April 27, 2006 10:35 AM PDT

Microsoft takes down barrier in Vista firewall

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: Boarding up Windows against Net threats
February 7, 2006; Microsoft security service to ship in June
February 7, 2006; Microsoft's OneCare firewall draws fire
January 31, 2006; Allchin: Buy Vista for the security
January 27, 2006

The firewall in Windows Vista will have half its protection turned off by default, because that is what enterprise customers have requested, Microsoft has said.

When Windows Vista is released early next year, it will have an updated firewall that looks at incoming as well as outgoing traffic, the company has said--an advance on the firewall in Windows XP service pack 2, which only watches incoming data.

But the default on the firewall in Vista will be set to block incoming traffic only, Microsoft said. The protection will be curbed in order to make life easier for the company's enterprise customers, it said.

A closer look
Piecing together Windows Vista

Aiming to recreate the excitement of Windows 95, Microsoft is trying to turn Vista into its next big win.

"Because the nature of an outbound firewall is to restrict the traffic sent to specific ports, the outgoing access in the Windows Vista firewall is open by default," a representative for the software maker told ZDNet Australia. "The reason for this is Microsoft has received strong feedback from its customers, especially from large organizations and government departments, saying that they would like to manage this feature from an administrator level."

Configuring the Vista firewall to stop outgoing connections made by rogue applications and malicious software will require a varying degree of technical knowledge, depending on each user's security requirements, Microsoft said.

"Users need to understand how their applications undertake communication and connections, and the associated threats and risks. This security requirement will vary amongst users, and Microsoft is providing the capability to allow users to determine how they wish to leverage this security capability," the Microsoft representative said.

Firewall specialist Zone Labs said that people will require a "fairly high level of sophistication" in order to properly configure the Vista firewall. For consumers, the company said the task will be nothing less than "challenging."

"Outbound protection requires a fairly high level of sophistication to engage, and reports indicate that Microsoft expects that functionality to be used by IT professionals in a business-networking environment," Laura Yecies, general manager at Zone Labs, said.

Security specialist Michael Warrilow, director of Sydney-based analyst firm Hydrasight, believes that Microsoft has found it too difficult to create an all-encompassing firewall. However, he said that by not putting the capabilities of the firewall into full play, the company is not ignoring its nontechnical customer base.

"In effect, Microsoft is putting outbound (protection) in the 'too hard' basket for the time being," Warrilow said. "The firewall is to protect against inbound attacks--instead of protecting the rest of the world from you."

Vista's firewall is just one layer of security in the new operating system, according to Microsoft. "New features such as User Account Control, Windows Defender, and Internet Explorer Protected Mode, along with improvements to Windows Firewall and Windows Update, work together to help shield Windows Vista PCs from malware," or malicious software, the company's representative said.

Munir Kotadia of ZDNet Australia reported from Sydney.

See more CNET content tagged:
firewall, Zone Labs Inc., Microsoft Windows Vista, protection, Sydney

Add a Comment (Log in or register) 16 comments

Is there an echo here?
by roger.d.miller April 27, 2006 11:09 AM PDT: Didn't I read this same story yesterday?; Reply to this comment View reply
Processing

Doesn't Make Sense
by markdoiron April 27, 2006 1:32 PM PDT: Setting the firewall partly off to suit the needs of enterprise customers doesn't make sense. First, don't they have their own version (unencumbered by product activation) of Win Vista? Second, don't they have IT departments that can see that everything is hunky-dory, versus the typical home user, many of whom still struggle to get Windows installed at all? The weak link in security is and will continue to be the home user. All MS is doing is making it even easier for renegade software to successfully operate in the Vista environment of home users.

mark d.; Reply to this comment View all 2 replies
Processing

copy edit this story!
by ChazzMatt April 27, 2006 1:42 PM PDT: "The firewall in Windows Vista will have half its protection turned off by default"

half? HAVE

Are you people high school dropouts?; Reply to this comment View all 3 replies
Processing

Why So Complicated?
by john55440 April 27, 2006 2:18 PM PDT: As a home computer user, I have found neither Norton Personal Firewall nor ZoneAlarm to be rocket science.

Why the f-word can't Microsoft design a firewall that offers similar ease of use?; Reply to this comment

What is outbound protection for?
by inetdog April 27, 2006 3:22 PM PDT: Not to be too unkind to Mr. Warrilow, but I always thought that the purpose of an inbound firewall was to protect me and my insecure applications from DoS or takeover attacks from others and that the purpose of an outbound firewall was to protect me against the "call home" traffic of the malicious spyware or malware application I inadvertently loaded from a web site or an email.
Protecting others against me is only important if I am infected, and you want to limit the spread of the virus. That is not a real advantage to me, just altruism, and if I want to attack people deliberately I would just turn the firewall off!; Reply to this comment

IE is the biggest problem.
by t8 April 27, 2006 5:51 PM PDT: Since MS put IE into the kernel of Windows (in order to try and win a court case against the Justice Dept), they have given a way for viruses to embed themselves into Windows.

MS should block all in-going and out-going traffic from IE if they are serious about security. Firefox could then replace IE and the system would be a lot more secure.; Reply to this comment

In a time for online gaming and FSB this bares no responsibility; Active X
by Pop4 April 30, 2006 5:40 PM PDT: Nice feature! I know I am posting late; rather I have so much resistance on incoming traffic already. Does the absense of Anti-virus software, except on fresh inceptions into the world wide web matter to anyone. I find the advent of a 3mo. introductory security pack to be worthwhile to put a system configuration in order. leading up to less restrictive options.; Reply to this comment View reply
Processing

Latest tech news headlines

Google upgrades Gmail for IE 6 users
Posted in Webware by Stephen Shankland

September 7, 2008 10:07 PM PDT
TI does energy efficiency on a chip
Posted in Green Tech by Martin LaMonica

September 7, 2008 9:00 PM PDT
Intel ships low-power chips for servers
Posted in Nanotech: The Circuits Blog by Brooke Crothers

September 7, 2008 9:00 PM PDT

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

Nanotech: The Circuits Blog
Intel ships low-power chips for servers
New server chips from processor giant draw as little as 12.5 watts per core.
Gallery
Photos: Top 10 reviews of the week
Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.
News - Apple
Apple watchers spot 'iPod Nano' pix, iTunes hints
The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.
Coop's Corner
Chris Shipley 1, Internet lynch mob 0
Demo's impresario goes public with a tart and smartly written riposte to the shoot-from-the-lip crowd.
Video
Katie Couric reflects on first Webcast
The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.
Webware
Google upgrades Gmail for IE 6 users
The online e-mail application is faster for those using the 7-year-old browser and gets features already available to more modern browsers, Google said.
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Gaming and Culture
Are Demo and TechCrunch50 fragmenting their audiences?
With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Images: The art of 'Spore' prototypes
Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.
Crossfade
Kaskade, 'Beautiful Thing': Free MP3 of the Day
Since Mark Farina's glory days in the late '90s there has been no house music success story like Kaskade's. Download a free MP3 of "Beautiful Thing" courtesy of CNET Download Music.
Green Tech
TI does energy efficiency on a chip
Its line of Piccolo microcontrollers can reduce power consumption significantly of home appliances, hybrid cars, LED lighting, and even solar panels.