A user from Perth measured 2708kbps @ Broadband Speedtest.
5 minutes ago, Click here to find out how fast your internet speed is.
Breaking News: eBay, Trading Post help catch tax cheats
ZDNet / Zone Labs / Story
Vista firewall shackled due to customer demand: Microsoft
Topics
zone labs, laura yecies, vista firewall, windows, european union, munir kotadia, zone alarm, vista
Top related stories
The firewall in Windows Vista will, by default, have half its protection turned off because that is what enterprise customers have requested, according to the software giant.
When Windows Vista is released early next year its firewall will be set to only block incoming traffic even though it will be capable of blocking outgoing traffic. According to a statement from Microsoft, the firewall's protection will be curbed in order to make life easier for the company's enterprise customers.
"Because the nature of an outbound firewall is to restrict the traffic sent to specific ports, the outgoing access in the Windows Vista firewall is open by default," a Microsoft spokesperson told ZDNet Australia. "The reason for this is Microsoft has received strong feedback from its customers, especially from large organisations and government departments, saying that they would like to manage this feature from an administrator level."
Microsoft claims that configuring the Vista firewall to block outgoing connections from rogue applications and malware will require a varying degree of technical knowledge, depending on each user's security requirements.
"Users need to understand how their applications undertake communication and connections and the associated threats and risks. This security requirement will vary amongst users and Microsoft is providing the capability to allow users to determine how they wish to leverage this security capability," the Microsoft spokesperson said.
Firewall specialist Zone Labs claims that users will require a "fairly high level of sophistication" in order to properly configure the Vista firewall. For consumers, the company said the task will be nothing less than "challenging".
"Outbound protection requires a fairly high level of sophistication to engage, and reports indicate that Microsoft expects that functionality to be used by IT professionals in a business networking environment," Laura Yecies, general manager at Zone Labs told ZDNet Australia.
"For consumers, it is challenging at best," she added.
Security specialist Michael Warrilow, director of Sydney-based analyst firm Hydrasight, believes that Microsoft has found it too difficult to create an all encompassing firewall. However, he said that by throttling the capabilities of the firewall the company is not ignoring its non-technical customer base.
"In effect, Microsoft is putting outbound [protection] in the 'too hard basket' for the time being," Warrilow told ZDNet Australia. "The firewall is to protect against inbound attacks -- instead of protecting the rest of the world from you."
The Microsoft spokesperson said that Vista's firewall is just one layer of security in the new operating system: "New features such as User Account Control (UAC), Windows Defender, and Internet Explorer Protected Mode along with improvements to Windows Firewall and Windows Update work together to help shield Windows Vista PCs from malware."
Related stories
I tend to agree
I've been privately and publically stating since XPSP2, that there is no magic solution that will help both home users and enterprises.
Therefore my suggestion is to have different default firewall settings based on the edition of the OS.
WHat MS Should have done in XP SP2 is the enable the firewall if SP2 was instaleld to XP Home Edition (and/or XP Pro if not connected to a domain), and to not enable the firewall if installing to XP Pro connected to a domain.
Anonymous April 27th, 2006that's it - different settings for different flavours
I whole heartedly agree with your statement. MS has told us they are targetting different versions at different segments of the market so I'm sure as part of the install they can enable or disable the outbound blocking capabilites of the firewall.
Anonymous April 28th, 2006Corp Manage rather then playing
I'm not a techie but... Companies can mange the settings via group policies (GPO) rather then specific MS build type settings. This of course assumes a company is large enough to implement AD and use XP Pro.
Ando April 28th, 2006Microsoft has a sound profile of legitimate applications...
... that are shipped with the OS so why not apply egress filtering based on such a profile by default? As part of any enterprise rollout many defaults are overridden in favor of locally-defined needs, but in the case of the individual private user, or small business who accepts most defaults an installs only a small number of third-party apps, this approach could serve to block traffic from moutains of illegitimate programs.
If a user installs something deliberately ("click here to enhance your stamina!") they can also click, Zone Alarm style, to allow outgoing traffic from their shiny new app.
I guess "Secure by design, secure by default, secure in deployment" only applies if it doesn't increase their support call load. Let's hear it for the status quo.
