The firewall in Windows Vista will have half its protection turned off by default, because that is what enterprise customers have requested, Microsoft has said.
When Windows Vista is released early next year, it will have an updated firewall that looks at incoming as well as outgoing traffic, the company has said--an advance on the firewall in Windows XP service pack 2, which only watches incoming data.
But the default on the firewall in Vista will be set to block incoming traffic only, Microsoft said. The protection will be curbed in order to make life easier for the company's enterprise customers, it said.
Aiming to recreate the excitement of Windows 95, Microsoft is trying to turn Vista into its next big win.
"Because the nature of an outbound firewall is to restrict the traffic sent to specific ports, the outgoing access in the Windows Vista firewall is open by default," a representative for the software maker told ZDNet Australia. "The reason for this is Microsoft has received strong feedback from its customers, especially from large organizations and government departments, saying that they would like to manage this feature from an administrator level."
Configuring the Vista firewall to stop outgoing connections made by rogue applications and malicious software will require a varying degree of technical knowledge, depending on each user's security requirements, Microsoft said.
"Users need to understand how their applications undertake communication and connections, and the associated threats and risks. This security requirement will vary amongst users, and Microsoft is providing the capability to allow users to determine how they wish to leverage this security capability," the Microsoft representative said.
Firewall specialist Zone Labs said that people will require a "fairly high level of sophistication" in order to properly configure the Vista firewall. For consumers, the company said the task will be nothing less than "challenging."
"Outbound protection requires a fairly high level of sophistication to engage, and reports indicate that Microsoft expects that functionality to be used by IT professionals in a business-networking environment," Laura Yecies, general manager at Zone Labs, said.
Security specialist Michael Warrilow, director of Sydney-based analyst firm Hydrasight, believes that Microsoft has found it too difficult to create an all-encompassing firewall. However, he said that by not putting the capabilities of the firewall into full play, the company is not ignoring its nontechnical customer base.
"In effect, Microsoft is putting outbound (protection) in the 'too hard' basket for the time being," Warrilow said. "The firewall is to protect against inbound attacks--instead of protecting the rest of the world from you."
Vista's firewall is just one layer of security in the new operating system, according to Microsoft. "New features such as User Account Control, Windows Defender, and Internet Explorer Protected Mode, along with improvements to Windows Firewall and Windows Update, work together to help shield Windows Vista PCs from malware," or malicious software, the company's representative said.
Setting the firewall partly off to suit the needs of enterprise customers doesn't make sense. First, don't they have their own version (unencumbered by product activation) of Win Vista? Second, don't they have IT departments that can see that everything is hunky-dory, versus the typical home user, many of whom still struggle to get Windows installed at all? The weak link in security is and will continue to be the home user. All MS is doing is making it even easier for renegade software to successfully operate in the Vista environment of home users.
Hey... I'd like a gun without a safety. Too often I look down the barrel to make sure there's a bullet before I shoot someone. Only I keep forgetting to take the safety off before I pull the trigger. If there were no safety, I could turn the gun from my head and squeeze the trigger in one fell swoop and save a lot of time and aggravation.
Those that know enough to know what a firewall is are the ones that are smart enough to know how to turn one off.
It really should be on for the unwashed masses running their zombie PCs on irresponsible ISP networks where security is a free downloadable copy of McAfee for a year.
And with tools like SMS and Ghost, isn't it a snap for an IT department to deploy PCs with the firewall turned off?
Or, ship two versions of Vista... Vista Home and Vista Pro. Make them identical except that the Pro version has the firewall turned off and costs $100 more.
Ship the OS with all the outbound ports open. Then when users complain about spyware and their ISPs tell them their computers have been hijacked and turned into zombies, MS can step in and offer them an "anti-spyware" program that closes the ports.
Not to be too unkind to Mr. Warrilow, but I always thought that the purpose of an inbound firewall was to protect me and my insecure applications from DoS or takeover attacks from others and that the purpose of an outbound firewall was to protect me against the "call home" traffic of the malicious spyware or malware application I inadvertently loaded from a web site or an email. Protecting others against me is only important if I am infected, and you want to limit the spread of the virus. That is not a real advantage to me, just altruism, and if I want to attack people deliberately I would just turn the firewall off!
Since MS put IE into the kernel of Windows (in order to try and win a court case against the Justice Dept), they have given a way for viruses to embed themselves into Windows.
MS should block all in-going and out-going traffic from IE if they are serious about security. Firefox could then replace IE and the system would be a lot more secure.
In a time for online gaming and FSB this bares no responsibility; Active X
Nice feature! I know I am posting late; rather I have so much resistance on incoming traffic already. Does the absense of Anti-virus software, except on fresh inceptions into the world wide web matter to anyone. I find the advent of a 3mo. introductory security pack to be worthwhile to put a system configuration in order. leading up to less restrictive options.
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
echo
echo
echo
mark d.
Those that know enough to know what a firewall is are the ones that are smart enough to know how to turn one off.
It really should be on for the unwashed masses running their zombie PCs on irresponsible ISP networks where security is a free downloadable copy of McAfee for a year.
And with tools like SMS and Ghost, isn't it a snap for an IT department to deploy PCs with the firewall turned off?
Or, ship two versions of Vista... Vista Home and Vista Pro. Make them identical except that the Pro version has the firewall turned off and costs $100 more.
when users complain about spyware and their ISPs
tell them their computers have been hijacked and
turned into zombies, MS can step in and offer them
an "anti-spyware" program that closes the ports.
half? HAVE
Are you people high school dropouts?
have half
have 50%
be only half enabled
be 50% useless
"The firewall in Windows Vista will have 50% of its protection turned off by default"
Why the f-word can't Microsoft design a firewall that offers similar ease of use?
Protecting others against me is only important if I am infected, and you want to limit the spread of the virus. That is not a real advantage to me, just altruism, and if I want to attack people deliberately I would just turn the firewall off!
MS should block all in-going and out-going traffic from IE if they are serious about security. Firefox could then replace IE and the system would be a lot more secure.