Windows Vista's firewall: cracked plaster?
We've just confirmed what some bloggers have been telling savvy users: Microsoft Windows Vista's outbound firewall is not very effective out of the box.
Windows Vista, according to Microsoft's features list, has a greatly-improved Internet firewall that can block both inbound and outbound unauthorized communication. (XP's firewall only blocked inbound.) The importance of outbound blocking is made clear by looking at the growing number of "zombie" PCs on the Internet, linked in "botnets" controlled by spammers and other miscreants to send out thousands of spam messages, act as servers for criminals, or steal personal information.
A good outbound firewall must assume that a "Trojan horse" program — one that sends an "I'm here, ready to be controlled" message to an attacker — might get on the PC through some unprotected breach, such as software downloaded from a shady website, a USB thumb drive, or another PC on a home network. With that assumption, the firewall should block communications from any program that's not in its list of known, trusted programs, notifying the user that a new program is trying to "reach out" to another computer, and asking the user to explicitly allow or deny it to do so, hopefully supplying enough information to let the user figure out if it's a good or a bad program.
Vista's outbound firewall has no mechanism for this. The only way you can block a bad program is to know it's there (unlikely in the case of a Trojan horse), know its exact name and where it is on your hard drive, then go into an obscure interface in Vista's Computer Administration Control Panel and enter that information. If a malicious program renames or relocates itself (common in the case of malware), your blocking will be rendered ineffective. Vista doesn’t warn you of any of this.
The best firewalls use two built-in lists of programs — those that are OK to allow outbound communications, and others that are definitely not: keyloggers, dialers, mailers, spambots and the like. At the least, a firewall should block any new program it doesn't know about and give the user some help in setting up a rule to block or allow it. Vista's firewall fails this basic requirement.
So, even for Vista users, our usual computer security advice stands: For an extra measure of security, especially where others may use your PC or home network, use a third-party firewall. Most of the major security software companies offer firewalls, or suites containing a firewall. If you use one, be sure to turn off Vista's firewall, as the two may conflict.
— Dean Gallea
Posted by: Tien Khoa Nguyen | May 14, 2008 6:21:04 AM
I have Windows Vista Home Premium initially on my Fujitsu A6020 notebook. After testing Windows Vista Ultimate, I have come to the conclusion that it is how smart you use your computer! In my desire to thoroughly test the effectiveness of the anti-virus software with the firewall, I normally surf a lot of sites. I have found that it is best to keep from installing softwares that are cracked. Install as little as possible. Block everything.
Posted by: Wolf Logan | Aug 7, 2007 6:34:27 PM
I'm afraid the information in this posting is somewhat misleading. Vista's firewall does indeed allow the user to block any unknown program from opening outgoing network connections, although this function is disabled by default.
Click the Start button, and type "firewall". At the top of the Start menu you'll find "Windows Firewall with Advanced Security". Open that program to configure the Vista firewall (the "Windows Firewall" in the control panel exposes only the simpler, Windows XP-style controls).
From this Windows Firewall panel, you'll see the firewall settings for inbound and outbound connections. If the outbound connections reads "Outbound connections that do not match a rule are blocked", click the "Windows Firewall Properties" link to change it. Setting Outbound Connections to "Block" will prevent all programs (except those you explicitly allow) from creating outbound connections.
Please be a bit more careful in researching your reports. I come to CR to get the most accurate product information available.
Posted by: Jean Witt | Aug 5, 2007 6:14:07 PM
I have just purchased a new HP6142. I had hsi connected through cable, and since the vista is so new the tech didn't know alot about the details. He had me set up to go right to the hsi, through internet explorer, now its gone and I have to start out with aol, then through to the hsi. I will call HP on monday. Any thoughts, nice ones! ha
Posted by: David Martin | Mar 15, 2007 11:09:28 AM
I am not an expert on computers but am currently taking Computer Science courses at a near by University.
I purchased a new Dell M1710 laptot with Vista Ultimate installed.
After 7 days and over 25 hours on the phone with Microsoft, Dell and other vendors whose products were "Vista Compatible", I had to return the machine. My belief is the Dell machine was not the problem but appears Mr.Soft has sold the consumer a Beta program. Almost every time I installed a new assessory or software I received "KNOWN COMPATIBILITY" errors. Most of which Microsoft was aware of but had not corrected but waited for a call from the user to obtain the correct patches and or drivers.
Due to my experience I do not believe you should purchase the Vista Operating system for a year or more when hopefully most of the "KNOWN COMBATIBILITY ISSUES" will be resolved and available for automatic download from Mr. Softy!
Posted by: franz | Feb 12, 2007 12:36:35 AM
I wouldn't be surprised if another boo boo appears or gets exposed next week :) While I'm sure Microsoft has already tested Vista for possible errors, the best crash dummies are still the consumers. Anyway, if you don't want to end up being the topic author of another Vista blunder, make sure that you have the right drivers. I'm getting mine at http://www.radarsync.com/vista. Goodluck to all of us Vista users.