George April 27th, 2006Sounds like handwaving to me
It's a little weird for MS to claim that they have to preconfigure consumer versions of Vista to meet the needs of their enterprise customers, given that the enterprises are going to customize their security policies extensively before deploying the OS in the first place. Default-blocking inbound packets and default-allowing outbound packets doesn't help IT departments much -- they'll still have to configure the firewall to enable all kinds of services that are necessary inside a company firewall (messaging/alerts, collaboration apps, software deployment tools, etc.) but dangerous to expose on a box connected directly to the Internet.
The real driver for this decision is probably that MS hasn't been able to create a consumer-friendly interface to manage outbound packet filtering, so enabling it out of the box in retail builds would be a customer-support nightmare.
Lazlo Nibble April 27th, 2006From MS Security Summit
I just attended the MS Security Matters Summit in Dallas, TX. You should have heard their security lead's statements on the importance (or lack thereof) of a need for an outbound firewall. His claim was that it wasn't useful until now. ROFL. His argument stated that anything that got into the machine could compromise even the firewall, and so protecting from such things was futile. Guess he never heard of Adware which generally doesn't do much more than try to call home, or all of the cases where when firewall shutdown was attempted, the firewall companies took preventative action.
As for user technical skills - MS should visit a couple of successful vendors such as ZoneLabs or Kaspersky and see how they deal with the novice user.
MS seems to still be thinking at the enterprise level and trying to figure out how to make every user Cisco certified. Hey, MS, the end user doesn't need to learn firewall rule making - you simply need to provide the user with application level control for 95% of the situations.
Perhaps they should have taken a lesson from their own book and simply bought or licensed an effective firewall and adapted it for integration into their new flagship OS just as they did with Giant Anti-Spyware and/or Visio.
2kmaro of DSLReports April 27th, 2006copy edit this story!
"The firewall in Windows Vista will have half its protection turned off by default"
half? HAVE
Are you people high school dropouts?
Anonymous April 28th, 2006Um, no
Uh...dude. Will have half. As in will have 50 percent.
High school graduate April 28th, 2006"Protecting the world from you is" hilarious!!!
it's as if it's more likely that an average user is able to activate the outgoing connections control than a hacker being able to deactivate it (as if the hacker uses windows, too).
The unsaid part of this is all the spyware/trojan stuff that will be left unmonitored on the users' computers.
Anonymous May 5th, 2006Firewall was deliberatly crippled
Why dont people say it how it is, Microsoft deliberatly leaves security holes in its operating systems, they have always done it and will continue to do it. Just as it was no accident that netbios over tcp was enabled by default in windows 95 and 98, and took a level of tcp/ip knowledge way over and above that of most users to change it, it is also no accident that
Microsft left this Vista firewall crippled by leaving outbound filtering switched off by default, and requiring a level of technical knowledge that most users do not have, in order to configure it .
Anonymous June 25th, 2008Power Centre Useful content from our premier sponsors
Resource Centre Useful content from our premier sponsors
-
Email is Dead, but can anything take its place?" Win one of 5 tickets to be part of the audience at this exclusive ZDNet debate
Find out more! Join the conversation and enter now to win. -
Get BlackBerry® Enterprise Server Express for Free
Click here to learn more about BlackBerry® Enterprise Server Express.
