Microsoft likes to point out the fact that its firewall in Windows Vista is superior to the one in XP because it includes outbound as well as inbound filtering. What it forgets to say, however, is that the outbound filtering is turned off, and pretty much impossible to configure to kill spyware.
As I point out in an article for Computerworld, the Vista firewall by default doesn’t provide any outbound filtering.
Worse yet, there’s no practical way to have the outbound filtering protect against spyware, Trojans, and bots. As set up, the outbound rules permit every connection. If you want to block a program from making an outbound connection, you have to set a specific rule to block that individual program. There’s no way for someone to create an all-purpose rule to block malware making outbound connections.
As I point out in my article: “To stop all malware from making outbound connections, you’d have to know all those details of all the thousands of pieces of malware in existence, and create rules for each one individually. But even that wouldn’t work, because you wouldn’t know about malware that has not yet been detected.”
Microsoft claims that outbound filtering isn’t really needed, and that key is making sure that malware doesn’t infect the PC in the first place. That’s true as far as it goes — but if that’s the case, why include outbound filtering on the firewall, and then saying they’ve improved the firewall?
Vista security is clearly superior to XP’s in many ways. But when it comes to the firewall, despite hype to the contrary, there doesn’t seem to be any extra safety at all.
I'm just going to copy and paste what I wrote on another blog as I don't see why anyone seems to think you can't make a general all-purpose rule to block malware like you could with a good 3-rd party firewall:
Maybe I'm missing something here but there is a practical way to stop all outbound connections unless specifically allowed. Go to Administrative Tools -> Windows Firewall with Advanced Security, create some outbound rules such as:
TCP - originating port (all) - destination ports (25,53,80,110,443) and that will cover most basic users. You can get much more granular obviously. Then go to the three Firewall profiles and then select Outbound connections that do not match a rule are blocked - Presto... what am I missing here?
I have to agree with Terces, because that is exactly what i have done.
I'm blocking everything that has not been explicitly allowed by a rule, adding more rules as I need them.
Pretty simple, actually!
Of course it is not as confugrable as Comodo, but I think it does the job (and i feel safer as I would using ZoneAlarm). I think I'll keep using Windows Firewall until version 3 of Comodo, which will support Vista.
TO QUOTE:
"Maybe I'm missing something here but there is a practical way to stop all outbound connections unless specifically allowed. Go to Administrative Tools -> Windows Firewall with Advanced Security, create some outbound rules . . . Then go to the three Firewall profiles and then select Outbound connections that do not match a rule are blocked - Presto... what am I missing here?"
THEY DON'T WORK! The only way to obtain any degree of real control over the Firewall is to login to Vista as THE DOMAIN ADMINISTRATIOR, which means you need to run Ultimate. I've already setup Ultimate as a Home User on a Private Network, so now I have to uninstall, wipe and reinstall Vista under Domain. I'm sure there are more tricks waiting, and will post on them once I do.
Vista Outbound Rules simply don't work, it's still possible for anything to get through just by attaching itself to a program or a service. Golly. Bill Gates cares alright, about making sure he has all the backdoors he needs to your computer. Longhorn rules, or if it doesn't it wants to. I recommend NO ONE install Vista until a FULL AND COMPATIBLE THIRD-PARTY FIREWALL is developed for it.
great thank you.