Vista firewall shackled due to customer demand: Microsoft

When Windows Vista is released early next year its firewall will be set to only block incoming traffic even though it will be capable of blocking outgoing traffic. According to a statement from Microsoft, the firewall's protection will be curbed in order to make life easier for the company's enterprise customers.

"Because the nature of an outbound firewall is to restrict the traffic sent to specific ports, the outgoing access in the Windows Vista firewall is open by default," a Microsoft spokesperson told ZDNet Australia. "The reason for this is Microsoft has received strong feedback from its customers, especially from large organisations and government departments, saying that they would like to manage this feature from an administrator level."

Microsoft claims that configuring the Vista firewall to block outgoing connections from rogue applications and malware will require a varying degree of technical knowledge, depending on each user's security requirements.

"Users need to understand how their applications undertake communication and connections and the associated threats and risks. This security requirement will vary amongst users and Microsoft is providing the capability to allow users to determine how they wish to leverage this security capability," the Microsoft spokesperson said.

Firewall specialist Zone Labs claims that users will require a "fairly high level of sophistication" in order to properly configure the Vista firewall. For consumers, the company said the task will be nothing less than "challenging".

"Outbound protection requires a fairly high level of sophistication to engage, and reports indicate that Microsoft expects that functionality to be used by IT professionals in a business networking environment," Laura Yecies, general manager at Zone Labs told ZDNet Australia.

"For consumers, it is challenging at best," she added.

Security specialist Michael Warrilow, director of Sydney-based analyst firm Hydrasight, believes that Microsoft has found it too difficult to create an all encompassing firewall. However, he said that by throttling the capabilities of the firewall the company is not ignoring its non-technical customer base.

"In effect, Microsoft is putting outbound [protection] in the 'too hard basket' for the time being," Warrilow told ZDNet Australia. "The firewall is to protect against inbound attacks -- instead of protecting the rest of the world from you."

The Microsoft spokesperson said that Vista's firewall is just one layer of security in the new operating system: "New features such as User Account Control (UAC), Windows Defender, and Internet Explorer Protected Mode along with improvements to Windows Firewall and Windows Update work together to help shield Windows Vista PCs from malware."