window...ound-filtering/

>>>>>> I bet you didn't know that Microsoft Windows Vista

>>>>>> includes a

>>>>>> two-way firewall.

>>>>> Windows Firewall with Advanced Security includes an API

>>>>> that

>>>>> allows services, applications, and installers to write

>>>>> their own

>>>>> ticket through the firewall. In other words, they can

>>>>> add

>>>>> themselves to the exclusions list.

>>>>>

>>>>> http://msdn.microsoft.com/en-us/library/aa366453(VS.85).aspx

>> Thanks for the information.

>>

>>>>> So, it doesn't really do what most people think it

>>>>> does.

>>>>>

>>>>> The key to not having programs make outbound

>>>>> connections, or

>>>>> opening up ports for receiving unsolicited inbound

>>>>> traffic, is

>>>>> to not run those programs on

>>>>> the machine.

>>>>>

>>>>> Third party firewalls don't make it that easy - but

>>>>> they don't

>>>>> make it much

>>>>> harder either. They provide the illusion that they can

>>>>> stop

>>>>> outbound traffic.

>> Apparently the makers of ZoneAlarm fixed such a problem by

>> preventing ZoneAlarm from being shut down. After that , I

>> have never

>> heard an authoritative claim that an application snuck

>> through

>> ZoneAlarm.

>>

>>>> Which is why I never use the Windows firewall. Every app

>>>> thinks

>>>> they are special and should be able to contact big

>>>> brother with

>>>> news about me and retrieve info on things they feel I

>>>> need. Some

>>>> companies are especially bad. I know because I don't use

>>>> Windows

>>>> firewall so I see the requests and deny them. Over the

>>>> years it

>>>> seems to have gotten much worse.

>>> I think it comes down to trust. If you don't trust a

>>> program -

>>> don't execute it. If you do trust it, let it do

>>> whatever it is

>>> programmed to do.

>> Sounds like a symptom of the ones and zeros disease.

>

> When there is no "grey area" ones and zeroes describe things

> accurately.

>

>

http://www.securityfocus.com/infocus/1839/1

February 19, 2009

"Jack the Ripper" <Jack@Rripper.com> wrote in message

news:%235XoHyhkJHA.1172@TK2MSFTNGP04.phx.gbl...

> FromTheRafters wrote:

>> "John Doe" <jdoe@usenetlove.invalid> wrote in message

>> news:6dTml.10887$hc1.1606@flpi150.ffdc.sbc.com...

>>> "FromTheRafters" <erratic@nomail.afraid.org> wrote:

>>>

>>>> "Richard Mueller [MVP]" wrote

>>>>> "FromTheRafters" <erratic@nomail.afraid.org> wrote

>>>>>> "I.C. Greenfields" <none@nospam.net> wrote

>>>>>>> Some of us want to choose what "gets out" and what

>>>>>>> doesn't.

>>>>>>> And this info doesn't work since there is nowhere to

>>>>>>> make such

>>>>>>> a change in the Windows Firewall window that comes

>>>>>>> up.

>>>>>>> Configure it - HOW? Can someone explain how it's

>>>>>>> configured to

>>>>>>> actually work without being a programmer writing

>>>>>>> strange

>>>>>>> unknown confusing rules for everything that wants to

>>>>>>> connect to

>>>>>>> the net? If not, can someone recommend a good free

>>>>>>> easy to

>>>>>>> use two-way FireWall like ZoneAlarm that's

>>>>>>> compatible with

>>>>>>> Vista? Thanks.

>>>>>>>

>>>>>>> http://www.vistastic.com/2007/03/09/window...ound-filtering/

>>>>>>> I bet you didn't know that Microsoft Windows Vista

>>>>>>> includes a

>>>>>>> two-way firewall.

>>>>>> Windows Firewall with Advanced Security includes an

>>>>>> API that

>>>>>> allows services, applications, and installers to

>>>>>> write their own

>>>>>> ticket through the firewall. In other words, they can

>>>>>> add

>>>>>> themselves to the exclusions list.

>>>>>>

>>>>>> http://msdn.microsoft.com/en-us/library/aa366453(VS.85).aspx

>>> Thanks for the information.

>>>

>>>>>> So, it doesn't really do what most people think it

>>>>>> does.

