http://www.osnews.com/story/17300/Fixing_Windows_Vista_s_Firewall Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Mon, 09 Nov 2009 01:03:32 GMT http://www.osnews.com/images/osnews.gif http://www.osnews.com http://osnews.com/thread?214203 http://osnews.com/thread?214203 columnists from a technology site would understand how to disable windows services without having to "troubleshoot". Sun, 18 Feb 2007 21:15:00 GMT donotreply@osnews.com (morglum666) Comments http://osnews.com/thread?214208 http://osnews.com/thread?214208 Sorry, but the author says that because he has two layers of filtering on the WAN that the PC firewall is not necessary. If one PC becomes compromised inside the LAN, a worm could easily spread through the network. Not to mention that internal users are a far larger threat than external these days.. Sun, 18 Feb 2007 21:22:00 GMT donotreply@osnews.com (kev009) Comments http://osnews.com/thread?214227 http://osnews.com/thread?214227 This was a mindset I argued against for years and somewhere along the way my arguments started to stick. The idea that you can do boundary protection and be done, is insane. Anyone having any control over security for an enterprise needs to realize that there is more to network security than border firewalls. Sun, 18 Feb 2007 22:02:00 GMT donotreply@osnews.com (Rugmonster) Comments http://osnews.com/thread?214231 http://osnews.com/thread?214231 dont worry, i am sure it wont be long until there are plenty of handy programs that can turn the firewall off :-) Sun, 18 Feb 2007 22:12:00 GMT donotreply@osnews.com (ssam) Comments http://osnews.com/thread?214238 http://osnews.com/thread?214238 For suitably malicious values of 'handy', you mean? Sun, 18 Feb 2007 22:32:00 GMT donotreply@osnews.com (smitty_one_each) Comments http://osnews.com/thread?214259 http://osnews.com/thread?214259 I couldn't agree more. Rather like those corporations that "standardize" on exactly one vendor's Anti-Virus product. Just hope *you* don't get by the worm that silently avoids that particular flavor of protection... Mon, 19 Feb 2007 00:18:00 GMT donotreply@osnews.com (mwadams) Comments http://osnews.com/thread?214287 http://osnews.com/thread?214287 The issue is not whether the user is wise to be turning the firewall off, or whether he should have known to disable some service.

The point is, when you click the off button ... it should turn off. Mon, 19 Feb 2007 03:54:00 GMT donotreply@osnews.com (HappyGod) Comments http://osnews.com/thread?214295 http://osnews.com/thread?214295 The better way to avoid the virus issue is this; simply don't run McAfee or Nortons - and you won't have that problem.

For me, Kaspersky wins hands down everytime; its interface may not be exactly eye candy, but it does the job without bringing the whole thing down to crawl and crash the system. Mon, 19 Feb 2007 04:49:00 GMT donotreply@osnews.com (kaiwai) Comments http://osnews.com/thread?214309 http://osnews.com/thread?214309 I had no problem disabling the firewall and I don't really use vista that much so I don't care if it gets infected :p

And another thing, maybe MS thought the way he does it wasn't the appropriate way to disable the firewall.. Did he ever think of that? I think not.. Disabling the firewall in vista isn't exactly rocket science, pardon my rudeness, but his rant is just silly.. Mon, 19 Feb 2007 08:17:00 GMT donotreply@osnews.com (remiss) Comments http://osnews.com/thread?214310 http://osnews.com/thread?214310 I -think- it does, only when you turn it off it sets the service into the "Stopped" state.
The thing is though, its startup type is still set on "Automatic" so when another service/program/whatever wants to use it's functionality it gets restarted automatically. I could be wrong, I don't have Vista installed on any of my computers right now but that's what it seems like.

It's more of a bug than Windows/Bill Gates trying to control your actions I think

Of course, in that case there is something to be said here about quality control at microsoft but then again, no one should be really THAT suprised... Mon, 19 Feb 2007 08:17:00 GMT donotreply@osnews.com (Ultimatebadass) Comments http://osnews.com/thread?214313 http://osnews.com/thread?214313 You appear to lack an understanding of computer security. But I'm guessing you read much about it from 'experts in the field'.

Firewalls are routers that have rules to control how or if they route traffic between networks.

A firewall serves no purpose on a PC.
If you want to protect your PC from exploitation of network services then just disable those network services. Mon, 19 Feb 2007 09:06:00 GMT donotreply@osnews.com (jessta) Comments http://osnews.com/thread?214329 http://osnews.com/thread?214329 A firewall is a device which permits or denies connections. A firewall can be hardware or software based.

Firewalls are routers that have rules to control how or if they route traffic between networks.

A firewall is not a router. Many routers include firewall functionality. You can buy hardware firewalls without any routing functionality.

A firewall serves no purpose on a PC.

A software firewall does serve a purpose on a PC, it permits or denies connections.

If you want to protect your PC from exploitation of network services then just disable those network services.

Close, but wrong. A firewall is not a replacement for security, so disabling services that aren't required is essential, however to state that disabling services is the only action required is wrong. If a trojan creeps in, masked by a root kit and opens a port to allow remote control of your PC, a firewall might just save the day.

You appear to lack an understanding of computer security.

