Windows Vista Firewall and Outbound Filtering
I want to clarify a point raised in a few articles over the past days which
noted outbound filtering is turned off in the firewall in Windows Vista. In
fact, the Windows Firewall is on by default in both directions. For
consumers, the firewall protects against inbound threats and has outbound
filtering rules which are enabled by default for core Windows services as
part of Windows Service Hardening. The default policy is to block inbound
traffic and allow outbound traffic.
One of our goals is to provide a good balance between security and
usability. Many, if not all, of the people who read this blog are IT
professionals and are very familiar with the concepts of security,
networking, and firewalls. You can use the Windows Firewall with Advanced
Security console which ships in Windows Vista - it is an MMC snap-in-- which
provides the ability to create very rich inbound or outbound rules. For
example, if your corporate standard for instant messaging is Office Live
Communicator, you could set up rules to block MSN Messenger and other
instant messaging applications from communicating outbound. For the
consumer, outbound filtering is also enabled; there are outbound rules,
which are enabled by default, for core Windows services. If all outbound
traffic was blocked by default, many of the applications on the computer
would not work. If some traffic is blocked - it would be difficult to
decide which should be allowed and which shouldn't be. In the end we
believe we have provided a balance between security and usability for the
end-user.
Microsoft believes in a defense-in-depth approach to security. For example,
having an application installed on one's computer which could "phone home"
or send data from the computer which is undesired is best resolved with
anti-malware software. Windows Vista includes Windows Defender to protect
against such threats from ever getting on the computer in the first place,
before the firewall needs to get involved. By combining many of these
security technologies together in layers, Windows Vista provides a more
secure environment for end users.
Windows Live OneCare, a part of Windows Live, also provides outbound
filtering as a service and may also be an attractive option for consumer
customers. It provides functionality for smaller organizations and homes
that would, in larger organizations, be handled by the network
administrators in accordance with organizational security policies.
Thank you for your continued interest in Windows Vista!
Jason Leznek
Sr. Product Manager
Windows Vista Networking
Microsoft Corporation
