locked
Easy Approach to Blocking Outgoing with Windows Vista Firewall? RRS feed

  • Question

  • Hi:


    I am using TechNet Vista Ultimate. I have become frustrated trying to find a firewall that is Vista ready, will allow me to deal simply with outgoing, and does not come with a host of other things I don't want. Some version of the Zone Labs firewall supposedly is next on the Company's list; I hope the stand alone comes out first. But, to date, the only acceptable firewall that I have used is in OneCare beta. Still, I am not going to buy OneCare for its firewall and don't want to use the beta--when good free ones eventually will be available. Also, you can't turn all the features, other than the firewall, off in OneCare. Actually, if one could turn all the other features off, then I'd probably buy OneCare just to end my firewall search.

    So, from my subject and what's above, you know what I am seeking. I need basic instructions for using the Windows (Vista) firewall to deal with outgoing on a home network (2 Vistas; 2 XP Pros, and an OS X). I don't want to be able to do any more that have Vista ask me if I want to allow a program to phone home and let me say yes or no. Is doing such a thing asking too much? Why not make it easier if doing so is possible? If I can't do what I want, how close can I come? I have searched everywhere for outgoing instructions that would allow a mere mortal to use the outgoing features of the firewall.

    Wordy? Yes, I just had to get it all off my chest--indicating a mild complaint with 3rd party software developers and MS, itself. Otherwise Vista is my very good friend. I've been using it since 5384 or who knows anymore what my first version was.

    Thanks if you have the patience to read. And, thanks even more if you can help.

    Best,

    Znod


    Tuesday, January 23, 2007 7:35 PM

Answers

  • Thanks again Jay. I see how it works now. I had not tried to use it since before RTM. So, when I looked at your instruction, I found that I didn't even know how to get to the advanced firewall settings anymore. Well, of course, you got me there. It now seems much simpler than before. I am trying to prevent "Leaktest" from connecting to its home base through the firewall. I have not been successful yet, but I am working on it.
    Sunday, January 28, 2007 4:34 AM

All replies

  • If you want to you can use group policies t

    to manage incoming and outgoing firewall settings

    http://technet2.microsoft.com/WindowsVista/en/library/9428d113-ade8-4dbe-ac05-6ef10a6dd7a51033.mspx?mfr=true

    Wednesday, January 24, 2007 2:12 PM
  • Thanks Jay:

    I have read what's on the link before, but I didn't get very far with it. I ended up with too many questions to start fooling with things I didn't understand well. I am yet to hear of a single home user using the firewall to deal with outgoing. In this regard, there has been absolutely no discussion of the how to's issue on the three boards that I frequent. So, I guess I am looking for someone who has actually used the firewall in this way to provide a brief primer--something to get us home users going.

    Best, Znod
    Wednesday, January 24, 2007 5:07 PM
  • Znod

    My answer to you is

    1. The default modes built-in to Vista work very well

    2. The most basic end users have no issues with the stand settings in Vista firewall

    3. You can use parental controls also

    4.  what are you trying to do on the firewall 

    Wednesday, January 24, 2007 5:23 PM
  • My issue (see post #1) is using the firewall to deal with outgoing. Thanks again.
    Wednesday, January 24, 2007 6:58 PM
  • is this what you do

     want to allow a program to phone home  ? please explain in detal

    Wednesday, January 24, 2007 7:34 PM
  • Ah, yes, here, from my first post:

    "I need basic instructions for using the Windows (Vista) firewall to deal with outgoing on a home network (2 Vistas; 2 XP Pros, and an OS X). I don't want to be able to do any more that have Vista ask me if I want to allow a program to phone home and let me say yes or no. Is doing such a thing asking too much? Why not make it easier if doing so is possible? If I can't do what I want, how close can I come? I have searched everywhere for outgoing instructions that would allow a mere mortal to use the outgoing features of the firewall."

    Thanks again for your time and interest.

    Wednesday, January 24, 2007 8:39 PM
  • If you goal is to have xp and vista in your home talk to each other with no prompts then place the vista firewall in Home mode.