>>>>>>

>>>>>> The key to not having programs make outbound

>>>>>> connections, or

>>>>>> opening up ports for receiving unsolicited inbound

>>>>>> traffic, is

>>>>>> to not run those programs on

>>>>>> the machine.

>>>>>>

>>>>>> Third party firewalls don't make it that easy - but

>>>>>> they don't

>>>>>> make it much

>>>>>> harder either. They provide the illusion that they

>>>>>> can stop

>>>>>> outbound traffic.

>>> Apparently the makers of ZoneAlarm fixed such a problem

>>> by

>>> preventing ZoneAlarm from being shut down. After that ,

>>> I have never

>>> heard an authoritative claim that an application snuck

>>> through

>>> ZoneAlarm.

>>>

>>>>> Which is why I never use the Windows firewall. Every

>>>>> app thinks

>>>>> they are special and should be able to contact big

>>>>> brother with

>>>>> news about me and retrieve info on things they feel I

>>>>> need. Some

>>>>> companies are especially bad. I know because I don't

>>>>> use Windows

>>>>> firewall so I see the requests and deny them. Over the

>>>>> years it

>>>>> seems to have gotten much worse.

>>>> I think it comes down to trust. If you don't trust a

>>>> program -

>>>> don't execute it. If you do trust it, let it do

>>>> whatever it is

>>>> programmed to do.

>>> Sounds like a symptom of the ones and zeros disease.

>>

>> When there is no "grey area" ones and zeroes describe

>> things accurately.

> http://www.securityfocus.com/infocus/1839/1

Thanks for the link, although I'm not sure why you posted it

here. This poster seemed to imply that there is middle

ground to cover for programs that you trust to play your

video files, yet don't trust to access the internet for

instance. My point is that there is no middle ground - if

you don't trust it to access the internet, don't have it on

your system (who knows what other horrible things it could

be doing that you aren't aware of). There is no problem

having an API that allows a program you have given

permission to execute the ability to configure your

firewall. You indicated your trust when you installed or

executed the program.

In the case of foistware/malware, there is no reason to

assume outbound filtering would catch it in egression.

Houdini demonstrated that a safe isn't designed to keep a

person locked in . When he repeatedly managed to escape

from them, it didn't cause the manufacturers to redesign

their safes to be escape proof. You just have to work within

the safe's specifications.

February 19, 2009

On Wed, 18 Feb 2009 19:59:31 -0500, "FromTheRafters"

<erratic@nomail.afraid.org> wrote:

>Thanks for the link, although I'm not sure why you posted it

>here. This poster seemed to imply that there is middle

>ground to cover for programs that you trust to play your

>video files, yet don't trust to access the internet for

>instance. My point is that there is no middle ground - if

>you don't trust it to access the internet, don't have it on

>your system (who knows what other horrible things it could

>be doing that you aren't aware of).

Nonsense. I run programs that have no need to access the Internet - at

least not unless I want them too. They aren't intrinsically evil

programs, but they also don't need to do internet access unless there

is a specific need for it.

>In the case of foistware/malware, there is no reason to

>assume outbound filtering would catch it in egression.

Some is very sharp (in an evil sense) and no doubt will sneak through.

THen again, some isn't and will be easily trapped. This is like having

a dead bolt on your front door - some thieves are sharp enough to pick

such a lock and will get in. Most will not and move on to easier prey.

Sign In

Microsoft Windows Vista includes a two-way firewall. TO THE TOP

Recommended Posts

Guest I.C. Greenfields

Popular Days

Popular Days

Guest Kayman

Guest Poutnik

Guest Q

Guest FromTheRafters

Guest The poster formerly known as 'Th

Guest Richard Mueller [MVP]

Guest Bruce Chambers

Guest Jim Moriarty

Guest Mr. Arnold

Guest FromTheRafters

Guest Kayman

Guest Poutnik

Guest John Doe

Guest Root Kit

Guest Root Kit

Guest Root Kit

Guest mayayana

Guest +Bob+

Guest +Bob+

Guest Jack the Ripper

Guest FromTheRafters

Guest Jack the Ripper

Guest FromTheRafters

Guest +Bob+

Join the conversation

Browse

Activity

Support