Vista Firewall outbound control

Riccardo · Jul 15, 2007

Hi,
Vista FW with advanced security comes with an outbound traffic default
setting "allow everything which is not denied". I think this is completely
useless, because the main reason for outbound traffic filter is to block
UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule to
deny an unknown program/destination port. On the other hand if I change the
outbound setting to "block everything that does not match a rule" it is
nearly impossible to design a rule for legitimate programs because, as far
as I understand, there is no "display notification" for outbound breaking
rule, and it is not simple to know applications/services/ports of the
majority of legitimate applications (apart from browser mailer and few
others).
My question is: is there a way to have a kind of display notification of the
outbound offended rule with applications/services/ports of the offending
programs?
Thanks in advance
Riccardo

Richard Urban · Jul 15, 2007

You can use Vista Firewall Control (free) from
http://www.sphinx-soft.com/Vista/order.html

OR

You can use PCTools Firewall Plus (free) from
http://www.pctools.com/firewall/

--

Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

"Riccardo" <riccardo@nospam.it> wrote in message
news:%238EEPGvxHHA.4928@TK2MSFTNGP03.phx.gbl...
> Hi,
> Vista FW with advanced security comes with an outbound traffic default
> setting "allow everything which is not denied". I think this is completely
> useless, because the main reason for outbound traffic filter is to block
> UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule
> to
> deny an unknown program/destination port. On the other hand if I change
> the
> outbound setting to "block everything that does not match a rule" it is
> nearly impossible to design a rule for legitimate programs because, as far
> as I understand, there is no "display notification" for outbound breaking
> rule, and it is not simple to know applications/services/ports of the
> majority of legitimate applications (apart from browser mailer and few
> others).
> My question is: is there a way to have a kind of display notification of
> the
> outbound offended rule with applications/services/ports of the offending
> programs?
> Thanks in advance
> Riccardo
>

Ian Betts · Jul 15, 2007

I never use Windows firewall, They are inferiorat the best of times to a
good stand alone. I use the one that comes with Panda VP, nothing appears to
get past it and it can be set for in's and out's.

--
Ian

"Riccardo" <riccardo@nospam.it> wrote in message
news:#8EEPGvxHHA.4928@TK2MSFTNGP03.phx.gbl...
> Hi,
> Vista FW with advanced security comes with an outbound traffic default
> setting "allow everything which is not denied". I think this is completely
> useless, because the main reason for outbound traffic filter is to block
> UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule
> to
> deny an unknown program/destination port. On the other hand if I change
> the
> outbound setting to "block everything that does not match a rule" it is
> nearly impossible to design a rule for legitimate programs because, as far
> as I understand, there is no "display notification" for outbound breaking
> rule, and it is not simple to know applications/services/ports of the
> majority of legitimate applications (apart from browser mailer and few
> others).
> My question is: is there a way to have a kind of display notification of
> the
> outbound offended rule with applications/services/ports of the offending
> programs?
> Thanks in advance
> Riccardo
>
>

Charles W Davis · Jul 15, 2007

Ian,
That's your opinion.
I use the Windows Firewall with minimal outbound control (Vista), AVG
anti-virus and am behind a router/firewall. Nothing disasterous has gotten
past it for over three years on two computers that remain on 24/7. My
opinion is based solely on my experience.
"Ian Betts" <igb123@talktalk.net> wrote in message
news:01800B40-CA63-4EE0-8979-39A4D210DE1B@microsoft.com...
>I never use Windows firewall, They are inferiorat the best of times to a
>good stand alone. I use the one that comes with Panda VP, nothing appears
>to get past it and it can be set for in's and out's.
>
>
>
> --
> Ian
>
> "Riccardo" <riccardo@nospam.it> wrote in message
> news:#8EEPGvxHHA.4928@TK2MSFTNGP03.phx.gbl...
>> Hi,
>> Vista FW with advanced security comes with an outbound traffic default
>> setting "allow everything which is not denied". I think this is
>> completely
>> useless, because the main reason for outbound traffic filter is to block
>> UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule
>> to
>> deny an unknown program/destination port. On the other hand if I change
>> the
>> outbound setting to "block everything that does not match a rule" it is
>> nearly impossible to design a rule for legitimate programs because, as
>> far
>> as I understand, there is no "display notification" for outbound breaking
>> rule, and it is not simple to know applications/services/ports of the
>> majority of legitimate applications (apart from browser mailer and few
>> others).
>> My question is: is there a way to have a kind of display notification of
>> the
>> outbound offended rule with applications/services/ports of the offending
>> programs?
>> Thanks in advance
>> Riccardo
>>
>>