ZDNet Australia Live
http://bit.ly/9SnE7Q Database Toolbar Icons - Free Software Downloads - ZDNet Asia
6 minutes ago by carebearrhgbo on twitter
ZDNET: Court rejects class action status for Intel antitrust suit http://bit.ly/9yAlXu
6 minutes ago by KERUFFTech on twitter
RT: @ZDNet: HP announces a containerized datacenter sale http://zd.net/d47SR2
6 minutes ago by japha on twitterRT: @ZDNet: Steve Ballmer: Microsoft has been focusing on cloud for 15 years http://zd.net/9cv0US
6 minutes ago by japha on twitter
RT @johandenhaan: Nice example of difficulties of release management: Oracle rebrands Java, breaks Eclipse http://bit.ly/aN1jaI #yam #fun
6 minutes ago by wmartinez on twitter
[ZDNet Japan] AD: まさかの価格破壊!: 35歳(男性)月額970円の死亡保険の真相。nextialife.co.jp
Ads by MicroAd http://bit.ly/cL8g8X
Court rejects class action status for Intel antitrust suit http://zd.net/dyhmnc
11 minutes ago by ZDNet on twitter
Another "No steeeking Win-DOHS!" RT @ZDNet: Microsoft's Windows Phone 7 marketing pitch: 'I'm a phone too' http://zd.net/bFPibg
11 minutes ago by SilvrDrgn on twitter
Windows Phone 7 devices by end of September?: His current collection includes a Nokia N85, Nokia E71, Nokia 5800, ... http://bit.ly/dlTURg
11 minutes ago by DonnaPret on twitter
New post: Court rejects class action status for Intel antitrust suit http://bit.ly/9yAlXu
11 minutes ago by ldignan on twitter
RT @maryjofoley: Microsoft's Ballmer: Windows 7 slates are 'job number one': http://bit.ly/bYcmwA
11 minutes ago by RangerStation on twitterThere are a couple of points in the story where David's digs at Telstra are offmark: firstly, an inference that the current broadband...
14 minutes ago by gromit on Is Telstra the scorpion or the frog?
Microsoft's Ballmer: Windows 7 slates are 'job number one' http://bit.ly/bBG7ve
16 minutes ago by techinfotweet on twitterWin-DOHS, we don't need no steeeenking Win-DOHS!! RT @ZDNet: Microsoft's Ballmer: Windows 7 slates are 'job number one' http://zd.net/atdhxQ
16 minutes ago by SilvrDrgn on twitter
RT @HeathClancy: EPA: Yup, greenhouse gases still unhealthy http://bit.ly/aZkizM #greentech #green
16 minutes ago by lmchen on twitter
Between the Lines Court rejects class action status for Intel antitrust suit: Intel today won a key ruling in an a... http://bit.ly/bAcNFO
21 minutes ago by Database_News on twitterBetween the Lines Microsoft's Windows Phone 7 marketing pitch: 'I'm a phone too': Microsoft CEO Steve Ballmer gave... http://bit.ly/c2x1K9
21 minutes ago by Database_News on twitterBetween the Lines Real cuts losses amid restructuring, still misses analyst estimates: Real Networks’ second-quart... http://bit.ly/ccO6ZX
21 minutes ago by Database_News on twitter
RT @TechZader: Microsoft's Windows Phone 7 marketing pitch: 'I'm a phone too' http://bit.ly/cxedPj
21 minutes ago by DevLano on twitter
http://bit.ly/bn9qQH "When using open source makes you an enemy of the state" ahah, quelle bande de nazes :)
21 minutes ago by chrisnoisel on twitter
@Hamface oh thanks! @gewg did you want to talk about why you made the jump for ZDNet? :)
21 minutes ago by joshgnosis on twitter
iPhone there and back again: How to backup your iPhone, set it up as a new device, and then restore it http://bit.ly/c0SSgE
21 minutes ago by Ipodcaraccess on twitter
RT @seesmic: Seesmic listed by @ZDNet - Top 25 Android apps: The best of the best http://ping.fm/goi9K
26 minutes ago by gbhanson on twitter
@Justin_Bartak Thanks for all the RTs! Taking a look at the guts inside Apple's new Magic Trackpad - http://bit.ly/a4OBFm #Minneapolis #Mac
26 minutes ago by thefndtn on twitterDavid, you've completely missed the point. This has nothing to do with consumer value. You mentioned that "Telstra is supposed...
30 minutes ago by M.N.M on Is Telstra the scorpion or the frog?Yup! They're pretty and look real nice but, as one who qualified in 1963 - on a Diesel Boat - and retired in 1982 - after 6 more die...
33 minutes ago by willyjon on Get wet with submarine tech photos
MasterChefs launch iPhone 4 in Sydney - http://dld.bz/prSR I really want 1, would you get 1? http://dld.bz/prSS
54 minutes ago by SaigonBay on twitter
"Not greatly dissimilar to the public jubilation felt at the end of the second World War, Sydney-siders ..." http://bit.ly/cTvyuB #reallysad
1 hour ago by ronsondalby on twitterHilarious coverage of the iPhone 4 launch from the CNET guys. http://bit.ly/cTvyuB
1 hour ago by joshgnosis on twitterWhat a sad way to live if the only joy in your life is to queue for a piece of defective technology sold by a vendor who accused his loya...
