Computeractive - Home computing advice in plain English

 

 Simple clear advice in plain English

Search

Search computeractive.co.uk

Go Back   Forums > Readers to the Rescue > Windows 7
Search Today's Posts Mark Forums Read

Notices

Closed Thread
 
Thread Tools Display Modes
  #11  
Old 11-07-2010, 20:01
robert clayton robert clayton is offline
Expert Member
 
Join Date: Oct 2004
Location: Castleford
Posts: 6,226
Default

The Windows 7 Firewall still has no outbound protection by default, it needs turning on and programs then allowed egress.

This is better but users should realise that by default it doesn't protect from malicious outbound connections, just like Vista.

If you are sitting behind a router firewall the W7 one doesn't really add much other than protecting from local LAN attacks.

It's all OK if you trust your on-board software to catch all the nasties.

Some don't and prefer an effective two way FW or install the Windows Firewall Control software.

I suspect that most W7 users wil be just using the default though (outbound off).

Bob

Last edited by robert clayton; 11-07-2010 at 20:04.
  #12  
Old 12-07-2010, 14:27
TIG TIG is offline
Senior Member
 
Join Date: Aug 2008
Location: west midlands
Posts: 2,753
Default

Quote:
The Windows 7 Firewall still has no outbound protection by default, it needs turning on and programs then allowed egress.
bob, update your records

windows 7 uses two firewalls that work together ,windows firewall and windows firewall with advanced security (WFAS).

windows firewall and WFAS ship a minimum number of default rules that allow you
to interact with networks. this means that although you are able to browse the web
without having to configure a firewall rule, if you try to use an application to interact
with the network that is not covered by the default rule, such as file transfer protocol you
recieve a warning.

this behavior is different to earlier versions of windows such as xp, where the firewall only blocked incoming traffic and did not block outgoing traffic

the firewall in w7 blocks most outbound traffic by default. when a program is blocked for the first time, you are notified by the firewall, allowing you to configure an exception
that allows traffic of this type in the future.

w7 firewall uses a feature known as full stealth. stealth blocks external hosts from performing operating system (OS) fingerprinting OS fingerprinting is a technique where an attacker determines what operating system a host is running by sending special traffic to the host external network interface. after an attacker knows what operating system a host is using, they can target OS specific exploits at the host.

you can not disable the stealth feature of windows 7.

another feature of w7, boot time filtering ensures windows firewall is working from the instant the network interfaces become active. in previous operating systems such as xp the firewall either built into windows or third party vendor would become operational only once the startup process was complete, this left a small but important period where a network interface would be active but not protected by a firewall

boot time filtering closes this window of opportunity

network location awareness (NLA) feature of w7 which assigns a network profile based on the properties of the network connection, w7 uses three, domain, home or work (private)
public networks, when you connect to a new network w7 queries you with a dialog box asking home, work, public network, w7 remembers the designation that you assign and associates it with the properties of that network, network profiles are important you can use them to apply different collections of firewall rules based on which profile is active. very usefull if you connect to public networks cafes ect
  #13  
Old 12-07-2010, 16:40
robert clayton robert clayton is offline
Expert Member
 
Join Date: Oct 2004
Location: Castleford
Posts: 6,226
Default

One has to wonder what the outgoing connections "block" option is for ?

Clearly I am not alone

"The Windows 7 Firewall provides a basic level of protection against hackers as soon as you start your computer up. Although the firewall can be configured to filter both incoming and outgoing traffic, by default it only acts like the firewalls in Windows XP and Windows Vista, that is, it will only filter incoming connections. Configuring the Windows 7 Firewall to filter outgoing traffic is a little easier than it was in Windows Vista"

http://www.top-windows-tutorials.com...-firewall.html

There aren't two W7 firewalls, just an advanced settings option.