Kerry Brown · Jul 15, 2007

No firewall that runs locally on a computer can be relied upon to stop
outgoing traffic from malware. If the malware is running on the computer it
can alter anything on the computer including the firewall. The firewall can
make this hard to do but not impossible.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca

"Ian Betts" <igb123@talktalk.net> wrote in message
news:01800B40-CA63-4EE0-8979-39A4D210DE1B@microsoft.com...
>I never use Windows firewall, They are inferiorat the best of times to a
>good stand alone. I use the one that comes with Panda VP, nothing appears
>to get past it and it can be set for in's and out's.
>
>
>
> --
> Ian
>
> "Riccardo" <riccardo@nospam.it> wrote in message
> news:#8EEPGvxHHA.4928@TK2MSFTNGP03.phx.gbl...
>> Hi,
>> Vista FW with advanced security comes with an outbound traffic default
>> setting "allow everything which is not denied". I think this is
>> completely
>> useless, because the main reason for outbound traffic filter is to block
>> UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule
>> to
>> deny an unknown program/destination port. On the other hand if I change
>> the
>> outbound setting to "block everything that does not match a rule" it is
>> nearly impossible to design a rule for legitimate programs because, as
>> far
>> as I understand, there is no "display notification" for outbound breaking
>> rule, and it is not simple to know applications/services/ports of the
>> majority of legitimate applications (apart from browser mailer and few
>> others).
>> My question is: is there a way to have a kind of display notification of
>> the
>> outbound offended rule with applications/services/ports of the offending
>> programs?
>> Thanks in advance
>> Riccardo
>>
>>

Ian Betts · Jul 15, 2007

Ah but your router firewall is the one that you can rely on most IMHO.

--
Ian

"Charles W Davis" <Anthemwebs@lvcoxmail.com> wrote in message
news:A1C774F1-C82F-4F19-9BC1-D6DC6F66185B@microsoft.com...
> Ian,
> That's your opinion.
> I use the Windows Firewall with minimal outbound control (Vista), AVG
> anti-virus and am behind a router/firewall. Nothing disasterous has gotten
> past it for over three years on two computers that remain on 24/7. My
> opinion is based solely on my experience.
> "Ian Betts" <igb123@talktalk.net> wrote in message
> news:01800B40-CA63-4EE0-8979-39A4D210DE1B@microsoft.com...
>>I never use Windows firewall, They are inferiorat the best of times to a
>>good stand alone. I use the one that comes with Panda VP, nothing appears
>>to get past it and it can be set for in's and out's.
>>
>>
>>
>> --
>> Ian
>>
>> "Riccardo" <riccardo@nospam.it> wrote in message
>> news:#8EEPGvxHHA.4928@TK2MSFTNGP03.phx.gbl...
>>> Hi,
>>> Vista FW with advanced security comes with an outbound traffic default
>>> setting "allow everything which is not denied". I think this is
>>> completely
>>> useless, because the main reason for outbound traffic filter is to block
>>> UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule
>>> to
>>> deny an unknown program/destination port. On the other hand if I change
>>> the
>>> outbound setting to "block everything that does not match a rule" it is
>>> nearly impossible to design a rule for legitimate programs because, as
>>> far
>>> as I understand, there is no "display notification" for outbound
>>> breaking
>>> rule, and it is not simple to know applications/services/ports of the
>>> majority of legitimate applications (apart from browser mailer and few
>>> others).
>>> My question is: is there a way to have a kind of display notification of
>>> the
>>> outbound offended rule with applications/services/ports of the offending
>>> programs?
>>> Thanks in advance
>>> Riccardo
>>>
>>>
>
>

Ian Betts · Jul 15, 2007

But a good hardware and software firewall should stop the malware getting
in.

