Is Vista Firewall Adequate?

[dsigma6]

I never trusted the XP firewall, but it appears the Vista one is much improved, for both incoming and outgoing connections. Would you have any peace of mind using just the Vista firewall, also behind a Linksys router? I've been a loyal Comodo user, but it doesn't play nicely with Vista.

Off topic:
I just got Vista Ultimate up and running on an eMachines with a 1.2ghz Celeron, 512MB (PC133), and a crappy Nvidia GeForce 6200 video card. Aero runs smooth as can be...surprisingly! The system only scored a 1.5 on the Vista rating, and that was because of the RAM speed. Otherwise, scores mostly in the 2.5ish range, except for the HD which was a 5.1.

[Paranoid_TP_User]

I've never found a really un-annoying firewall except windows firewall, which I have used for a long time, I've also never had any attacks, virii or other malicious software on this machine ( I guess I've had it over a year and a half by now). I also run nod32.

[RealBlackStuff]

You could try out the Jetico FW, available here: www.jetico.com
They claim it's Vista compatible, and reports classify it on a par with Comodo.

[dsigma6]

Thanks- I'll do some research on Jetico. The only thing I'm happy about with Windows firewall only, is my download speeds on p2p. I had Comodo set up to allow the program, but I guess some port settings slowed it down massively.

[Fusion]

Would you guys happen to know if it is possible to partition the hdd on my R60, install Vista and have an XP/Vista boot option?
I'd like to try Vista and my dad has an orig. copy lying around, but I dont want to format and reinstall all programs.
I expect that it's also possible to upgrade XP to Vista, but again, I'd rather try them out first.
Thanks for your replys in advance!

[chaukap]

Yes, it is possible and I have it that way on my machine. There are many threads and links on the web which explain this. Here's one to start with
http://apcmag.com/5023/dual_booting_xp_with_vista

[dsigma6]

[chaukap]

dsigma6, and the moderators
sorry about that, Instead of guiding Fusion to right place for his question, I was lured by my ability to answer his question.

Is it too late to change things ?

[Kyocera]

I've never found a really un-annoying firewall except windows firewall, which I have used for a long time, I've also never had any attacks, virii or other malicious software on this machine ( I guess I've had it over a year and a half by now). I also run nod32.

This has been my experience as well with XP, I used to use Zone Alarm freebie but it actually annoyed me.

Been running Vista now with AVG, Windows Defender and the windows firewall, so far so good. the computers people bring to me to fix are the ones who download anything and everything they click on, and a lot of times they have young kids who use their machines and when kids want to play games.......well, you know where that is going.

Dan nice road map, did you draw that yourself??


PS: fusion, yes it is possible and very simple to do. (ooops sorry dan )

[dsigma6]

I don't care too much about the hijack, but I thought it was a good opportunity to use an image I just found. I was looking for the one frequently used here with the terrorist dudes holding a hostage, but no luck.

Not that I really posted this in the right area to begin with, but I had too many choices!

Mike- I had AVG running, but encountered weird errors saying "Sorry, it just doesn't want to work for you." I uninstalled it shortly thereafter, and also stopped Defender. I've gone from very secure XP machines to a hardly secured Vista machine, with UAC disabled as well.

[Kyocera]

I disabled UAC as well, -hated it- but I have not had any issues with AVG for Vista. The only real issue I've had so far is the trying to install adobe 8 with uac turned off, but got that resolved.
I'm curious...what was the problem with defender?

[dsigma6]

I didn't like Defender when it first came out on XP, why would I like it now?

It never found anything wrong with my computers, while other programs would immediately know what was wrong. Trust=0.

[Purcy]

I was looking for the one frequently used here with the terrorist dudes holding a hostage, but no luck.

Do you mean this one?

[dsigma6]

Do you mean this one?

LOL...how on Earth is there more than one kidnapping picture that was turned into a thread hijack image? It was actually one with two guys and one hostage. At least you tried!

[Purcy]

Here's my last best shot

[dsigma6]

Bingo!! We have a winner!

Too bad I was even wrong in describing what it looked like, as there are in fact three "terrorists," not two. We've both hijacked my already hijacked thread!

Also, according to the website you linked to, I've just won an Apple iPod!!!

[Kyocera]

dan wrote





Congrats on the Ipod!!!!! I'll buy it from you if you don't need it.

[Purcy]

Congrats on the Ipod!!!!! I'll buy it from you if you don't need it.

Well I think I should get it, I found the photo! Nah, that's okay, I have enough devices for any one person.

[dsigma6]

You guys do realize that's a joke about the iPod...flashing banner ad. I'll continue to try and give you some credit.

[RealBlackStuff]

Out of curiosity, did you ever try that Jetico FW, and how does it stack up?

[dsigma6]

Haven't even gotten to it yet actually...I truly value my computer security...

[MeanGene]

Here's something I found that's interesting but quite long.

"Analysis: New Windows Vista Firewall Fails on Outbound Security. Microsoft touts Windows Vista's significant security improvements but we've found that the firewall in this OS offers little outbound protection.




Microsoft touts Windows Vista as giving significant security improvements over Windows XP, and it offers the Windows Firewall, with its new two-way filtering feature, as one reason for that better security.

But as shipped, the Windows Firewall offers little outbound protection, and it's not clear how outbound protection can be configured to protect against spyware, Trojans and bots.

Firewalls such as the Windows Firewall work by halting dangerous connections a PC makes over the Internet. The Windows XP firewall offered inbound protection, but did not offer outbound protection. Some malware makes unwanted, invisible outbound connections with hackers, which let them take control of a PC.

