A recent Lifehacker article on firewalls inspired me to set up outbound firewalling. By default, the Vista firewall does not block outgoing connections. However, the Vista firewall can handle both incoming and outgoing connections.
It's quite easy to configure. You can find "Windows Firewall with Advanced Security" in "Administrative Tools" in the start menu. (I usually just type a part of the name instead of using folders.) This runs a management console for configuring the firewall.
By default, anything outgoing is permitted unless blocked by a rule, and there are no blocking rules. If you had something you wanted to block you could create an outbound rule, but if you want to control outbound communication, you should probably set up the firewall to block anything which doesn't match a rule. If you select "Windows Firewall with Advanced Security" in the left pane, you will see the current setup. A "Windows Firewall Properties" link allows you to change settings. You should change settings for all three profiles (Domain, Private and Public).
The firewall comes with some outbound rules which permit some communication, but these are definitely not sufficient. For example, even Internet Explorer and Windows Update are blocked. It's easy to create new rules which permit particular programs. If you create a custom rule, you can even define which services running under that program are allowed to communicate. For example, if you create a rule for %SystemRoot%\system32\svchost.exe and specify the "Windows Update" service, that will not permit any other service to communicate.
There is one very obvious thing missing: a dialog which tells you when some program is initiating outbound communication and allows you to permit, block or create a rule for that communication. However, so far this has not been a problem for me. In a few cases it might be tricky to find what program needs to be permitted. For example Spybot Search & Destroy uses SDUpdate.exe for updates and to allow ping and tracert to work you need to permit those things to System. However, finding this wasn't hard for me.
There are plenty of firewall applications for Windows, and several are even free. It's just nice to see that I don't even need a firewall application. I'm impressed with what Microsoft. This is another example of how Vista is better than XP.
Subscribe to:
Post Comments (Atom)
1 comment:
Hey man, I just found your blog via google. That sounds like a cool setup, i am actually trying to do the same over here. I had no problem blocking everything by default, but I ran into a problem when trying to create rules to allow programs. For example I allowed firefox.exe and msnmsngr.exe, but still neither one can access the internet. Could you please help me get this set up? If you have a couple minutes please email me at makf1127@hotmail.com (that is also my MSN address). Thanks a lot : )
Post a Comment