Makes you wonder about sites telling us how to enable outbound protection in 7, doesn't it ?

http://www.addictivetips.com/windows...nd-protection/

Bob

Last edited by robert clayton; 12-07-2010 at 16:45.
  #14  
Old 12-07-2010, 19:25
TIG TIG is offline
Senior Member
 
Join Date: Aug 2008
Location: west midlands
Posts: 2,753
Default

Quote:
Makes you wonder about sites telling us how to enable outbound protection in 7, doesn't it ?
no not realy, get your self good information like material used by ms to train techs

try this its only 800 pages

microsoft configuring windows 7 70-680

by ian mclean mcse , mcitp , mct

and orin thomas mct , several mcse and mcitp credentials, he is the convener of the melbourne security and infrastruture interchange and a microsoft security MVP

but if you know better, please let us know bob
  #15  
Old 12-07-2010, 20:59
robert clayton robert clayton is offline
Expert Member
 
Join Date: Oct 2004
Location: Castleford
Posts: 6,226
Default

How about Microsoft ?
(Applies To: Windows 7, etc)

"By default, Windows Firewall with Advanced Security allows all outbound network traffic. If your organization prohibits specific network programs on organization computers, you can help enforce that prohibition by blocking the network traffic that the programs require to operate correctly.

By default, inbound network traffic to a computer that does not match a rule is blocked, but nothing prevents outbound traffic from leaving a computer. To block the network traffic for prohibited programs, you must create an outbound rule that blocks traffic with specific criteria from passing through Windows Firewall with Advanced Security. Alternatively, you can change the default outbound action to block, and then create outbound allow rules to allow required traffic."


http://technet.microsoft.com/en-us/l...06(WS.10).aspx

More or less what I said, the default is allow, if you set to block then you need to set rules to allow.

If your saying I am wrong them post something of substance to show why, not obscure references to manuals or individuals.

I recall the same lack of evidence arguments about the Vista firewall.

If people are happy with the Windows Firewall that's ok but don't pretend it's something it isn't.

If the Windows Firewall provided the same outgoing protection as the third party ones without any pop ups and "training" then it would be a miraculous piece of software from MS and I would be the first to recommend it.

It doesn't, Microsoft says so.

Bob
  #16  
Old 12-07-2010, 21:47
ACtheTROLL ACtheTROLL is offline
Banned
 
Join Date: Sep 2009
Location: On a mountain in West Yorkshire
Posts: 1,712
Default

two things never cease to amaze me
the first is that people will pay good money so they can bank and shop online ... (oh yes ... everyone knows e-bay is good - you get good quality brands at a fair price)

do a bit of porn ... download a few tunes ... blah blah ... and then they trust their security to free software - because it's free.

the other is how few people understand the function of a firewall when it's layered with a router and dhcp.

and more importantly how little information and advice is given by the PC mags .. CA included.

I'm not a security guy ... but I do have access to some very credible people who are...

in very very general terms ... (generalisation is my middle name)

it's all done with ports

incoming threats are few and far between - unless you are "barklays" ... the chance of a hacker taking time to get through your router's inbuilt defences is pretty small

outgoing is far more likely to be a real problem (some bot-nets are massive) keyloggers and other spyware send ... pirates and pornographers account for 90% of malware.

most malware is scamware and "idiotware" (including trojans) of some sort or another - viruses are old hat
"they" depend on "you" SENDING them the info

If you have even a basic router it comes with two layers of security
a DHCP server (which many regard as being an "almost as good" firewall)
and a real hardware firewall which will try and block ALL unsolicited traffic

windows has some sort of firewall - XP's is the worst - 7's the best.
(XP blocks only in - 7 blocks in and out)

there ARE two types of firewall - in and out - solicited and unsolicited
in is just as important as out

when firms set up a firewall - you lock down EVERY port in and out
and then open each port as it's needed.
(OK so there is an accepted list of outgoing ports ... but it's very short - when you install something like kaspersky - it takes weeks to train the firewall and set the rules)

the windows firewall is configured for nuggets not security - MS know that if they default it how it should be done ... no bugger would ever be able to get out on the net again

there are more holes in this ill though out diatribe than something with a lot of holes ... but I hope some of it is worth a google - if only to disagree

Last edited by ACtheTROLL; 12-07-2010 at 21:55.
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT +1. The time now is 12:00.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
© Copyright Dennis Publishing Limited licensed by Felden