 |
 |
| ActiveWin | Anonymous | Create a User | Reviews | News | Forums | Advertise | VBA in Excel | Users Online: 0 |
|
|
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
Active Network |
|
ActiveMac |
|
ActiveWin |
|
ActiveXbox |
|
DirectX |
|
Downloads |
|
FAQs |
|
Interviews |
|
MS Games & Hardware |
|
Reviews |
|
Rocky Bytes |
|
Support Center |
|
TopTechTips |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows Vista |
|
Windows XP |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
Apple/Mac |
|
Xbox/Xbox 360 |
|
News Search |
|
XML/RSS Newsfeeds |
|
Pocket PC Site |
|
|
|
|
|
|
|
FAQ's |
|
Windows Vista |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows XP |
|
Windows 7 |
|
Windows 8 |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox 360 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
Latest Reviews |
|
Xbox/Games |
|
Fable 2 |
|
|
|
Applications |
|
Windows Server 2008 R2 |
|
Windows 7 |
|
Adobe CS5 Master Collection |
|
|
|
Hardware |
|
Microsoft Express Mouse |
|
|
|
|
|
|
|
Latest Interviews |
|
Mike Swanson |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Advertise |
|
Affiliates |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
 |
Managing the Windows Vista Firewall | |
|
||
| Time: 00:48 EST/05:48 GMT | News Source: Microsoft | Posted By: Kenneth van Surksum | ||
|
The firewall in the original release of Windows XP was adequate, but really left a lot to be desired. But over the years, the Windows Firewall has received a number of makeovers and continual refinements. By the time Windows Vista was released, the firewall had beenredesigned and was quite impressive. Then the update that came with the recent release of Windows Vista SP1 added even more powerful features--support for Network Access Protection, reliability enhancements, new encryption-related algorithms, and so on. In the June 2008 issue of TechNet Magazine, Jesper Johansson digs into the Windows Firewall. He discusses how it is a good solution for the enterprise and shows you how you can deploy and manage the Windows Firewall throughout your organization. |
||
|
Read Only Comments Return to News |
Displaying Comments 1 through 13 of 13 |
This is an archived static copy of ActiveWin.com. |
| #1 By 52115 (66.181.69.210) at Thursday, May 29, 2008 07:41:58 AM |
| Its so good that even when it's disabled (because you're running another software firewall; in my case F-Secure Internet Security), it'll still block programs like VMWare Workstations' NAT features. You have to allow vmwnat.exe within Vista's firewall in order to NAT features to work properly. AMAZING! haha |
| #2 By 143 (74.129.194.180) at Thursday, May 29, 2008 12:02:34 PM |
| Your regular home user doesn't realize the outbound firewall is disabled by default. |
| #3 By 23275 (68.186.182.236) at Thursday, May 29, 2008 12:10:50 PM |
|
@2, that is patently false.
By default, the Windows Vista firewall is "on" in both directions and opposite a great many policies. It is extremely well crafted and smart. "service restrictions" are only one example of what I mean. Please read this article and explore the other links and resources relating to this matter. http://technet.microsoft.com/en-us/magazine/cc138010.aspx It is getting more than tiresome witnessing how our industry's press has so badly influenced the understanding that people have about Windows and most especially Windows Vista. |
| #4 By 8556 (12.210.39.82) at Thursday, May 29, 2008 04:38:42 PM |
| #3: As you have stated in the past, press favors advertisers and Apple is a big source of cash. At least ActiveWin is not running online versions of "I'm a Mac, I'm a PC" like so many of the linked sites do. |
| #5 By 143 (65.221.158.226) at Thursday, May 29, 2008 05:42:55 PM |
|
"But by default, most outbound filtering in the Windows Vista firewall is turned off. In addition, there may be no practical way to use outbound filtering to stop all unwanted outbound connections."
http://www.pcworld.com/businesscenter/article/128834/analysis_new_windows_vista_firewall_fails_on_outbound_security.html ? |
| #6 By 23275 (68.186.182.236) at Thursday, May 29, 2008 06:51:05 PM |
|
#5, Bunk.
