The new Vista firewall is not sure of the output security
Microsoft has introduced Windows Vista as a new version that allows for more security features than Windows XP, one of which is new firewall techniques such as two-way filtering (I / O).
However, when released and sold widely, users begin to feel that this new Windows firewall also has very little traffic protection, it is unclear how to configure protection. Outbound traffic to protect against Spyware, Trojan horses and bots.
Firewalls such as Windows Firewall work not actively when a computer connects dangerously in the Internet environment. Windows XP firewall has input protection but does not protect output. Many malware can make unwanted connections or not see with hackers through output and can give them control of the PC.
In many cases, a computer can become a zombie or bot, and send thousands of pieces of spam through outbound connections that the computer owner doesn't know.
Competition between firewalls such as ZoneAlarm, Norton Personal Firewall and McAfee Internet Security Suite allows users to configure traffic protection. So when Microsoft re-researched the Windows firewall, it added this feature to Windows Vista.
However, by default, the firewall filter filtering feature in Windows Vista is turned off. In addition, there is practically no way to use the outbound filter to prevent all unwanted outbound connections.
Normally, to configure Windows Vista firewall, select Control Panel, then Security, turn on or turn off Windows Firewall. You will see the screen displayed as shown below.
The screen does not let you configure traffic filtering for the firewall.
As you can see, there is no way to configure outbound filtering - you can only enable / disable the incoming traffic filter and through the various tabs you can configure the work of filtering in.
To work with the filter, you must replace the Microsoft Management Console with Windows Firewall specifically with Advanced Security Group Policy applet by entering ' wf.msc ' in the Search box or command window and pressing Enter.
The figure below shows that.
To configure the filtering of outbound traffic, use the Windows Firewall with Advanced Security Group Policy applet
If you find different profiles in the Overview area, you will see that each profile will be 'Outgoing connections invalid with the allowed method'.
Each method in Windows Firewall provides outbound connections. Click on the Outbound Rules icon on the left side of the screen, you will see all the outgoing methods. With the image below, each method allows outbound connections. Do not lock the connection.
Each method allows outbound connections
In order to prevent malware from making connections, you must know all the details of thousands of malware that are surviving, and create methods for each one separately. That's really unbelievable because you can't know all about malware that hasn't been detected yet.
Competition between firewalls often allows specific programs to make connections and notify when other programs make connections. You can call the program name, execute it and make decisions on the circumstances in which the program is allowed. You can then lock or allow the program to make a connection at some time or often.
Reaction from Microsoft
Microsoft claims that the firewall can perform traffic filtering, but what it does is the user can't see it. Jason Leznek, Microsoft's product manager, said that the outbound filtering methods' were enabled by default in Windows internal services as part of Windows Service Hardening, which allows firewalls to understand Windows specific services and locking if they do something unexpected before, for example, through an exploited vulnerability. Windows Firewall also protects computers by locking out specific messages to ensure that the computer can prevent attackers from performing port scans . '
In other words, Microsoft also confirmed that firewalls can block many malware. But Leznek admits that it cannot block all malware and he claims that a more effective method of filtering out traffic is to use anti-spyware tools like Windows Defender, which has been claimed by the company. It will not allow malware to install on your computer.
This is in contrast to what Vista group product manager Greg Sullivan told BusinessWeek. 'Filtering out traffic is an expensive solution with what we don't see as much benefit ,' he added to the magazine: ' It will be a burden for all of us, the partners. Our partners and most manufacturers because of the high cost and only a small return from it '
However, Microsoft also has several methods to protect the traffic. When asked about the need for this filtering, Leznek said that Windows Live OneCare, a fee-based product and service that Microsoft sells for about $ 49.95 annually, ' provides filtering of traffic as a service. and maybe an attractive option '.
Therefore, even if two-way filtering cannot be used extensively in Windows Firewall, it is possible to purchase Microsoft extension packages.
So what is the conclusion here? If you are a Windows Vista user and want to make sure that you have a two-way traffic filter configuration, you need to purchase both OneCare Live, other security products or firewalls to provide protection for traffic as well as traffic. to enter. You must also be careful that not all software works well on Windows Vista.
- Vista will have a 'two-way firewall'
- Half of the Vista firewall feature will be turned off
- Detecting security flaws in Cisco firewall application
- Information security - Where to start?
- ISG 1000 - Security tool for large and medium enterprises
- Malware will adapt to Vista very quickly
- Use a firewall (Firewall) to protect your computer
- Welcome Vista with malware
- Spleen through Vista security
- Security tools are available for Vista
- Detect new Vista security flaws
- 15 interesting questions about Firewall