In some cases, a computer can be turned into a "zombie" or a "bot," spewing out thousands of pieces of spam over outbound connections without the owner's knowledge.

Competing firewalls such as ZoneAlarm, the Norton Personal Firewall and the McAfee Internet Security Suite offer user-configurable outbound protection, also known as outbound filtering. When Microsoft reworked its firewall for Windows Vista, it added the ability to perform outbound filtering.

But by default, most outbound filtering in the Windows Vista firewall is turned off. In addition, there may be no practical way to use outbound filtering to stop all unwanted outbound connections.

Normally, to configure the Window Vista Firewall, you choose Control Panel -->Security --> Turn Windows Firewall on or off. You'll see the screen shown in the nearby figure.

There is no way to configure outbound filtering --- you can only turn inbound filtering on or off, and through the various tabs, configure how inbound filtering works.

To work with outbound filtering, you instead have to use the Microsoft Management Console, specifically the Windows Firewall with Advanced Security Group Policy applet, by typing wf.msc at the Search box or command prompt and pressing Enter. It's shown in the nearby figure.

If you look in the various profiles in the Overview area, you'll see that for each profile, "Outbound connections that do not match a rule are allowed."

Every rule in the Windows Firewall allows outbound connections, though. Click the Outbound Rules icon on the left side of the screen, and you'll see all the outbound rules. As you can see from the nearby figure, every outbound rule allows outbound connections. None block connection.

Making matters worse, there is no way for an individual or IT staff on their own to create an all-purpose rule that will block malware from making outbound connections. You can only create a rule to block a specific piece of malware, and doing that is an extremely difficult task, requiring that you know quite a bit of information about that piece of malware, including its location on your PC, the port it uses to make outbound connections, and so on.

To stop all malware from making outbound connections, you'd have to know all those details of all the thousands of pieces of malware in existence, and create rules for each one individually. But even that wouldn't work, because you wouldn't know about malware that has not yet been detected.

In short, as a practical matter, it's an impossible task.

Competing firewalls often use built-in intelligence to allow certain programs to make outbound connections, and then issue alerts when other programs make connections. You're told the program name and executable, and given a recommendation as to whether the program should be allowed. You can then block or allow the program to make a connection on a one-time or permanent basis.

Microsoft's Reaction
Microsoft claims that the firewall does perform some outbound filtering, but that the filtering is invisible to users. Jason Leznek, Microsoft senior product manager, told Computerworld that outbound filtering rules "are enabled by default for core Windows services as part of Windows Service Hardening, which enables the firewall to understand specific behaviors Windows services should have, and block them if they are doing something unexpected (ie, via an exploited vulnerability). Windows Firewall also protects the computer by blocking certain outgoing messages to help prevent the computer against certain port scanning attacks."

In other words, Microsoft claims that the firewall can block some malware. But Leznek concedes that it cannot block all malware, and he claims that a more effective approach than outbound filtering is to use antispyware such as Windows Defender, which the company claims will stop malware from being installed on the PC in the first place.

This reflects what Vista group product manager Greg Sullivan told BusinessWeek. Outbound filtering is "a high cost to pay for what we thought was not that much benefit," he told the magazine. "The support burden it would generate for us and our partners, mostly manufacturers, is a very high cost to pay for very little benefit."

But Microsoft has a somewhat schizophrenic approach to outbound protection. When questioned about the need for outbound filtering, Leznek told Computerworld that Windows Live OneCare, a product and subscription service Microsoft sells for US$49.95 a year "provides outbound filtering as a service and may also be an attractive option...."

So even though two-way filtering isn't used extensively in the Windows Firewall, you can buy two-way filtering by buying extra Microsoft software.

What's the upshot? If you're a Windows Vista user and want to make sure that you get configurable two-way filtering, you'll need to buy either OneCare Live or another security product or firewall that provide outbound as well as inbound protection. Make sure that the product works with Windows Vista, though, because not all firewalls do yet.

Preston Gralla is a contributing editor for Computerworld Online, and the author of more than 35 books, including Windows Vista in a Nutshell. "


source: PC World

[dsigma6]

Nice article, MeanGene. I'm feeling better about this with each passing moment.

[Paranoid_TP_User]

Jetico was awful if you ask me. The pop-ups never end for absolutely everything your computer does, and if you get one wrong, a few days later you might discover that a few of your applications no longer work, and you will either have to search through the countless rules in the tables the program makes to find the guilty entry or just turn the [censored] thing off. Also it seems to pass everything network-related that you do with your computer through every rule in the appropriate table until it finds the relevant answer, and the last entry in every table is "ask user" in case there is no appropriate rule. Passing each network instruction through every entry in the table significantly slows down your computer when doing anything involving the nework.

Sure it's now on resources and it can be very effective at blocking unwanted network access, but it still slows down your computer with the rules table and reduces your productivity by constantly questioning you, and it's effectiveness depends on how well you answered the 10,000 questions it has asked you. Rubbish, 1/10.

[RealBlackStuff]

Guess that rules Jetico out. Glad I have not tried it yet.
I'll stay with (free) Comodo for now, after the (paid for) Agnitum Outpost 4 disaster.

[dsigma6]

Jetico doesn't let you set a notification level, like Comodo? Comodo sure asks a lot of questions, and if you select DENY, you may find your internet stopped working altogether..."They" (proverbial) need to make it so that doesn't happen.

Thanks for the review- My T23 is on the fritz so I couldn't even boot, let alone try Jetico.