Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vista Firewall to be Crippled

Posted by ryuzaki0 on from the no-surprises-here dept.

UltimaGuy writes "The firewall in Windows Vista will, by default, have half its protection turned off because that is what enterprise customers have requested, according to the software giant. The firewall will be set to only block incoming traffic even though it will be capable of blocking outgoing traffic. Microsoft also claims that configuring the Vista firewall to block outgoing connections from rogue applications and malware will require a varying degree of technical knowledge, depending on each user's security requirements."

11 of 365 comments (clear)

  1. Re:Half its protections turned off? by PatrickThomson · · Score: 2, Interesting

    Hard to set up in a way that doesn't actually fuck with the user's programs. let's block outbound traffic! apart from port 80, and port 443, and whatever MSN messenger uses, and however google earth talks to the servers, and smtp but ONLY to the isp, and pop3 and imap and pop3-ssl and imap-ssl and ...

    get it? the 8-pending-connection limit is imo a much saner way to limit the damage a contaminated box can do.

    --
    I am one of many. My idea is not unique, nor do I expect my voice alone to sway you. I speak in a chorus of opinion.
  2. Re:So? by mwvdlee · · Score: 2, Interesting

    XP SP2's firewall is easy to configure for a typical application; wait for the firewall to popup a window asking whether the application can access the internet and. The message is simple enough to be understood by anybody who knows what an "application" and "internet" is.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  3. Then why the all the versions? by HiredMan · · Score: 4, Interesting

    So why have 21 different versions of Vista if NOT to have a consumer version with as much protection as possible with as few services running as possible? A business office version you assume will be configured by an IT guy that has difficult to admin - but very flexible and detailed - firewall options. Yes.

    But to not a have a 1 button "Protect me on the internets" button for grandma? That's MS effectively selling off its consumer base to big corporations at their request.

    =Tod

    --
    Bill Gates - Creationist?!?
  4. Re:So? by shotfeel · · Score: 2, Interesting

    Really, how many *average* home users know what ports their programs use?

    They shouldn't need to. Their firewall software should do it for them. Currently, whenever my firewall sees an app try to use a closed port, it throws up a dialog telling me what app is trying to open what port, and asks me if I want to always allow it, deny it, or only allow it this one time. That's really very little hassle in getting things set up correctly.

    Lastly, I think the request of the larger corporate customers and government makes sense. They don't want to micro-manage their machines.

    I'm not sure it does make sense. These are customers who do micro-manage the computers. They have mechanisms in place to install everything from the OS to the most basic of apps with a preset configurations. This move does nothing for them when the first thing they do on receipt of the computer is wipe the drive and intall their in-house "flavor".

  5. Home Admin by Anonymous Coward · · Score: 2, Interesting

    Default outbound blocking wouldn't matter in the home environment. The most likely malware targets are all running as Admin anyway, so smarter malware will just add themselves to the allowed list.

  6. Re:So? by TheJediGeek · · Score: 5, Interesting

    Actually, I'd say most users know they're supposed to have a firewall. Most don't know what it does or why they need it, but thanks to Norton and McAfee making all these "security suites" which generally break more than they protect, and retailers like Best Buy selling firewall software with a router that has a hardware firewall, people have heard enough FUD that they NEED 12 firewalls per computer.

  7. Re:So? by Anonymous Coward · · Score: 2, Interesting

    Let's put this in perspective shall we...

    Home Customer Y just wants their version of Vista to work, rather than deal with shit popping up when they try to access something on the Internet.

    Enterprise Company Z wants their version of Vista to work also, even if it means having that version tailored to their specific needs.

    Will both of these versions have the same settings? Who knows, lets wait and see when Vista comes out, since Microsoft seems to change their minds a lot. And lets be realistic, even if there is outbound blocking on the home version of Vista, it will do no good for the average user. They will just click allow whenever the prompt comes up, and in the end it will just be a PITA for them. I have installed Spybot S&D for a few family members, and it does pop up with prompts every so often. What do they do? Just click Allow every single time, without even reading what it says.

  8. I'm all for it. by Glamdrlng · · Score: 4, Interesting

    Right now I get mad props at work for keeping bagel, netsky, and mydoom at bay through attachment and AV blocking, spam filtering, and a little bit of shell scripting. Here I was afraid that those would go away and I'd have to find something else to justify my existence within the next couple years. Now it looks like I'm in good shape til at least 2010. Thanks Microsoft!

    ps - Other AV programs probably do this, but in case anyone's interested the firewall built into McAfee VirusScan Enterprise v8 blocks SMTP and IRC communication outbound by default unless the executable firing up the communication belongs to a specific set of known email and IRC clients. Good times...

    --

    Yes, my only tool is a hammer. And you're starting to look like a nail.
  9. Re:In all honesty... by pegr · · Score: 2, Interesting

    Why the hell would anyone other than a dial-up user need to have a firewall enabled under Windows?
     
    Oh, I don't know, because 85% of all system intrusions are inside jobs? Heck with the Internet, protect me from my company's network...

  10. Re:Half So? by misleb · · Score: 1, Interesting

    But I have to ask, what is the point of Microsoft splitting Vista into however many different versions if not to have a granular response to problems like this?

    The point is to confuse customers and to unnecessarily inflate the price of the more "advanced" version... as if leaving out features actually saves Microsoft money in producing it.

    Many of XPs problems are related to its homogeneity...

    Exactly what I've been saying for years. We need to get more Windows distributions. Maybe a "Debian" version. A "RedHat" version. A "SuSe" version. Etc. Mind you, I'm pulling these names out of thin air...

    -matthew

    --
    "THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
  11. Thank you! by semifamous · · Score: 4, Interesting

    I work at an ISP doing Tech Support.

    On a daily basis, I get calls from users of Norton Internet Security or McAfee Security Center (or whaever "I don't know, whatever came with my computer") who, for some reason, can't get Internet Explorer/Outlook Express to work. They don't know what a firewall *is* let alone how to configure it.

    If I suggest they turn of that firewall and try it, everything is suddenly happy again.

    Many of them don't understand. "It worked fine yesterday/last week/last year and I haven't changed anything..."

    I specifically despise the Norton firewall as it seems to be the most popular problem causer.

    I am glad that Microsoft isn't turning this feature on by default because many clueless lusers will accidentally block the programs that they're trying to use and then not understand why it doesn't work anymore.

    Frequently these users try to blame us at the ISP, not realizing that it's their own fault. Firewalls are my most frequent frustration, and I'm glad this one will behave the way it will.