Vista FW outbound check

Hi,
Vista FW with advanced security comes with an outbound traffic default
setting "allow everything which is not denied". I think this is completely
useless, because the main reason for outbound traffic filter is to block
UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule to
deny an unknown program/destination port. On the other hand if I change the
outbound setting to "block everything that does not match a rule" it is
nearly impossible to design a rule for legitimate programs because, as far
as I understand, there is no "display notification" for outbound breaking
rule, and it is not simple to know applications/services/ports of the
majority of legitimate applications (apart from browser mailer and few
others).
My question is: is there a way to have a kind of display notification of the
outbound offended rule with applications/services/ports of the offending
programs?
Thanks in advance
Riccardo

Re: Vista FW outbound check

"news.tim.it" wrote in message
news:4699e242$0$4790$4fafbaef@reader4.news.tin.it...

>
> and it is not simple to know applications/services/ports of the majority
> of legitimate applications (apart from browser mailer and few others).

That's not true, because you can run something like Currports, which runs on
Vista, and look at all connections being made by a program, what port it's
using and whether it is TCP or UDP.

http://www.nirsoft.net/

You can find Currports here too.

http://www.bestvistadownloads.com/

So, you can know all the programs that are running on your machine and stop
outbound traffic for everything, execpt for the known/accepted programs.

> My question is: is there a way to have a kind of display notification of
> the outbound offended rule with applications/services/ports of the
> offending programs?

I myself, I don't need more questions being asked by Vista. I see enough of
them. So that will never be enabled or some kind of rules set.

I don't think this NG is ready to help you with Vista and its FW, so maybe,
you should post to Microsoft.Public.Windows.Vista General or Security NG
where there are people that know how to set the rules you're looking to
implement, and the popup FW messages too.

msnews.microsoft.com

Re: Vista FW outbound check

Post removed (X-No-Archive: yes)

Re: Vista FW outbound check

"news.tim.it" wrote in message
news:4699e242$0$4790$4fafbaef@reader4.news.tin.it...
> Hi,
> Vista FW with advanced security comes with an outbound traffic default
> setting "allow everything which is not denied". I think this is completely
> useless, because the main reason for outbound traffic filter is to block
> UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule
> to deny an unknown program/destination port. On the other hand if I change
> the outbound setting to "block everything that does not match a rule" it
> is nearly impossible to design a rule for legitimate programs because, as
> far as I understand, there is no "display notification" for outbound
> breaking rule, and it is not simple to know applications/services/ports of
> the majority of legitimate applications (apart from browser mailer and few
> others).
> My question is: is there a way to have a kind of display notification of
> the outbound offended rule with applications/services/ports of the
> offending programs?
>

Learn how to configure Vista Firewall to suit your computing habits.

Interesting/educational reading:
http://www.microsoft.com/technet/technetmag/issues/2006/05/S ecurityMyths/default.aspx
Scroll down to:
"Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."

http://www.microsoft.com/technet/technetmag/issues/2007/06/V istaFirewall/default.aspx
"Outbound protection is security theater-it's a gimmick..."
"...the Windows firewall will provide the protection you need..."

Stay away from 'Phoney-Baloney' 3rd party PFW's - use your brain and filter
out the absurd advertisement hype created by these makers.
http://samspade.org/d/firewalls.html
"Personal Firewalls" are mostly snake-oil"

