April 27, 2006 10:35 AM PDT

Microsoft takes down barrier in Vista firewall

The firewall in Windows Vista will have half its protection turned off by default, because that is what enterprise customers have requested, Microsoft has said.

When Windows Vista is released early next year, it will have an updated firewall that looks at incoming as well as outgoing traffic, the company has said--an advance on the firewall in Windows XP service pack 2, which only watches incoming data.

But the default on the firewall in Vista will be set to block incoming traffic only, Microsoft said. The protection will be curbed in order to make life easier for the company's enterprise customers, it said.

A closer look
Piecing together Windows Vista
Aiming to recreate the excitement of Windows 95, Microsoft is trying to turn Vista into its next big win.

"Because the nature of an outbound firewall is to restrict the traffic sent to specific ports, the outgoing access in the Windows Vista firewall is open by default," a representative for the software maker told ZDNet Australia. "The reason for this is Microsoft has received strong feedback from its customers, especially from large organizations and government departments, saying that they would like to manage this feature from an administrator level."

Configuring the Vista firewall to stop outgoing connections made by rogue applications and malicious software will require a varying degree of technical knowledge, depending on each user's security requirements, Microsoft said.

"Users need to understand how their applications undertake communication and connections, and the associated threats and risks. This security requirement will vary amongst users, and Microsoft is providing the capability to allow users to determine how they wish to leverage this security capability," the Microsoft representative said.

Firewall specialist Zone Labs said that people will require a "fairly high level of sophistication" in order to properly configure the Vista firewall. For consumers, the company said the task will be nothing less than "challenging."

"Outbound protection requires a fairly high level of sophistication to engage, and reports indicate that Microsoft expects that functionality to be used by IT professionals in a business-networking environment," Laura Yecies, general manager at Zone Labs, said.

Security specialist Michael Warrilow, director of Sydney-based analyst firm Hydrasight, believes that Microsoft has found it too difficult to create an all-encompassing firewall. However, he said that by not putting the capabilities of the firewall into full play, the company is not ignoring its nontechnical customer base.

"In effect, Microsoft is putting outbound (protection) in the 'too hard' basket for the time being," Warrilow said. "The firewall is to protect against inbound attacks--instead of protecting the rest of the world from you."

Vista's firewall is just one layer of security in the new operating system, according to Microsoft. "New features such as User Account Control, Windows Defender, and Internet Explorer Protected Mode, along with improvements to Windows Firewall and Windows Update, work together to help shield Windows Vista PCs from malware," or malicious software, the company's representative said.

Munir Kotadia of ZDNet Australia reported from Sydney.

See more CNET content tagged:
firewall, Sydney, Zone Labs Inc., barrier, Microsoft Windows Vista


Join the conversation!
Add your comment
Is there an echo here?
Didn't I read this same story yesterday?
Posted by roger.d.miller (41 comments )
Reply Link Flag
echo here?
Didn't I read this same story yesterday?

Posted by Amazingant (146 comments )
Link Flag
Doesn't Make Sense
Setting the firewall partly off to suit the needs of enterprise customers doesn't make sense. First, don't they have their own version (unencumbered by product activation) of Win Vista? Second, don't they have IT departments that can see that everything is hunky-dory, versus the typical home user, many of whom still struggle to get Windows installed at all? The weak link in security is and will continue to be the home user. All MS is doing is making it even easier for renegade software to successfully operate in the Vista environment of home users.

mark d.
Posted by markdoiron (1138 comments )
Reply Link Flag
Hey... I'd like a gun without a safety. Too often I look down the barrel to make sure there's a bullet before I shoot someone. Only I keep forgetting to take the safety off before I pull the trigger. If there were no safety, I could turn the gun from my head and squeeze the trigger in one fell swoop and save a lot of time and aggravation.

Those that know enough to know what a firewall is are the ones that are smart enough to know how to turn one off.

It really should be on for the unwashed masses running their zombie PCs on irresponsible ISP networks where security is a free downloadable copy of McAfee for a year.

And with tools like SMS and Ghost, isn't it a snap for an IT department to deploy PCs with the firewall turned off?

Or, ship two versions of Vista... Vista Home and Vista Pro. Make them identical except that the Pro version has the firewall turned off and costs $100 more.
Posted by TV James (680 comments )
Link Flag
marketing opportunity
Ship the OS with all the outbound ports open. Then
when users complain about spyware and their ISPs
tell them their computers have been hijacked and
turned into zombies, MS can step in and offer them
an "anti-spyware" program that closes the ports.
Posted by Jackson Cracker (272 comments )
Link Flag
copy edit this story!
"The firewall in Windows Vista will have half its protection turned off by default"

half? HAVE

Are you people high school dropouts?
Posted by ChazzMatt (169 comments )
Reply Link Flag
Read it again
No, it's correct

have half

have 50%

be only half enabled

be 50% useless
Posted by TV James (680 comments )
Link Flag
no need
half = ½
Posted by Jackson Cracker (272 comments )
Link Flag
Easy there...
The grammer is correct. You could replace "half" with "50% of" and it would mean the same thing, for example:

"The firewall in Windows Vista will have 50% of its protection turned off by default"
Posted by circuitcyborg (1 comment )
Link Flag
Why So Complicated?
As a home computer user, I have found neither Norton Personal Firewall nor ZoneAlarm to be rocket science.

Why the f-word can't Microsoft design a firewall that offers similar ease of use?
Posted by john55440 (1020 comments )
Reply Link Flag
What is outbound protection for?
Not to be too unkind to Mr. Warrilow, but I always thought that the purpose of an inbound firewall was to protect me and my insecure applications from DoS or takeover attacks from others and that the purpose of an outbound firewall was to protect me against the "call home" traffic of the malicious spyware or malware application I inadvertently loaded from a web site or an email.
Protecting others against me is only important if I am infected, and you want to limit the spread of the virus. That is not a real advantage to me, just altruism, and if I want to attack people deliberately I would just turn the firewall off!
Posted by inetdog (40 comments )
Reply Link Flag
IE is the biggest problem.
Since MS put IE into the kernel of Windows (in order to try and win a court case against the Justice Dept), they have given a way for viruses to embed themselves into Windows.

MS should block all in-going and out-going traffic from IE if they are serious about security. Firefox could then replace IE and the system would be a lot more secure.
Posted by t8 (3716 comments )
Reply Link Flag
In a time for online gaming and FSB this bares no responsibility; Active X
Nice feature! I know I am posting late; rather I have so much resistance on incoming traffic already. Does the absense of Anti-virus software, except on fresh inceptions into the world wide web matter to anyone. I find the advent of a 3mo. introductory security pack to be worthwhile to put a system configuration in order. leading up to less restrictive options.
Posted by Pop4 (88 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.