The control panel applet reflects a limited view; however, in administrative tools, there is an extensive snap-in where out-bound filtering can be seen and policies adjusted/added/removed, etc... Further, out-bound filtering is on by default, and it remains largely transparent to end users (it is very clearly evident to admin and power users). For example, an application running in user space requests access for service. Service restrictions, as a function of applications filters (not just packet filters) open only for those service ports required. Take an app like Live Messenger as it requests out-bound access for log in.... it may use many ports... say it finds one among the many it can use, it opens that, but then closes out-bound access to all others - it does this dynamically. Don't trust the rap you read in these rags - please consider reading the technical papers I have provided links for. |
| #7 By 143 (65.221.158.226) at Thursday, May 29, 2008 09:07:35 PM |
|
You would think something like a firewall wouldn't be controversial. But, I can do a Google and half of these "so called" tech sites would say everything is fine and the other half would say the door is wide open.
Makes one wonder who to believe if your only Googling. |
| #8 By 23275 (68.186.182.236) at Friday, May 30, 2008 10:59:31 AM |
|
#7, You're right. It can be very hard to get at the truth when all one reads is the garbage out on the net (in the popular press).
Take the article you ref'd at #5 above. It was bad piece written in Feb 2007 - a week after the general release of Windows Vista. At that time, our press was spending most of its time writing terribly inaccurate articles designed to keep people from moving to Vista. One area they hit on was security - questioning whether Vista's security model was actually better. Without understanding it, or checking how it works, the author wrote this piece - the angle being quite clear... that there was little out-bound filtering. That simply is not true at all. Remember also, in the technical papers available, professionals at MS and throughout our industry talk about applying layers. They are right. In this context specifically, they speak to applications level policies and how to use them in Vista. So out of the gate, MS is being more responsible and showing how security is best applied in layers and how the new OS helps admins manage that. No one firewall is going to be enough - not against all threats. Going back to the article, where it references Windows Live OneCare. The article slams Microsoft for mentioning this - that is just sad. They are correct to mention using OneCare in the context that the author was asking (for end users), where OneCare makes filtering "visible" and dynamically so. In simple words, OneCare adds a visible management layer that makes it easier for non-technical people to apply in and out-bound filters based upon what they want to do on the net. WLOC 2.5 is incredibly easy, effective and lightweight, by the way and you can sign up to try it at connect.microsoft.com If you really want to know what is going on with Microsoft products, hang out in the connect forums, TechNet, MSDN, and of course, ActiveWin. There are guys here that will more often than not, provide a credible link. They will also tell you when Microsoft fouls up and candidly so... The WHS bug, delays in PP1 for it, WGA... whatever it is, there is more objectivity at these resources than many assume. Trolls of course will do the reverse, but their posts are easy to recognize and pass over... like stepping over unidentified waste in a public restroom. |
| #9 By 2960 (72.196.195.185) at Friday, May 30, 2008 12:50:10 PM |
|
Ok, so how does one disable this thing COMPLETELY ?
I've got issues with some corporate HTTPS sites (Novel Server Logins" that simply will not load under Vista, and I've spent a year trying to figure it out. I have to keep an XP VPC container up and running just for my Novell server access at the 40 some offices I take care of across the country. I've ruled out SecureClient, NOD32, and just about everything else I can think of. TL |
| #10 By 23275 (68.186.182.236) at Friday, May 30, 2008 02:37:51 PM |
|
TL,
Send me more detail on what you need to do and I'll see if I can help. |
| #11 By 2960 (72.196.195.185) at Saturday, May 31, 2008 11:13:09 AM |
|
For now, I just want to make sure it is completely and totally turned off so I can see if that's what is causing my HTTPS Novel Server connectivity issues.
Thanks :) TL |
| #12 By 82766 (122.107.91.213) at Sunday, June 01, 2008 03:44:06 AM |
| #7 - Why don't you just perform some packet capturing and check the firewall log? |
| #13 By 23275 (68.186.182.236) at Sunday, June 01, 2008 10:52:54 AM |
|
#11, TL, It isn't that simple, and that is a good thing in the context of security.
Yes, you can turn the WFW off - either via the control panel, or group policy at log in; however, there are other dependent services in play. Vista has an extensive integrity mechanism that is not singularly bound to any *one* service, or technology. The Base Filtering Engine is dependent upon the WFW - regardless of whether the FW is actively filtering at all. The filtering engine manages Internet Protocol Security, while the Windows Event Collector, (when running) forwards event subscriptions where applicable. As #12 suggests, I'd capture some data http://www.wireshark.org/ and analyze it to see exactly what you have going on on both sides of the client interface. Share what you find and I'll try and help. |