2 hours ago by fred9999 on iPhone 4 Australian launch: pictures
@Jetttje: outlook-alternatieven: http://www.zdnet.com.au/top-alternatives-to-microsoft-outlook-339295046.htm
6 hours ago by hansstavleu on twitter
RT @NASAWatch: NASA photos mooned in abandoned Maccas (LOIRP) http://bit.ly/arFI4Y
6 hours ago by Stratocumulus on twitter
http://bit.ly/9y8rsU Multimedia Toolbar Icons - Free Software Downloads - ZDNet Australia
7 hours ago by mpzcosehpamq4 on twitterI am happy to know I was right about predicting Symantec's stock price and the furture trend. As I have pointed out a few times, I th...
7 hours ago by strelaoz on iPhone midnight launches across AustraliaJust weirdly found out Michael Yell - Country and Regional Director for OEM, XSP and Services Business at Symantec Asia Pacific and Japan...
7 hours ago by strelaoz on iPhone midnight launches across AustraliaAs I have reported to Symantec Ethics about David Freer’s (VP, Symantec – Norton, APJ) misconducts (fraud, having dissented sex with ...
7 hours ago by strelaoz on iPhone midnight launches across AustraliaDavid Freer (VP, Symantec Consumer Business Units - Norton, APJ) is a BIG LIAR! He lied to me for more than two and half years for my tru...
7 hours ago by strelaoz on iPhone midnight launches across AustraliaMy speed is 33 807 I'm with bigpond cable
9 hours ago by francoo on Broadband SpeedtestThat is a beautiful boat,but, I'd still rather go to sea on a first flight 688 boat.Preferably the 689 if Clinton hadn't decommis...
10 hours ago by rogue689 on Get wet with submarine tech photosFor many other reasons, than just the net filter, the current has to go. Still, I wouldn't trust Abbot either. There are however chec...
11 hours ago by ian_from_oz on Conroy's filter masterstrokeRT: @zdnetaustralia: http://bit.ly/cJU6Mf We've added Virgin to our iPhone 4 pricing table comparison.. See which telco has the best deal.
11 hours ago by japha on twitter
Apple to look at iPhone 3G iOS 4 problems - Software - News http://bit.ly/cmaTAJ _ that's nice of them
12 hours ago by tim_butcher on twitterStop trying to dodge the filter issue, Conboy; it'll bite you in the **** whether you like it or not.
13 hours ago by Hyperion on Conroy pledges NBN map, same policies
Facebook va lansa un serviciu de răspunsuri la întrebările utilizatorilor http://bit.ly/aS4kLC
14 hours ago by adrian_silimon on twitter
Survey proves #AUS e-health demand http://j.mp/ah9Iwf /via @ZDNetAustralia
15 hours ago by ej_butler on twitterA "profound cultural change" is required for a truly open government http://bit.ly/bTht86 /via @zdnetaustralia #gov2au
15 hours ago by ej_butler on twitterAs one who has been as critical as any of the Sol era Telstra...as long as Telstra are leaving feasible room for profit margins for their...
15 hours ago by RS on Is Telstra the scorpion or the frog?David, while the popular opinion, at least in the eyes of Telstra opponents, is to use every devious argument to stifle the operations of...
15 hours ago by sydneyla on Is Telstra the scorpion or the frog?Question two: What is stopping.... "AUSTRALIANS could save up to $1.9 billion a year in travel costs, petrol and time if they spent h...
15 hours ago by Vasso Massonic on Is Telstra the scorpion or the frog?