--
Ian

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:1C1C7D21-37AC-4326-8BC3-CB4D570831A9@microsoft.com...
> No firewall that runs locally on a computer can be relied upon to stop
> outgoing traffic from malware. If the malware is running on the computer
> it can alter anything on the computer including the firewall. The firewall
> can make this hard to do but not impossible.
>
> --
> Kerry Brown
> Microsoft MVP - Shell/User
> http://www.vistahelp.ca
>
>
> "Ian Betts" <igb123@talktalk.net> wrote in message
> news:01800B40-CA63-4EE0-8979-39A4D210DE1B@microsoft.com...
>>I never use Windows firewall, They are inferiorat the best of times to a
>>good stand alone. I use the one that comes with Panda VP, nothing appears
>>to get past it and it can be set for in's and out's.
>>
>>
>>
>> --
>> Ian
>>
>> "Riccardo" <riccardo@nospam.it> wrote in message
>> news:#8EEPGvxHHA.4928@TK2MSFTNGP03.phx.gbl...
>>> Hi,
>>> Vista FW with advanced security comes with an outbound traffic default
>>> setting "allow everything which is not denied". I think this is
>>> completely
>>> useless, because the main reason for outbound traffic filter is to block
>>> UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule
>>> to
>>> deny an unknown program/destination port. On the other hand if I change
>>> the
>>> outbound setting to "block everything that does not match a rule" it is
>>> nearly impossible to design a rule for legitimate programs because, as
>>> far
>>> as I understand, there is no "display notification" for outbound
>>> breaking
>>> rule, and it is not simple to know applications/services/ports of the
>>> majority of legitimate applications (apart from browser mailer and few
>>> others).
>>> My question is: is there a way to have a kind of display notification of
>>> the
>>> outbound offended rule with applications/services/ports of the offending
>>> programs?
>>> Thanks in advance
>>> Riccardo
>>>
>>>
>
>

Daze N. Knights · Jul 15, 2007

Another option is ZoneAlarm Free for Vista (32-bit)
http://www.pcworld.com/downloads/file/fid,65012-order,1-page,1/description.html

Richard Urban wrote:
> You can use Vista Firewall Control (free) from
> http://www.sphinx-soft.com/Vista/order.html
>
> OR
>
> You can use PCTools Firewall Plus (free) from
> http://www.pctools.com/firewall/
>

Kerry Brown · Jul 15, 2007

Correct but the firewall in Vista is fully capable of doing this. Unless the
firewall also does some threat profiling as some hardware firewalls do the
built in firewall is as good as any and better than most for inbound
access. I always rely on a hardware firewall as the first line of defense
and a software firewall to protect against worms that are already inside the
perimeter.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca

"Ian Betts" <igb123@talktalk.net> wrote in message
news:4943AB5B-FB57-4B44-B523-57EC185F12EB@microsoft.com...
> But a good hardware and software firewall should stop the malware getting
> in.
>
>
>
> --
> Ian
>
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:1C1C7D21-37AC-4326-8BC3-CB4D570831A9@microsoft.com...
>> No firewall that runs locally on a computer can be relied upon to stop
>> outgoing traffic from malware. If the malware is running on the computer
>> it can alter anything on the computer including the firewall. The
>> firewall can make this hard to do but not impossible.
>>
>> --
>> Kerry Brown
>> Microsoft MVP - Shell/User
>> http://www.vistahelp.ca
>>
>>
>> "Ian Betts" <igb123@talktalk.net> wrote in message
>> news:01800B40-CA63-4EE0-8979-39A4D210DE1B@microsoft.com...
>>>I never use Windows firewall, They are inferiorat the best of times to a
>>>good stand alone. I use the one that comes with Panda VP, nothing appears
>>>to get past it and it can be set for in's and out's.
>>>
>>>
>>>
>>> --
>>> Ian
>>>
>>> "Riccardo" <riccardo@nospam.it> wrote in message
>>> news:#8EEPGvxHHA.4928@TK2MSFTNGP03.phx.gbl...
>>>> Hi,
>>>> Vista FW with advanced security comes with an outbound traffic default
>>>> setting "allow everything which is not denied". I think this is
>>>> completely
>>>> useless, because the main reason for outbound traffic filter is to
>>>> block
>>>> UNKNOWN programs (worm, trojans ....) so it is impossible to make a
>>>> rule to
>>>> deny an unknown program/destination port. On the other hand if I change
>>>> the
>>>> outbound setting to "block everything that does not match a rule" it is
>>>> nearly impossible to design a rule for legitimate programs because, as
>>>> far
>>>> as I understand, there is no "display notification" for outbound
>>>> breaking
>>>> rule, and it is not simple to know applications/services/ports of the
>>>> majority of legitimate applications (apart from browser mailer and few
>>>> others).
>>>> My question is: is there a way to have a kind of display notification
>>>> of the
>>>> outbound offended rule with applications/services/ports of the
>>>> offending
>>>> programs?
>>>> Thanks in advance
>>>> Riccardo
>>>>
>>>>
>>
>>

Richard Urban · Jul 15, 2007

Kerry. May I ask as to what hardware firewall you are using?

