| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Managing the Windows Vista Firewall | |
|
||
| Time: 00:48 EST/05:48 GMT | News Source: Microsoft | Posted By: Kenneth van Surksum | ||
|
The firewall in the original release of Windows XP was adequate, but really left a lot to be desired. But over the years, the Windows Firewall has received a number of makeovers and continual refinements. By the time Windows Vista was released, the firewall had beenredesigned and was quite impressive. Then the update that came with the recent release of Windows Vista SP1 added even more powerful features--support for Network Access Protection, reliability enhancements, new encryption-related algorithms, and so on. In the June 2008 issue of TechNet Magazine, Jesper Johansson digs into the Windows Firewall. He discusses how it is a good solution for the enterprise and shows you how you can deploy and manage the Windows Firewall throughout your organization. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 213 Last | Next |
The time now is
10:43:27 PM
ET.
Any comment problems? E-mail us |
| #1 By 52115 (66.181.69.210) at 5/29/2008 7:41:58 AM |
| Its so good that even when it's disabled (because you're running another software firewall; in my case F-Secure Internet Security), it'll still block programs like VMWare Workstations' NAT features. You have to allow vmwnat.exe within Vista's firewall in order to NAT features to work properly. AMAZING! haha |
| #2 By 143 (74.129.194.180) at 5/29/2008 12:02:34 PM |
| Your regular home user doesn't realize the outbound firewall is disabled by default. |
| #3 By 23275 (68.186.182.236) at 5/29/2008 12:10:50 PM |
|
@2, that is patently false.
By default, the Windows Vista firewall is "on" in both directions and opposite a great many policies. It is extremely well crafted and smart. "service restrictions" are only one example of what I mean. Please read this article and explore the other links and resources relating to this matter. http://technet.microsoft.com/en-us/magazine/cc138010.aspx It is getting more than tiresome witnessing how our industry's press has so badly influenced the understanding that people have about Windows and most especially Windows Vista. |
| #4 By 8556 (12.210.39.82) at 5/29/2008 4:38:42 PM |
| #3: As you have stated in the past, press favors advertisers and Apple is a big source of cash. At least ActiveWin is not running online versions of "I'm a Mac, I'm a PC" like so many of the linked sites do. |
| #5 By 143 (65.221.158.226) at 5/29/2008 5:42:55 PM |
|
"But by default, most outbound filtering in the Windows Vista firewall is turned off. In addition, there may be no practical way to use outbound filtering to stop all unwanted outbound connections."
http://www.pcworld.com/businesscenter/article/128834/analysis_new_windows_vista_firewall_fails_on_outbound_security.html ? |
| #6 By 23275 (68.186.182.236) at 5/29/2008 6:51:05 PM |
|
#5, Bunk.
The control panel applet reflects a limited view; however, in administrative tools, there is an extensive snap-in where out-bound filtering can be seen and policies adjusted/added/removed, etc... Further, out-bound filtering is on by default, and it remains largely transparent to end users (it is very clearly evident to admin and power users). For example, an application running in user space requests access for service. Service restrictions, as a function of applications filters (not just packet filters) open only for those service ports required. Take an app like Live Messenger as it requests out-bound access for log in.... it may use many ports... say it finds one among the many it can use, it opens that, but then closes out-bound access to all others - it does this dynamically. Don't trust the rap you read in these rags - please consider reading the technical papers I have provided links for. |
| #7 By 143 (65.221.158.226) at 5/29/2008 9:07:35 PM |
|
You would think something like a firewall wouldn't be controversial. But, I can do a Google and half of these "so called" tech sites would say everything is fine and the other half would say the door is wide open.
Makes one wonder who to believe if your only Googling. |
| #8 By 23275 (68.186.182.236) at 5/30/2008 10:59:31 AM |
|
#7, You're right. It can be very hard to get at the truth when all one reads is the garbage out on the net (in the popular press).
Take the article you ref'd at #5 above. It was bad piece written in Feb 2007 - a week after the general release of Windows Vista. At that time, our press was spending most of its time writing terribly inaccurate articles designed to keep people from moving to Vista. One area they hit on was security - questioning whether Vista's security model was actually better. Without understanding it, or checking how it works, the author wrote this piece - the angle being quite clear... that there was little out-bound filtering. That simply is not true at all. Remember also, in the technical papers available, professionals at MS and throughout our industry talk about applying layers. They are right. In this context specifically, they speak to applications level policies and how to use them in Vista. So out of the gate, MS is being more responsible and showing how security is best applied in layers and how the new OS helps admins manage that. No one firewall is going to be enough - not against all threats. Going back to the article, where it references Windows Live OneCare. The article slams Microsoft for mentioning this - that is just sad. They are correct to mention using OneCare in the context that the author was asking (for end users), where OneCare makes filtering "visible" and dynamically so. In simple words, OneCare adds a visible management layer that makes it easier for non-technical people to apply in and out-bound filters based upon what they want to do on the net. WLOC 2.5 is incredibly easy, effective and lightweight, by the way and you can sign up to try it at connect.microsoft.com If you really want to know what is going on with Microsoft products, hang out in the connect forums, TechNet, MSDN, and of course, ActiveWin. There are guys here that will more often than not, provide a credible link. They will also tell you when Microsoft fouls up and candidly so... The WHS bug, delays in PP1 for it, WGA... whatever it is, there is more objectivity at these resources than many assume. Trolls of course will do the reverse, but their posts are easy to recognize and pass over... like stepping over unidentified waste in a public restroom. |
| #9 By 2960 (72.196.195.185) at 5/30/2008 12:50:10 PM |
|
Ok, so how does one disable this thing COMPLETELY ?
I've got issues with some corporate HTTPS sites (Novel Server Logins" that simply will not load under Vista, and I've spent a year trying to figure it out. I have to keep an XP VPC container up and running just for my Novell server access at the 40 some offices I take care of across the country. I've ruled out SecureClient, NOD32, and just about everything else I can think of. TL |
| #10 By 23275 (68.186.182.236) at 5/30/2008 2:37:51 PM |
|
TL,
Send me more detail on what you need to do and I'll see if I can help. |
| #11 By 2960 (72.196.195.185) at 5/31/2008 11:13:09 AM |
|
For now, I just want to make sure it is completely and totally turned off so I can see if that's what is causing my HTTPS Novel Server connectivity issues.
Thanks :) TL |
| #12 By 82766 (122.107.91.213) at 6/1/2008 3:44:06 AM |
| #7 - Why don't you just perform some packet capturing and check the firewall log? |
| #13 By 23275 (68.186.182.236) at 6/1/2008 10:52:54 AM |
|
#11, TL, It isn't that simple, and that is a good thing in the context of security.
Yes, you can turn the WFW off - either via the control panel, or group policy at log in; however, there are other dependent services in play. Vista has an extensive integrity mechanism that is not singularly bound to any *one* service, or technology. The Base Filtering Engine is dependent upon the WFW - regardless of whether the FW is actively filtering at all. The filtering engine manages Internet Protocol Security, while the Windows Event Collector, (when running) forwards event subscriptions where applicable. As #12 suggests, I'd capture some data http://www.wireshark.org/ and analyze it to see exactly what you have going on on both sides of the client interface. Share what you find and I'll try and help. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 213 Last | Next |
The time now is
10:43:27 PM
ET.
Any comment problems? E-mail us |