No, _You_ appear to lack an understanding of computer security.Edited 2007-02-19 10:32 Mon, 19 Feb 2007 10:31:00 GMT donotreply@osnews.com (bryhhh) Comments http://osnews.com/thread?214335 http://osnews.com/thread?214335 I don't care if it gets infected

Well you should! The odds are that once a machine becomes infected, it will be used as a host for sending spam. Mon, 19 Feb 2007 10:50:00 GMT donotreply@osnews.com (bryhhh) Comments http://osnews.com/thread?214340 http://osnews.com/thread?214340 A Trojan masked by a rootkit that can't disable/bypass your software firewall? I think not.

So your argument is that a software firewall can prevent unauthorised outgoing connections?

I'll give you that preventing unauthorised outgoing connections is a useful thing. But you first have to control everything about what a program is allowed to do otherwise a malicious program can just use another program, that is authorised to make connections, to make the connections it needs.

A firewall is not a replacement for security,
This is very true and is my biggest issue with software firewalls and anti-virus. They add very little in terms of security while costing money, eating computing resources and giving the user a false sense of security.

There is a huge industry built around selling users 'security' software by marketing through fear and aren't solving the problem in the right place. Mon, 19 Feb 2007 11:51:00 GMT donotreply@osnews.com (jessta) Comments http://osnews.com/thread?214342 http://osnews.com/thread?214342 The problem with running client firewalls in an enterprise environment (most specifically a fully AD integrated Windows environment) requires so many ports open you can just as well turn the whole damn thing off as those are also the ports most trojans and viruses use.

Rigorous policies, a virus scanner on both client and server, no local admins and an very tight border security comes a long way in keeping crap outside. Mon, 19 Feb 2007 12:01:00 GMT donotreply@osnews.com (Fred) Comments http://osnews.com/thread?214348 http://osnews.com/thread?214348 A Trojan masked by a rootkit that can't disable/bypass your software firewall? I think not.

Quite right, hence the reason why I said "a firewall might just save the day.", (Emphasis added).

So your argument is that a software firewall can prevent unauthorised outgoing connections?

No, my arguement is that whilst a firewall should not be used as the basis of a security implementation, it does compliment properly securing or disabling services. Firewalls (hardware and software) are not infallable, but they should not be overlooked.

There is a huge industry built around selling users 'security' software by marketing through fear and aren't solving the problem in the right place.

Very true, and I'm aware of far too many people that buy into this false sense of security.Edited 2007-02-19 13:35 Mon, 19 Feb 2007 13:34:00 GMT donotreply@osnews.com (bryhhh) Comments http://osnews.com/thread?214350 http://osnews.com/thread?214350 In addition to that what happens if the computer is a mobile machine that goes to coffee shops and malls. I don't think I trust either of those with the security of my computer. Mon, 19 Feb 2007 13:47:00 GMT donotreply@osnews.com (nberardi) Comments http://osnews.com/thread?214351 http://osnews.com/thread?214351 This web site makes me increasingly sad every day. I come here at least once a day to read stories regarding BeOS/Haiku and other operating systems. The chosen articles and related comments just seem to be a massive anti-"MS$$LOL!!!11111"/LINUX circle-jerk. Mon, 19 Feb 2007 13:55:00 GMT donotreply@osnews.com (ride01) Comments http://osnews.com/thread?214356 http://osnews.com/thread?214356 Well, given the charm offensive launched by Ballmer these days vs. open source/Linux, that's indeed surprising.

But no, your allegation is nonsense, certainly regarding the chosen articles. They are usually linked by people about whom one couldn't have the slightest suspicion that they are in any way and/or disproportionately anti-MS.

Not to mention the fact that sane people are anti-Microsoft by default, given the very nature and track record of that company, but that's another discussion. Mon, 19 Feb 2007 14:13:00 GMT donotreply@osnews.com (h3rman) Comments http://osnews.com/thread?214364 http://osnews.com/thread?214364 First of all, no one has confirmed his observations. He could be doing something wrong, or just trying to bash. If it is true, it is a bug. Lets hope he has reported it to Microsoft, if not he is complaining in the wrong place.

About the firewall.. Disabling the software firewall is just plain stupid. There is no reason to do so, and by doing so you are removing a security-layer (cant get enough of those). In larger installations it can be controlled with group-policies. In a SBS domain the clients cant even disable it by default (dont know if thats default for a win2k3 domain too?).Edited 2007-02-19 15:32 Mon, 19 Feb 2007 15:30:00 GMT donotreply@osnews.com (duckie) Comments http://osnews.com/thread?214365 http://osnews.com/thread?214365 they've probably got a group policy defined to enable the firewall. Mon, 19 Feb 2007 15:37:00 GMT donotreply@osnews.com (nycspud) Comments http://osnews.com/thread?214525 http://osnews.com/thread?214525 All these years we've been convinceing people to use firewalls and now when firewall is built in we try to teach them to turn it of:) Tue, 20 Feb 2007 00:59:00 GMT donotreply@osnews.com (Punktyras) Comments http://osnews.com/thread?214810 http://osnews.com/thread?214810 Earlier poster: Ultimatebadass seems to have touched on the possible answer.
Still OFF should be "OFF", not kinda ON.

References:
Dear Sir Bill Gates: invoice enclosed:

http://www.theregister.com/2006/08/21/bill_gates_invoice/


Disable system auto restart after installing Windows updates:

http://support.microsoft.com/?kbid=555444


"You are coming to a sad realization. Cancel or Allow?"

hylas Tue, 20 Feb 2007 17:56:00 GMT donotreply@osnews.com (hylas) Comments