--

Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:8EFBFF1E-AC59-4623-B762-8AA8F6CBE673@microsoft.com...
> Correct but the firewall in Vista is fully capable of doing this. Unless
> the firewall also does some threat profiling as some hardware firewalls do
> the built in firewall is as good as any and better than most for inbound
> access. I always rely on a hardware firewall as the first line of defense
> and a software firewall to protect against worms that are already inside
> the perimeter.
>
> --
> Kerry Brown
> Microsoft MVP - Shell/User
> http://www.vistahelp.ca
>
>
> "Ian Betts" <igb123@talktalk.net> wrote in message
> news:4943AB5B-FB57-4B44-B523-57EC185F12EB@microsoft.com...
>> But a good hardware and software firewall should stop the malware getting
>> in.
>>
>>
>>
>> --
>> Ian
>>
>> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
>> news:1C1C7D21-37AC-4326-8BC3-CB4D570831A9@microsoft.com...
>>> No firewall that runs locally on a computer can be relied upon to stop
>>> outgoing traffic from malware. If the malware is running on the computer
>>> it can alter anything on the computer including the firewall. The
>>> firewall can make this hard to do but not impossible.
>>>
>>> --
>>> Kerry Brown
>>> Microsoft MVP - Shell/User
>>> http://www.vistahelp.ca
>>>
>>>
>>> "Ian Betts" <igb123@talktalk.net> wrote in message
>>> news:01800B40-CA63-4EE0-8979-39A4D210DE1B@microsoft.com...
>>>>I never use Windows firewall, They are inferiorat the best of times to a
>>>>good stand alone. I use the one that comes with Panda VP, nothing
>>>>appears to get past it and it can be set for in's and out's.
>>>>
>>>>
>>>>
>>>> --
>>>> Ian
>>>>
>>>> "Riccardo" <riccardo@nospam.it> wrote in message
>>>> news:#8EEPGvxHHA.4928@TK2MSFTNGP03.phx.gbl...
>>>>> Hi,
>>>>> Vista FW with advanced security comes with an outbound traffic default
>>>>> setting "allow everything which is not denied". I think this is
>>>>> completely
>>>>> useless, because the main reason for outbound traffic filter is to
>>>>> block
>>>>> UNKNOWN programs (worm, trojans ....) so it is impossible to make a
>>>>> rule to
>>>>> deny an unknown program/destination port. On the other hand if I
>>>>> change the
>>>>> outbound setting to "block everything that does not match a rule" it
>>>>> is
>>>>> nearly impossible to design a rule for legitimate programs because, as
>>>>> far
>>>>> as I understand, there is no "display notification" for outbound
>>>>> breaking
>>>>> rule, and it is not simple to know applications/services/ports of the
>>>>> majority of legitimate applications (apart from browser mailer and few
>>>>> others).
>>>>> My question is: is there a way to have a kind of display notification
>>>>> of the
>>>>> outbound offended rule with applications/services/ports of the
>>>>> offending
>>>>> programs?
>>>>> Thanks in advance
>>>>> Riccardo
>>>>>
>>>>>
>>>
>>>
>

CB · Jul 15, 2007

Daze N. Knights,

ZoneAlarm does not make a product that is compatible with Vista. I don't
care what ZoneAlarm says. I used ZoneAlarm for years on XP and it was a great
application. However, if you try to download and install the free ZoneAlarm
firewall for Vista or the ZoneAlarm Internet Security Suite for Vista you are
asking for trouble.

I tried in vain to get the ZoneAlarm Vista products to install and run
correctly to no avail. What a nightmare! I have never had to do so many
System Restores in my life. I also had to go into the registry and delete the
remnants of ZoneAlarm after the System Restores. You should read the reviews
of ZoneAlarm's Vista products and you will understand what I am saying. I do
not have any problems downloading and installing any of the other security
applications from other vendors.
Of course, this does not include Norton/Symantec and McAfee, which I would
advise staying away from (both of them are resource hogs and cause more
problems than they fix. Also, once they are entrenched in your system it is
almost impossible to eliminate them unless you reformat and do a clean
install).

My wireless router/modem has a hardware firewall and my software firewall is
the Windows firewall. I have had no problems. Of course, some people will
undoubtably be able to download ZoneAlarm products for Vista and have no
problems whatsoever. This seems to be the exception rather than the rule.

Have a nice day.

C.B.

Richard Urban · Jul 15, 2007

I have tested the Vista compatible versions of ZA and find that any of them
will slow down the system tremendously.

