Windows Firewall in Windows Vista—Elusion from True Security
First published—18 September 2006.
Updated—07 January 2008.
Windows Vista Firewall—No Outbound Protection by Default
Nowadays having a firewall installed is a kind of unquestionable prerequisite. Microsoft Windows Firewall in Vista is turned on by default. Should we feel safe in this regard?
People talk it is much better firewall, comparing to what we had in Windows XP SP2.
Windows Vista Firewall
Introduction
New features are well and openly defined (Quote from "The New Windows Firewall in Windows Vista and Windows Server "Longhorn" by The Cable Guy)—source TechNet by Microsoft:
- Supports filtering for both incoming and outgoing traffic;
- New Microsoft Management Console (MMC) snap-in for graphical user interface (GUI) configuration
- Firewall filtering and Internet Protocol security (IPsec) protection settings are integrated
- Rules (exceptions) can be configured for Active Directory® directory service accounts and groups, source and destination IP addresses, IP protocol number, source and destination Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports, all or multiple TCP or UDP ports, specific types of interfaces, Internet Control Message Protocol (ICMP) and ICMP for IPv6 (ICMPv6) traffic by Type and Code, and for services.
... The default behavior of the new Windows Firewall is to: Block all incoming traffic unless it is solicited or it matches a configured rule. Allow all outgoing traffic unless it matches a configured rule. “
And it is indeed like that – if you check this setting (Control Panel – Administrative Tools – Windows Firewall with Advanced Security – Windows Firewall Properties [screenshot]), you will see that in the “Public Profile” tab all Outbound Connections ARE allowed [screenshot].
Leak Test
What this default behavior of Windows Firewall means is that you are unprotected from sending your personal information out of your PC. To prove that, I did several leakage tests from several places like http://www.firewallleaktester.com
My results were bad. Look at this!
If you want the best, Ultimate Edition is the right one.
Let's Configure Windows Firewall
Fair enough, at least now I know Outbound connections are not filtered.
I felt pretty much deceived though, because I thought I was protected. On one hand your PC is stealth to inbound threats, on the other hand any program can “call home”. OK, if we are supposed to configure Windows Firewall to filter outbound connections—let’s do it.
Next surprise was I could not enable “automatic rules creation” mode for outbound in the way it works for inbound: firewall asks you to permit or deny the connection once a program tries to connect. The reason: this mode does not exist in Vista firewall. I think it is done to allow OneCare firewall to catch up for extra cash. OK, let’s configure the outbound rules manually.
So, I opened again Windows Firewall Properties and blocked the incoming traffic in the “Public Profile” tab. Then I went to “Outbound Rules” section [screenshot] and clicked “New Rule…” in the right pane. As an example I took Dreamweaver executable file and went through the “New Outbound Rule Wizard” like it is shown at the following screenshots.
[screenshot 1]
[screenshot 2]
[screenshot 3]
[screenshot 4]
[screenshot 5]
My new guide for setting outbound filtering is here.
As we can see, setting of Windows Firewall for outbound filtering is a tedious and lengthy process. I doubt a Joe user will make it.
Automatic rules creation mode for outbound connection does not exist in Windows Vista firewall.
Conclusion
So what are the options? There are at least three I see:
1) Find a way to set Windows Firewall for custom outbound filtering.
2) Use third party firewall.
3) For a regular user, who does not want to mess around, I suggest to use Windows Defender.
In its “Software Explorer” section there is a “Network Connected Programs” category. There you can overview all the connections with good level of details [screenshot]. So, at least if you have any concern about current connection you may check. Just be sure to select “Show for all users” option if you are not the administrator.
Popular Searches
Windows Vista Firewall Outbound Protection