Welcome to TechNet Blogs Sign in | Join | Help
Monday, May 01, 2006 9:43 AM

Windows Vista Firewall and Outbound Filtering

I want to clarify a point raised in a few articles over the past days which
noted outbound filtering is turned off in the firewall in Windows Vista.  In
fact, the Windows Firewall is on by default in both directions.  For
consumers, the firewall protects against inbound threats and has outbound
filtering rules which are enabled by default for core Windows services as
part of Windows Service Hardening.   The default policy is to block inbound
traffic and allow outbound traffic.

One of our goals is to provide a good balance between security and
usability. Many, if not all, of the people who read this blog are IT
professionals and are very familiar with the concepts of security,
networking, and firewalls.  You can use the Windows Firewall with Advanced
Security console which ships in Windows Vista - it is an MMC snap-in-- which
provides the ability to create very rich inbound or outbound rules.  For
example, if your corporate standard for instant messaging is Office Live
Communicator, you could set up rules to block MSN Messenger and other
instant messaging applications from communicating outbound.   For the
consumer, outbound filtering is also enabled; there are outbound rules,
which are enabled by default, for core Windows services.  If all outbound
traffic was blocked by default, many of the applications on the computer
would not work.  If some traffic is blocked - it would be difficult to
decide which should be allowed and which shouldn't be.  In the end we
believe we have provided a balance between security and usability for the
end-user.

Microsoft believes in a defense-in-depth approach to security.  For example,
having an application installed on one's computer which could "phone home"
or send data from the computer which is undesired is best resolved with
anti-malware software.  Windows Vista includes Windows Defender to protect
against such threats from ever getting on the computer in the first place,
before the firewall needs to get involved.  By combining many of these
security technologies together in layers, Windows Vista provides a more
secure environment for end users.

Windows Live OneCare, a part of Windows Live, also provides outbound
filtering as a service and may also be an attractive option for consumer
customers.  It provides functionality for smaller organizations and homes
that would, in larger organizations, be handled by the network
administrators in accordance with organizational security policies.

Thank you for your continued interest in Windows Vista!
 
 
Jason Leznek
Sr. Product Manager
Windows Vista Networking
Microsoft Corporation
Posted by Jason Leznek | 1 Comments
Tuesday, April 18, 2006 7:25 AM

Network Diagnostics Shown at CTIA Wireless Expo

I went to the CTIA Wireless Expo two weeks ago with two of our wireless Program Managers, and we showed off the new networking user interface (Network Center) and the Network Diagnostics Framework.  For those of you who haven't seen or heard of the Network Diagnostics, it's REALLY cool.  It's designed to address many of the top calls to technical support, either Microsoft's, your ISPs, or your corporate help desk.  What's cool about it is that it provides the end-user with clear descriptions of the problem and leads the user through solving the problem on his/her own.  If the user doesn't have the administrative rights to resolve the problem, Network Diagnostics puts very rich information in to the Event Viewer to enable the help desk to resolve the problem quickly. 
 
Network Diagnostics is NOT the same diagnostics tool which shipped with Windows XP.  This is an extensible framework which enables network applications to provide "helper classes" so the diagnostics tool can search for root causes from the context of the application calling it.  For example, there is a helper class for Internet Explorer 7, so if the user launches the diagnostics tool (found under the Tools menu in IE 7 or by right-clicking the Network Center icon in the System Tray) the tool will identify what the problem is from the browser's point of view down the stack.  It's very comprehensive, and very effective!
 
There is more information on the Network Diagnostics Framework, and many other networking features in Windows Vista, at http://www.microsoft.com/technet/itsolutions/network/evaluate/new_network.mspx.
 
 
 
Jason Leznek
Sr. Product Manager
Windows Vista Networking
Microsoft Corporation
Posted by Jason Leznek | 0 Comments
Thursday, March 02, 2006 3:43 PM

Windows Vista Networking Website Online

We've been putting a lot of effort into providing Windows Vista content on the TechNet site.  The main site for Windows Vista for IT Pros is at http://www.microsoft.com/technet/windowsvista/default.mspx, where you can view an overview of Windows Vista as well as drill down into different areas including security, management and operations, reliability and performance, application compatibility, deployment, and of course, networking.  You can get directly to the networking site by going to http://www.microsoft.com/technet/windowsvista/network/default.mspx
 
On the networking site there are links to several new Cable Guy articles (woo hoo!) as well as a drilldown article on the new networking features.  There are more articles planned over the next few months.  Let me know which documents are useful, and let me know what else would be helpful to you.  Enjoy!
Posted by Jason Leznek | 0 Comments
Sunday, February 26, 2006 9:06 PM

Welcome to my blog!!!

Hello!  Thanks for stopping by and reading my blog.  My name is Jason Leznek, and I'm a Sr. Product Manager on the Windows Vista team here at Microsoft.  I focus on core networking, and I'm really excited to be able to share some of my thoughts with you about Windows Vista.

Over the next several months, I'll update this blog with new information about what's new with Windows Vista networking and try to answer some of your questions.  What's my main goal?  To let you know what is new, and of course, to get you as excited about Windows Vista as I am!  Hop on board, and away we go!

 

Jason

Posted by Jason Leznek | 1 Comments
 
Page view tracker