Survey proves e-health demand: NEHTA http://itrau.com/bt9f8w via @ZDNetAustralia
16 hours ago by AUTechNews on twitterRT @zdnetaustralia: Survey by NEHTA proves there is a demand for e-health http://bit.ly/bXuT1K
16 hours ago by joshgnosis on twitter
RT @zdnetaustralia: Telstra cops $18.55 million fine for exchange capping http://bit.ly/9cL91V
16 hours ago by crupaul on twitter
RT @zdnetaustralia: Survey by NEHTA proves there is a demand for e-health http://bit.ly/bXuT1K #yam
16 hours ago by johnnysd on twitter
A good read..RT @zdnetaustralia: Is Telstra the scorpion or the frog? http://bit.ly/cSgC31
16 hours ago by awmitchell on twitterRT @zdnetaustralia: eBay and the Trading Post online help the Australian Taxation Office catch tax cheats http://bit.ly/dBDXRz
16 hours ago by crupaul on twitter
RT @zdnetaustralia Tesltra tweaks its data plans for all smartphones (not just the iPhone 4) http://bit.ly/bxO0G2
16 hours ago by MacGirlUK on twitterRT @zdnetaustralia: Is Telstra the scorpion or the frog? http://bit.ly/cSgC31
17 hours ago by MacGirlUK on twitter
@mibus http://www.zdnet.com.au/commbank-dives-into-580m-banking-it-revamp-339288467.htm
17 hours ago by jamezpolley on twitter
The tech keeping Plastiki afloat: photos: ZDNet Australia brings you the tech below deck on the epic Plastiki voyage. http://bit.ly/aTj1QU
17 hours ago by tessa_alfred on twitter
http://bit.ly/cJU6Mf We've added virgin to our iPhone 4 pricing table comparison.. See which telco has the best deal.
18 hours ago by zdnetaustralia on twitterThis story has been liked 5 times in the last 24 hours!
1 day ago, Australia's iPhone 4 pricing comparedKeep up with ZDNet Australia
Linkedin 
RSS Feeds 
Newsletters 
Twitter 
| Telstra BigPond | 37 plans |  1% |
| Optus | 76 plans |  2% |
| 3 | 9 plans | 1% |
| Virgin Mobile | 7 plans | 4% |
| Netspace | 36 plans | 1% |
| Mobile Broadband Plans | 8% |
| ADSL2+ Broadband Plans | 5% |
| Cable Broadband Plans | 4% |
| Naked DSL Broadband Plans | 1% |
| ADSL Broadband Plans | 6% |
Mobile Phones | Broadband
CBS - ZDNET Australia Partner ServicesSponsored resources
- HP Conquer - Conquer IT with HP BladeSystem.
- Citrix - Download Citrix NetScaler, the ultimate all-in-one Web app delivery solution. Simplicity is Power.
- Optus Micro-Sim - The tablet ready Optus Micro-Sim is here. Register now.
- Virgin Mobile - Virgin Mobile's new Smart Caps with unlimited standard text to any mobile in OZ from $29.
- ZDNet Survey - Complete survey for your chance to win a smartphone!
- "Email is Dead, but can anything take its place?" - Win one of 5 tickets to be part of the audience -- 12th of August 2010
Warrilow is an idiot
The point of filtering outbound connections isn't just to protect the world from spambot-infested morons, it's to protect people from spyware.
Mind you, Windows XP itself seems like the world's biggest piece of spyware at times, so it's no real surprise that Microsoft is (again) punting on real security for the end user.
^^^Typical knee-jerk, anti-MS reaction
So, what would make you happy? Have MS disable the ability for applications to talk to the outside world at all and completely cripple Windows? Why should a typical user have to *enable* the ability to communicate? If Vista by default disabled talking to the outside world, that would have the effect of discouraging it--making it less common.
Just as a tax discourages economic activity, making it harder to perform computer activities makes them less common.
TEAM 99 shill
HOW MUCH to hype vaporware
Hasta la Vista is not even here
nice
So it's easier to end user to disable outgoing traffic on all ports except few that they really use than to have all ports closed and enable that few that they use. I think most users won't even notice that they should configure they firewalls. And all kinds of spyware, spammer bots etc will still work on new Windows. What a backward compatibillity.
If Windows was secure there won't be need for antiviruses etc.
Many people in anti* software companies would lost their jobs, I can bet they bosses are those big enterprise clients asking for open ports.
PS.
sorry for my english