Re: Vista FW outbound check

"Kayman" wrote in message
news:f7ebo4$nci$1@aioe.org...
> "news.tim.it" wrote in message
> news:4699e242$0$4790$4fafbaef@reader4.news.tin.it...
>> Hi,
>> Vista FW with advanced security comes with an outbound traffic default
>> setting "allow everything which is not denied". I think this is
>> completely useless, because the main reason for outbound traffic filter
>> is to block UNKNOWN programs (worm, trojans ....) so it is impossible to
>> make a rule to deny an unknown program/destination port. On the other
>> hand if I change the outbound setting to "block everything that does not
>> match a rule" it is nearly impossible to design a rule for legitimate
>> programs because, as far as I understand, there is no "display
>> notification" for outbound breaking rule, and it is not simple to know
>> applications/services/ports of the majority of legitimate applications
>> (apart from browser mailer and few others).
>> My question is: is there a way to have a kind of display notification of
>> the outbound offended rule with applications/services/ports of the
>> offending programs?
>>
>
> Learn how to configure Vista Firewall to suit your computing habits.
>
> Interesting/educational reading:
> http://www.microsoft.com/technet/technetmag/issues/2006/05/S ecurityMyths/default.aspx
> Scroll down to:
> "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."
>
> http://www.microsoft.com/technet/technetmag/issues/2007/06/V istaFirewall/default.aspx
> "Outbound protection is security theater-it's a gimmick..."
> "...the Windows firewall will provide the protection you need..."
>
> Stay away from 'Phoney-Baloney' 3rd party PFW's - use your brain and
> filter
> out the absurd advertisement hype created by these makers.
> http://samspade.org/d/firewalls.html
> "Personal Firewalls" are mostly snake-oil"

Personal FW's are packet filters running at the machine level.

For the most part, the 3rd party solutions are doing the same thing as
Vista's FW in their ability to set packet filtering rules to stop inbound or
outbound packets to and from the machine, which is no different than Vista's
FW/packet filter.

Granted, 3rd party solutions have some snake-oil in them too, beyond just
being simple packet filters and so does Vista's FW/packet filter as well
with its WPF and BEF, which malware can cut right through it if it can get
on the machine and execute.

As far as outbound filtering by setting packet filtering rule to stop
traffic for a 3rd party solution, then there is nothing wrong with it.

Re: Vista FW outbound check

"Mr. Arnold" wrote in message
news:L_ymi.7422$rR.1208@newsread2.news.pas.earthlink.net...
>
> For the most part, the 3rd party solutions are doing the same thing as
> Vista's FW in their ability to set packet filtering rules to stop inbound
> or outbound packets to and from the machine, which is no different than
> Vista's FW/packet filter.
>
The difference is that the in-built f/w (p/filter) is an integrated part of
the OS.
>
> Granted, 3rd party solutions have some snake-oil in them too,...
No debate here, 'some' snake-oil is too much already.
>
> ...beyond just being simple packet filters and so does Vista's FW/packet
> filter as well with its WPF and BEF, which malware can cut right through
> it if it can get on the machine and execute.
>
True, didn't imply otherwise.
>
> As far as outbound filtering by setting packet filtering rule to stop
> traffic for a 3rd party solution, then there is nothing wrong with it.
>
PFW is not a solution, it's an illusion.
'Hardening' of OS plus reviewing and implementing different/proven security
measures (which among other things excludes PFW) *is* the right way striving
to a safer computing environment.

Re: Vista FW outbound check

"Kayman" wrote in message
news:f7f3dm$nri$1@aioe.org...
> "Mr. Arnold" wrote in message
> news:L_ymi.7422$rR.1208@newsread2.news.pas.earthlink.net...
>>
>> For the most part, the 3rd party solutions are doing the same thing as
>> Vista's FW in their ability to set packet filtering rules to stop inbound
>> or outbound packets to and from the machine, which is no different than
>> Vista's FW/packet filter.
>>
> The difference is that the in-built f/w (p/filter) is an integrated part
> of the OS.

I have to disagree with you now, as 3rd party vendors will be able to
intergate their solutions.

http://www.microsoft.com/technet/community/columns/cableguy/ cg0905.mspx
http://www.microsoft.com/whdc/device/network/WFP.mspx

>>
>> Granted, 3rd party solutions have some snake-oil in them too,...
> No debate here, 'some' snake-oil is too much already.
>>
>> ...beyond just being simple packet filters and so does Vista's FW/packet
>> filter as well with its WPF and BEF, which malware can cut right through
>> it if it can get on the machine and execute.
>>
> True, didn't imply otherwise.

I knocked WPF and BEF a little bit. They are not bullet proof but nothing is
that in the first place, nor will it every be that. But it's better than
nothing.