I used to say that I was willing to sacrifice a 5% slowdown for, what I
perceived to be, the extra security. But these new versions slow down the
system perceptibly - likely about 20% in my case.

--

Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

"CB" <CB@discussions.microsoft.com> wrote in message
news:4245862D-DAE1-4F99-9BA4-A1E911E8CA5E@microsoft.com...
> Daze N. Knights,
>
> ZoneAlarm does not make a product that is compatible with Vista. I don't
> care what ZoneAlarm says. I used ZoneAlarm for years on XP and it was a
> great
> application. However, if you try to download and install the free
> ZoneAlarm
> firewall for Vista or the ZoneAlarm Internet Security Suite for Vista you
> are
> asking for trouble.
>
> I tried in vain to get the ZoneAlarm Vista products to install and run
> correctly to no avail. What a nightmare! I have never had to do so many
> System Restores in my life. I also had to go into the registry and delete
> the
> remnants of ZoneAlarm after the System Restores. You should read the
> reviews
> of ZoneAlarm's Vista products and you will understand what I am saying. I
> do
> not have any problems downloading and installing any of the other security
> applications from other vendors.
> Of course, this does not include Norton/Symantec and McAfee, which I would
> advise staying away from (both of them are resource hogs and cause more
> problems than they fix. Also, once they are entrenched in your system it
> is
> almost impossible to eliminate them unless you reformat and do a clean
> install).
>
> My wireless router/modem has a hardware firewall and my software firewall
> is
> the Windows firewall. I have had no problems. Of course, some people will
> undoubtably be able to download ZoneAlarm products for Vista and have no
> problems whatsoever. This seems to be the exception rather than the rule.
>
> Have a nice day.
>
> C.B.

Daze N. Knights · Jul 15, 2007

Hmm. I have been using ZA7.1.078.000 Free for Vista for over two weeks
with no problems at all and no noticeable slowdown. So, it's apparently
a case of YMMV.

Daze
-------------

Richard Urban wrote:
> I have tested the Vista compatible versions of ZA and find that any of
> them will slow down the system tremendously.
>
> I used to say that I was willing to sacrifice a 5% slowdown for, what I
> perceived to be, the extra security. But these new versions slow down
> the system perceptibly - likely about 20% in my case.
>

Kerry Brown · Jul 15, 2007

I use a DFL-210. It's fairly expensive. I need the VPN performance it offers
with the firewall. It also does traffic shaping and more.

http://www.dlink.com/products/?sec=2&pid=512

The DFL-CP310 is also good if you don't need the VPN performance of the
DFL-210.

http://www.dlink.com/products/?sec=2&pid=481

I like DLink because I'm a dealer. SonicWall and others have equally good
solutions for around $250.00 and up. It may sound expensive but a good
router/firewall can actually give you a noticeable speed increase on a
broadband connection if you have more than a couple of computers. It's
surprising what a decent CPU and RAM does for a router. They are a little
more complicated to setup and there is the ongoing expense of the security
update subscription but the results are worth it. Note that this doesn't
mean you don't need an antivirus on your computer

You could also use an old computer with Linux. There are some distros
designed just for this purpose. The Linux solution could be very cheap if
you have the hardware already in a closet somewhere.

This is probably overkill for most people. For the average home I'd
recommend something like the DIR-330. The firewall isn't as sophisticated
but it's decent enough and easy to configure.

http://www.dlink.com/products/?sec=0&pid=564

Even Checkpoint (Zonealarm) is getting into the home/soho hardware firewall
market.

http://www.zonealarm.com/store/content/catalog/products/z100g/index.jsp

As malware becomes more sophisticated software firewalls will become less
useful for protection against malware. With root kits and hardware
virtualization malware can hide from the OS and easily communicate around
the OS.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca

"Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message
news:%23cq$A4zxHHA.4276@TK2MSFTNGP05.phx.gbl...
> Kerry. May I ask as to what hardware firewall you are using?
>
> --
>
>
> Regards,
>
> Richard Urban
> Microsoft MVP Windows Shell/User
> (For email, remove the obvious from my address)
>
>
>
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:8EFBFF1E-AC59-4623-B762-8AA8F6CBE673@microsoft.com...
>> Correct but the firewall in Vista is fully capable of doing this. Unless
>> the firewall also does some threat profiling as some hardware firewalls
>> do the built in firewall is as good as any and better than most for
>> inbound access. I always rely on a hardware firewall as the first line of
>> defense and a software firewall to protect against worms that are already
>> inside the perimeter.
>>
>> --
>> Kerry Brown
>> Microsoft MVP - Shell/User
>> http://www.vistahelp.ca
>>
>>
>> "Ian Betts" <igb123@talktalk.net> wrote in message
>> news:4943AB5B-FB57-4B44-B523-57EC185F12EB@microsoft.com...
>>> But a good hardware and software firewall should stop the malware
>>> getting in.
>>>
>>>
>>>
>>> --
>>> Ian
>>>
>>> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
>>> news:1C1C7D21-37AC-4326-8BC3-CB4D570831A9@microsoft.com...
>>>> No firewall that runs locally on a computer can be relied upon to stop
>>>> outgoing traffic from malware. If the malware is running on the
>>>> computer it can alter anything on the computer including the firewall.
>>>> The firewall can make this hard to do but not impossible.
>>>>
>>>> --
>>>> Kerry Brown
>>>> Microsoft MVP - Shell/User
>>>> http://www.vistahelp.ca
>>>>
>>>>
>>>> "Ian Betts" <igb123@talktalk.net> wrote in message
>>>> news:01800B40-CA63-4EE0-8979-39A4D210DE1B@microsoft.com...
>>>>>I never use Windows firewall, They are inferiorat the best of times to
>>>>>a good stand alone. I use the one that comes with Panda VP, nothing
>>>>>appears to get past it and it can be set for in's and out's.
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Ian
>>>>>
>>>>> "Riccardo" <riccardo@nospam.it> wrote in message
>>>>> news:#8EEPGvxHHA.4928@TK2MSFTNGP03.phx.gbl...
>>>>>> Hi,
>>>>>> Vista FW with advanced security comes with an outbound traffic
>>>>>> default
>>>>>> setting "allow everything which is not denied". I think this is
>>>>>> completely
>>>>>> useless, because the main reason for outbound traffic filter is to
>>>>>> block
>>>>>> UNKNOWN programs (worm, trojans ....) so it is impossible to make a
>>>>>> rule to
>>>>>> deny an unknown program/destination port. On the other hand if I
>>>>>> change the
>>>>>> outbound setting to "block everything that does not match a rule" it
>>>>>> is
>>>>>> nearly impossible to design a rule for legitimate programs because,
>>>>>> as far
>>>>>> as I understand, there is no "display notification" for outbound
>>>>>> breaking
>>>>>> rule, and it is not simple to know applications/services/ports of the
>>>>>> majority of legitimate applications (apart from browser mailer and
>>>>>> few
>>>>>> others).
>>>>>> My question is: is there a way to have a kind of display notification
>>>>>> of the
>>>>>> outbound offended rule with applications/services/ports of the
>>>>>> offending
>>>>>> programs?
>>>>>> Thanks in advance
>>>>>> Riccardo
>>>>>>
>>>>>>
>>>>
>>>>
>>
>

XS11E · Jul 16, 2007

"Ian Betts" <igb123@talktalk.net> wrote:

> But a good hardware and software firewall should stop the malware
> getting in.

Only if configured properly, no firewall can protect you against
something you or another user invite into your machine.

--
XS11E, Killing all posts from Google Groups
The Usenet Improvement Project: http://blinkynet.net/comp/uip5.html

Richard Urban · Jul 16, 2007

Only if configured properly, no firewall can protect you against
> something you or another user invite into your machine.

That is correct. But a good software firewall just may prevent that key
logger you inadvertently installed last week from phoning home with your
credit card and pin numbers, your social security card #, your Full Name and
address - in short, everything that someone needs to steal your identity.

A key logger can be on you computer for years and never do any damage - if
it's outgoing communication is flagged and then denied.

--

Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

"XS11E" <xs11e@NOSPAMyahoo.com> wrote in message
news:Xns996EE896F9913xs11eyahoocom@127.0.0.1...
> "Ian Betts" <igb123@talktalk.net> wrote:
>
>> But a good hardware and software firewall should stop the malware
>> getting in.
>
> Only if configured properly, no firewall can protect you against
> something you or another user invite into your machine.
>
>
> --
> XS11E, Killing all posts from Google Groups
> The Usenet Improvement Project: http://blinkynet.net/comp/uip5.html

Vista Firewall outbound control

Riccardo

Richard Urban

Ian Betts

Charles W Davis

Kerry Brown

Ian Betts

Ian Betts

Daze N. Knights

Kerry Brown

Richard Urban

CB

Richard Urban

Daze N. Knights

Kerry Brown

XS11E

Richard Urban

Similar threads