    IF this is not what you want PLEASE in detail what you want and mean by I want to allow a program to phone home and let me say yes or no. (WHAT program)

     

    Jay

    Thursday, January 25, 2007 12:35 AM
  • First, thank you very much for your continuing willingness to help. And, OK, I'll be more specific. First, I want to mention that our network works perfectly (or at least as I want it to) despite consisting of the variety of machines mentioned above. So, for now, I have no firewall/network problems. Our network is specified to be a home network.


    I would like for the Windows Vista Firewall (WVF) to alert me when any program tries to call home unless the program  is a known program that has been designated as not being problematic. More specifically, for an unfamiliar, and, thus, possibly problematic program, I would want an alert from WVF. Under such a condition, I would like for WVF to allow me opt to allow the program to call home (a) never, (b) this time only, or (c) always. A  program that I have opted to allow to call home always is one way a program could be "designated as not being problematic."  But, also, if  WVF has a list of programs, MS or otherwise, that are known to be non-problematic, then I would like to be able to opt to always allow the programs on the list to call home without an alert.

    Thanks again Jay.



    Thursday, January 25, 2007 1:48 AM
  • Ok let see if I understand You would like

    1. to see what applications are allowed in or out of your computer by default ?

    To do that go to Firewall with Advanced Security (from start > type firewall choose with advanced security)

           From there you can look at Incoming rules ( that traffic coming from the outside to your computer)

                                               IN Home mode all traffic is allowed,

                                               If you switch to work block some traffic,

                                              And Public Mode blocks all incoming by default

          If you look at outging rule (Leaving your computer )

                                               all outbound traffic is allowed by default,

                                              This is also where y ou can see what set and control out bound rules

     2, to monitor what leaving you computer or coming in go to Monitoring

                   Choose display a notification when product is blocked

     

    Hope that helps 

     

     

                                             

     

    Saturday, January 27, 2007 11:51 AM
  • Thanks much Jay. What you said definitely gives me a starting point. I'll eventually post back to let you know how it goes and probably to move to the next level if I still don't get well enough. I am reading, but most of what I read is well beyond what I want to do and tends to be very much oriented towards businesses.

    Best, Znod
    Saturday, January 27, 2007 7:41 PM
  • Thanks again Jay. I see how it works now. I had not tried to use it since before RTM. So, when I looked at your instruction, I found that I didn't even know how to get to the advanced firewall settings anymore. Well, of course, you got me there. It now seems much simpler than before. I am trying to prevent "Leaktest" from connecting to its home base through the firewall. I have not been successful yet, but I am working on it.
    Sunday, January 28, 2007 4:34 AM
  • Hi Jay:

    It all looks easy, and I have experimented quite a bit. However, I have not accomplished what I want. Here is what I can do why it falls short of what I want to do.

    1. I can choose to block all outbound. If I make this choice, then I can block Leaktest from getting to the web. However, if I then write rules that will allow the programs I want to access the web to do so, I am only partially successful. For example, using either Firefox or IE, I can create a rule that allows me to access any well encrypted site, but no others. I have yet to find a way to get around the encryption issue despite having tried all sorts of things. The issue is that if I try to view a page that does not support encryption, then I am blocked.

    2. I can take the opposite approach and choose to allow all outbound--which is the default setting. So, obviously, under this approach, all the programs I want to get to the web can do so. However, I am unable to create a rule that blocks Leaktest from accessing the web.

    I don't care which approach I take in controlling outbound, but neither works given my level of expertise.Do you have any thoughts on how to get either approach to work? I am thinking of using one of my two free TechNet assistance "coupons" to see if anyone really knows how to make the firewall work. As mentioned before, I have not yet found anyone yet actually using the darn thing successfully beyond its defaults--which are consistent with what the basic firewall allows and does not allow.
    Tuesday, January 30, 2007 4:54 AM
  • Ok here an you could block all ports but 53 for dns and 443 for SSL web. Here the issues The Gibson test look at all out bound ports as a security risk (somewhat). What you want to do is add layers of protection.