>>
>> As far as outbound filtering by setting packet filtering rule to stop
>> traffic for a 3rd party solution, then there is nothing wrong with it.
>>

> PFW is not a solution, it's an illusion.
> 'Hardening' of OS plus reviewing and implementing different/proven
> security measures (which among other things excludes PFW) *is* the right
> way striving to a safer computing environment.

Some parts of a personal FW/packet filter shouldn't be implemented as it
gives a false sense of security. I agree with that, but I don't agree with
your conclusion of its role of being a basic packet filter if all else is
removed or disabled in the solution, and it's just in a role of being a
packet filter running at the machine level.

Re: Vista FW outbound check

"Mr. Arnold" wrote in message
news:YGImi.8751$zA4.6573@newsread3.news.pas.earthlink.net...
>
> I have to disagree with you now, as 3rd party vendors will be able to
> intergate their solutions.
>
*will*...as in future tense?
>
> I knocked WPF and BEF a little bit. They are not bullet proof but nothing
> is that in the first place, nor will it every be that. But it's better
> than nothing.
>
Well, IMO and in this particular case, nothing is better than 3rd party PFW.
>
> Some parts of a personal FW/packet filter shouldn't be implemented as it
> gives a false sense of security. I agree with that,...
>
Good to know.
>
> ...but I don't agree with your conclusion of its role of being a basic
> packet filter if all else is removed or disabled in the solution,
>
I reiterate, it's not a solution, it's a night mare for the users as most of
them are inexperienced; they just want to click and go and are incapable to
dissect a software (in this case fantasyware) application...
>
> and it's just in a role of being a packet filter running at the machine
> level.
>
....that's why they're better off with built-in f/w (p/sniffer) in the first
place.

Re: Vista FW outbound check

"Kayman" wrote in message
news:f7h0th$bg0$1@aioe.org...
> "Mr. Arnold" wrote in message
> news:YGImi.8751$zA4.6573@newsread3.news.pas.earthlink.net...
>>
>> I have to disagree with you now, as 3rd party vendors will be able to
>> intergate their solutions.
>>
> *will*...as in future tense?

I am running Vista, and from what I have heard from an MVP over in the
Vista, security NG, some 3rd party solutions are already using it and the
Vista FW is using it right now.

>>
>> I knocked WPF and BEF a little bit. They are not bullet proof but nothing
>> is that in the first place, nor will it every be that. But it's better
>> than nothing.
>>
> Well, IMO and in this particular case, nothing is better than 3rd party
> PFW.

I don't even know what you're talking about, and I don't think you know
about the purpose of the WPF and BEF solutions and features that the Vista
FW is already using and other solutions will be able to use them.

>>
>> Some parts of a personal FW/packet filter shouldn't be implemented as it
>> gives a false sense of security. I agree with that,...
>>
> Good to know.
>>
>> ...but I don't agree with your conclusion of its role of being a basic
>> packet filter if all else is removed or disabled in the solution,
>>
> I reiterate, it's not a solution, it's a night mare for the users as most
> of them are inexperienced; they just want to click and go and are
> incapable to dissect a software (in this case fantasyware) application...

Sorry, I'll simply have to disagree with you. You have shown no proof to
show otherwise.

>>
>> and it's just in a role of being a packet filter running at the machine
>> level.
>>
> ...that's why they're better off with built-in f/w (p/sniffer) in the
> first place.

Well, it's not going to happen no matter how much you don't like, and I
don't think anyone that's using the solutions are going to listen to it
anyway.

It's just a suggestion. You might want to keep the negative in check and on
a low heat, thus you will be viewed in that same bad light as Sebastian G.
is with his ramblings to the point that he is being ignored by many, as not
credible.

In other words, we have already been there, done that, seen that, and read
that.

