locked
Vista SP2 Firewall Outgoing Configuration RRS feed

  • Question


  • The Vista firewall does a good job but most people sadly miss an easy
    way to configure which programs are allowed for outgoing connections.

    This is a standard feature since years in other firewalls (e.g. ZoneAlarm).

    I know it is possible to get this feature via the third party extension
    "Vista Firewall Control" but I do not want to install a third party
    extension for this (risk is to high that things get confound if
    e.g. a windows update makes the extension incompatible).

    Now my question:
    Will the Vista users get this feature with the SP2?
    PLEASE it cannot be such difficult! Thank you!

    Thursday, December 11, 2008 9:02 PM

Answers

  • Sorry is anybody of the decision maker or
    Vista developer present in this forum
    who can answer this question?

    Or is this the wrong place to get reliable
    information concerning my question?

    Thanks
    Friday, December 12, 2008 10:58 PM

All replies

  • Sorry is anybody of the decision maker or
    Vista developer present in this forum
    who can answer this question?

    Or is this the wrong place to get reliable
    information concerning my question?

    Thanks
    Friday, December 12, 2008 10:58 PM
  •  Hi
    • The article on the following website has information on the how and why of the design and default behavior of the  Windows Firewall.

    Vista firewall shackled due to customer demand: Microsoft: News - Security - ZDNet Australia:
    http://www.zdnet.com.au/news/security/soa/Vista-firewall-shackled-due-to-customer-demand-Microsoft/0,130061744,139252954,00.htm

    • The following 2 websites have links and downloads for configuring the Windows Firewall for inbound and outbound protection.

    Windows Firewall:
    http://technet.microsoft.com/en-us/network/bb545423.aspx

    Download details: Introduction to Windows Firewall with Advanced Security:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=DF192E1B-A92A-4075-9F69-C12B7C54B52B&displaylang=en

    Overview
    Windows® Firewall with Advanced Security is a stateful, host-based firewall that blocks incoming and outgoing connections based on its configuration. While typical end-user configuration of Windows Firewall still takes place through the Windows Firewall Control Panel tool, advanced configuration now takes place in a Microsoft® Management Control (MMC) snap-in named Windows Firewall with Advanced Security. The inclusion of this snap-in not only provides an interface for configuring Windows Firewall locally but also for configuring Windows Firewall on remote computers and via Group Policy.

    Hope this helps.


    If this post helps to resolve your issue, click the Mark as Answer button at the top of this message.

    Ronnie Vernon
    Microsoft MVP
    Windows Desktop Experience
    Saturday, December 13, 2008 8:48 PM
    Moderator
  • Thanks for the links but they are not helpful concerning my question.
    I already know that it is possible to configure rules for the outgoing
    traffic. That is not the topic.

    The thing is, that if the user blocks all outgoing connections
    (like all incoming connections are blocked by default) and
    a program wants to make an outgoing connection, then
    there is no dialog/popup that asks the user if this program
    should be allowed to make the outgoing connection.
    Instead the Vista user has to configure this manually
    by defining rules.

    In every other firewall (e.g. ZoneAlarm, NIS, ...) there are
    some already defined standard rules for mainstream
    applications and for any other application that wants
    to make an outgoing connection the user gets an
    easy dialog box asking the user if he trusts this
    "unknown" application and if the outgoing connections
    should be allowed. This is a simple list based procedure
    and Vista already uses it for its incoming connections
    so why not for the outgoing?

    SP2 could introduce this as an optional "feature" so that
    one can also disable all outgoing connections by default
    BUT with the addition that a dialog appears if a program
    wants to make an outgoing connection. So the same
    thing that already works for incoming connections just
    also for outgoing connections! It cannot be that difficult!

    Thanks

    Saturday, December 13, 2008 11:10 PM
  • Hi

    Sorry, I thought that the information on why the Windows Firewall requires a more complex process for configuring outgoing connections would be helpful.

    Let's try again.

    Schnulla Said

    Sorry is anybody of the decision maker or Vista developer present in this forum who can answer this question?

    The answer is no, these are technical support forums. We can answer questions and help if something is not working the way it was designed, but we cannot comment on 'why' it was designed that way.

    Your best strategy for making your thoughts known about the design of a particular component in the current version of Windows is to use the feedback form for Vista. Here is a link to that form.

    Speak to us at Microsoft: Send Feedback for Windows Vista:
    https://feedback.windowsvista.microsoft.com/default.aspx?productkey=winvista&mkt=en-us&backurl=http://support.microsoft.com/gp/cp_vista_master


    This feedback is forwarded directly to the development teams that own the feature that the feedback is concerning.

    Just a note about service packs, you will not normally find any major changes to Windows core components in a service pack. Service packs are usually made to address compatibility issues, hotfixes, optimization, performance, etc. Changes to core components are normally reserved for the next major version of the operating system.

    If you would like to influence changes to a core component, such as the way the Windows Firewall is designed, your best strategy is to make your thoughts known to the development teams, while the next major version is in the early development stages.

    The best way to do this is to participate in the beta for that product. 

    For Windows 7, there is also the Engineering Windows 7 blog where the 2 senior engineers from Microsoft who are responsible for Windows 7 are posting articles and inviting comments on how the new version of Windows should be designed. There are already a lot of good articles and comments posted there.

    Engineering Windows 7:
    http://blogs.msdn.com/e7/default.aspx


    Hope this helps.


    If this post helps to resolve your issue, click the Mark as Answer button at the top of this message.


    Ronnie Vernon
    Microsoft MVP
    Windows Desktop Experience

    Sunday, December 14, 2008 8:45 PM
    Moderator
  • Thanks for the links!

    I wrote a feedback for Vista and a mail for the Windows 7 developers.

    I don't expect an answer (I guess they already receive tons of mails ;) )
    but we will see.

    Have a nice week!

    Monday, December 15, 2008 12:47 PM
  • Sadly I have to say that this "feature" is
    also not implemented in Windows 7...
    I really don't understand it :(

    So I still have to use the "Vista Firewall Control"
    which is now called "Windows 7 Firewall Control".

    Too bad, Microsoft.
    Saturday, August 22, 2009 4:17 PM