    1. Have a router/ firewall ( Like dlink/ netgear as your connection point to the internet. ( set by default to block all incoming trafic)

    2. Set your windows computer to use your firewall as work or public and then

    3. You could buy Onecare that will report what leaving your computer system.

    You now made your self in a Layer defense position.

    Now all you need to do is watch the e-mail that you read and you are very secure.

     

    Thursday, February 1, 2007 4:52 AM
  • Thanks much Jay, but the solution doesn't work for me for several reasons. First, I have used OneCare. It's decent program, but all I would want from it is its firewall. I would even pay for it just to get the firewall, except that one can't turn it all off except the firewall. Then, I do have a bit of a problem with the issues: (a) eventually I will be able to get ZoneAlarm (free) for Vista, which probably is better than the OneCare firewall, and is free and (b) all most everything in OneCare is duplicated in Vista.

    Third, I know how to protect my computer; that's not the issue. The issue is that I want to do it with the Vista advanced firewall settings. As of yet, I am unconvinced that it can be configured to do even the minimal things I want to do. Part of my reason for wanting to use the firewall is so that I can teach others to do so on the three forums I post on most of the time.

    Best regards, Znod
    Thursday, February 1, 2007 8:02 PM
  • I understand -

    Would it help if I gave you step by directions on how to close all outbound connection except port 80 and 53 ? 

    Saturday, February 10, 2007 4:10 AM
  • My god what on earth is that guy talking about??  Your request is so easy to understand..

    You launch a program on your computer.. you want the Vista firewall to jump on the  screen and say " this program is attempting to make an internet connection.. do you wish to deny or grant it access?"

    Simple..!! Just like any normal software firewall does..

    I too am looking to use the Outgoing Firewall options on Vista Ultimate but have yet to see a clear exlpanation of how it works..
    --------------------------------
    By default it has a whole bunch of preset rules.. who the hell knows what they all are..

    What would happen if I deleted them all and started from scratch?

    Smile
    Friday, May 11, 2007 2:15 PM
  • Agreed. Please see the links on this thread (http://www.vistababble.com/forums/other-vista-discussions/1209-firewalls-vista-thread.html#post9747)--particularly the 2nd one. I have concluded that the Vista firewall is quite good for incoming--providing almost full stealth mode. However, I have also concluded that it is a waste of time trying to use it to deal with outbound. I would be surprised if anyone has every configured it satisfactorily for dealing with outbound. I have decided that UAC is not that onerous and have given up the quest of even  using outbound protection. I have adopted the view if if can't get installed, then it can't cause outbound problems. So, I am using UAC to deal with malicious program installation. As said, UAC really isn't that bad once the bulk of one's software is installed. Good luck.
    Saturday, May 12, 2007 3:57 PM
  • I also agree 100%, Microsoft will spend years and probably hundreds of thousands of dollars to develope eye candy like Aero Glass but will not spend a week to fix their firewall to be user friendly. Its as if they don't want you to have control over what can and can't connect to the net. Not only is that against most users wishes but its also a serious security hole. They might as well make an OS with no firewall at all and don't release it until some third party covers their butt.
    Thursday, February 12, 2009 8:57 PM
  • If you liked ZoneAlarm (I also used to use this - and loved it), I'd suggest you give "Eset Smart Security" a try (www.eset.com), ít's really, really fast, lightweight and comes with both a personal firewall AND a state of the art antivirus solution. I've been using it for years, and tried several other firewalls/antivirus solutions before it, such as Norton (to slow, but ok for a home user I guess), Outpost (pretty good but not to intuitive), Kerio (to few updates). I think they have a 30-day trial that you can download from their website (tip: in the setup, put the firewall on interactive-mode - this is exactly the same behaviour as found in e.g. ZoneAlarm).

    Best Regards,
    Fredrik
    Thursday, February 12, 2009 10:40 PM