Re: Vista FW outbound check

"Mr. Arnold" wrote in message
news:%oUmi.7730$rR.416@newsread2.news.pas.earthlink.net...
>
> It's just a suggestion. You might want to keep the negative in check and
> on a low heat,
What are you, some kind of a Nazi control freak? Ooooh, I'm so afraid! I
can't help if you deem my post to the OP as negative because you don't
happen to agree. You call it rambling, I call a good factual response
[Period].
>
> thus you will be viewed in that same bad light as Sebastian G. is with his
> ramblings to the point that he is being ignored by many, as not credible.
>
I don't care about you, your imperious views and SG; Are you on medication?
I am talking about a 3rd party firewall and you're jabbering about a 3rd
person. You are turning this thread into a psychedilic rainbow of confusion.
Why don't you just put a sock over your typing fingers.
>
> In other words, we have already been there, done that, seen that, and
> read that.
>
Huh, *we*?
But you haven't got the T-Shirt, have you...and *we* all know why.
Hint: just measure the circumference of your head.

Re: Vista FW outbound check

>> Why don't you just put a sock over your typing fingers.

Well folks, we have been hammered for well over a year with this, and I
think we more in store for more.

It looks like we'll have another one of these lunatics loose in the NG,
again, that really doesn't have anything to say, doesn't know anything about
security, he's an expert's expert, and he'll ramble about his security
concepts to the point that he becomes boring.

Does it sound familiar and you heard it first?

I tried to tell the old boy, but is head is ten bricks hard.

He ain't got the nothing to say. It's all about don't, don't, don't, do
this, do this, this if phoney baloney, that's crap, this is snak-oil, do
this, do this and do that, because listen to me now, I know what's good for
you.

Hopefully, he'll disappear soon.

Re: Vista FW outbound check

Mr. Arnold wrote:
>>> Why don't you just put a sock over your typing fingers.
>
> Well folks, we have been hammered for well over a year with this, and I
> think we more in store for more.
>
> It looks like we'll have another one of these lunatics loose in the NG,
> again, that really doesn't have anything to say, doesn't know anything
> about security, he's an expert's expert, and he'll ramble about his
> security concepts to the point that he becomes boring.
>
> Does it sound familiar and you heard it first?
>
> I tried to tell the old boy, but is head is ten bricks hard.
>
> He ain't got the nothing to say. It's all about don't, don't, don't, do
> this, do this, this if phoney baloney, that's crap, this is snak-oil, do
> this, do this and do that, because listen to me now, I know what's good
> for you.
>
> Hopefully, he'll disappear soon.
>
>
>

Sorry to say, but Kayman has also plagued alt.comp.freeware, various
newsgroups at news.grc.com and msnews.microsoft.com, and who knows where
else of late with the same gibberish. All *any*one needs to do
*any*where is bring up *any*thing about *any* PFW and there's Kayman,
popping up to blab on and on about phoney-baloney this and snake-oil
that and do this and don't do that and then listing a hundred links to
follow. He's a troll and hard to get rid of, so others elsewhere have
been finding that it's best to just ignore him.

Re: Vista FW outbound check

"Kat Mandu" wrote in message
news:469d098c$0$97237$892e7fe2@authen.yellow.readfreenews.ne t...
> Mr. Arnold wrote:
>>>> Why don't you just put a sock over your typing fingers.
>>
>> Well folks, we have been hammered for well over a year with this, and I
>> think we more in store for more.
>>
>> It looks like we'll have another one of these lunatics loose in the NG,
>> again, that really doesn't have anything to say, doesn't know anything
>> about security, he's an expert's expert, and he'll ramble about his
>> security concepts to the point that he becomes boring.
>>
>> Does it sound familiar and you heard it first?
>>
>> I tried to tell the old boy, but is head is ten bricks hard.
>>
>> He ain't got the nothing to say. It's all about don't, don't, don't, do
>> this, do this, this if phoney baloney, that's crap, this is snak-oil, do
>> this, do this and do that, because listen to me now, I know what's good
>> for you.
>>
>> Hopefully, he'll disappear soon.
>>
>>
>>
>
> Sorry to say, but Kayman has also plagued alt.comp.freeware, various
> newsgroups at news.grc.com and msnews.microsoft.com, and who knows where
> else of late with the same gibberish. All *any*one needs to do *any*where
> is bring up *any*thing about *any* PFW and there's Kayman, popping up to
> blab on and on about phoney-baloney this and snake-oil that and do this
> and don't do that and then listing a hundred links to follow. He's a troll
> and hard to get rid of, so others elsewhere have been finding that it's
> best to just ignore him.

