The firewall in Windows Vista will, by default, have half its protection turned off because that is what enterprise customers have requested, according to the software giant.
To read all comments associated with this story, please click here.
Member since:2005-07-20
The Vista firewall is fully bidirectional. It's just that the default behavior is to permit regular internet access to programs, and prompt the user for permission if they attempt to listen to a port.
If you dislike that, run "wf.msc" and you'll get the MMC snapin that let's you tweak it to your liking, be it configing it to asking on any kind of program, or more advanced settings: http://en.wikipedia.org/wiki/Image:Vista_Firewall_MMC.png
Member since:2005-11-16
Total BS.
Don't go blaming Enterprise customers. They do a standard build, preconfigured, including firewall.
This is clearly about the HO's at Microsoft being BOUGHT by software companies breaking the rules. Who's machine is it? Not Yours. Microsoft "Innovation" strikes again.
Member since:2006-01-06
Here's a perfect example of why a lot of people don't take some of you seriously. MS is listening to its customers. These customers want the outgoing firewall turned off by default. But so what: It's completely configurable! Enterprise customers -- the ones that this functionality change is targeted at -- have the ability and resources to decide what their firewall policy is. Want outgoing firewalling turned on by default? No problem! Just implement the enterprise policy -- and bingo -- the change propagates across your org.
The point here is that MS can't win with the haters. If MS listens to its customers, it's violating some illusory security requirement that the haters think is important; and, if they don't listen to customers, they're being "Draconian" or "evil". See how this game works? It's rigged.
Member since:2006-01-04
"Enterprise customers that don't have security/networking experts to customize the firewall?"
I totally agree. The MS choice seem totally clueless to me, why should not the bidirectional FW be fully active by default?
Corporate users have administrators that can change system defaults in a second (more or less...) and usually make a standard installation and ghost it for all similar machine on the net, so it will not be a real problem having the FW fully on by default, nor a seizeable advantage having it partially down by default.
In fact, changing some system defaults is not a problem for an IT staff while it may be a mess for Average Joe the home user.
This is one of the shorcomings of having a single system for home and pro users, I would rather prefer a little more flexible installation process letting the user chose in what *typical* profile he/she fit (home user with his defaults, corporate with different ones, a "secure configuration" with strict security policies and so on) and, better, an advanced panel where making detailed choiches of system default before having the system up and running (into some malware...) for the first time.
Member since:
2005-07-06
Enterprise customers that don't have security/networking experts to customize the firewall ? It's too difficult for MS to implement an outbound firewall (another accusation from the article) ? I call BS, how difficult is designing a dialog "Outbound connection X, allow ? (now) (never) (always)" ?
It seems MS in their infinite wisdom have decided your privacy isn't worth protecting as much as the interests of people who would like their applications to phone home to gather data on you or to spy on you to make sure you are being good (anti-piracy).
I hope this comes back to bite them in the ass - hard. Luckily compromising security inevitably will in the end.