Yeah, he is going to be ignored, because the tap dance and song has been
seen just a little too much, by another tap dance and song security artist
and his tired show. :)

Re: Vista FW outbound check

"Mr. Arnold" wrote in message
news:vu4ni.8212$tj6.6908@newsread4.news.pas.earthlink.net...
>
> Well folks, we have been hammered for well over a year with this,
Your are not very observant.
>
> ...and I think we more in store for more.
>
Your thoughts are of no consequence and irrelevant, nor do they matter.
>
> It looks like we'll have another one of these lunatics loose in the NG,
>
Your patronizing messages run off like water of a duck's back (nice try
though). And who's *we*?
>
> again, that really doesn't have anything to say, doesn't know anything
> about security, he's an expert's expert, and he'll ramble about his
> security concepts to the point that he becomes boring.
>
What there is to say has already be said; I do not reinvent the wheel and/or
restate what's already written. If this befits your description of an
expert's expert, so be it. And if the content of the article as provided
are boring to you, so be it. Other n/g participants may find the articles
interesting, stimulating and educational - but you evidently don't
comprehend - what a shame.
To refresh your memory here is my response to the OP: (one hardly has to be
an expert to provide appropriate information)

QUOTE
Learn how to configure Vista Firewall to suit your computing habits.

Interesting/educational reading:
http://www.microsoft.com/technet/technetmag/issues/2006/05/S ecurityMyths/default.aspx
Scroll down to:
"Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."

http://www.microsoft.com/technet/technetmag/issues/2007/06/V istaFirewall/default.aspx
"Outbound protection is security theater-it's a gimmick..."
"...the Windows firewall will provide the protection you need..."

Stay away from 'Phoney-Baloney' 3rd party PFW's - use your brain and filter
out the absurd advertisement hype created by these makers.
http://samspade.org/d/firewalls.html
"Personal Firewalls" are mostly snake-oil"
UNQUOTE

And where did I ramble about my security concept to the OP? You are
becoming a bore with your innuendos which appears to be some kind of a
paranoia. There is help out there, you know.
>
> Does it sound familiar and you heard it first?
>
To whom are you talking to?
>
> I tried to tell the old boy,
Your innuendos say absolutely nothing and you have not provided anything
useful to assist the OP; You contribution to this discussion is despicable.
>
> ...but is head is ten bricks hard.
>
Haven't counted, but I know it fits thru a T-Shirt.
>
> He ain't got the nothing to say.
You are repeating yourself and what did you say anyway?
>
> It's all about don't, don't, don't, do this, do this,
And where in my response to the OP did I say that? (and who is rambling
here?)
>
> this if phoney baloney, that's crap, this is snak-oil,
Yes, I said "3rd party PFW are phoney-baloney" (but never said it's
snake-oil) and provided pertinent links. You disagree, oh well.
And yes, I said "Learn how to configure Vista Firewall to suit your
computing habits" and provided pertinent links. You object, oh well (again).
Why don't you do some reading, and if you oppose the content create a new
discussion pertaining to this subject matter?
>
> do this, do this and do that, because listen to me now, I know what's
> good for you.
>
Well, it's evident that you are delusional; My response to the OP does not
indicate any of this. (and who is rambling here again?)

"Stay away from 'Phoney-Baloney' 3rd party PFW's - use your brain and filter
out the absurd advertisement hype created by these makers."

The above is my opinion which is based, among other things, on the articels
as provided. The OP is free to read the articles and is old enough to decide
as to which avenue he wishes to proceed. If he is in doubt he can continue
posting to various befitting n/g's and I am sure appropriate
advice/clarification will be provided.
>
> Hopefully, he'll disappear soon.
>
Fat chance. I will continue to provide informative/educational links as I
deem appropriate.
Why don't you start up a forum, you as the moderator....but the again you'd
probably talk to yourself.

Re: Vista FW outbound check

Re: Vista FW outbound check

"Mr. Arnold" wrote in message
news:dddni.9277$zA4.591@newsread3.news.pas.earthlink.net...
>
>
As expected :)

Re: Vista FW outbound check