Vista Forums - View Single Post - Microsoft limits Vista Firewall

05-05-2006

You guys may be right. However, even if they did close all ports, would
users know if/when it's OK to let something go through? Also, there's over
32,000 ports to worry about (65,635 if you look at it terms of TCP and UP).
I don't see how you could make it "user friendly".

Besides, the threats come from outside your own network, not inside. At
least, they shouldn't be coming from the inside if the rest of your security
is in place. And what's to keep a piece of malware from sending out through
port 80, which is always open on everyone's machine?

I don't know, I think closing all outgoing ports by default would be a real
nightmare for end users. Especially since the threats shouldn't be coming
from inside in the first place. But again, what difference does it make? It
only takes a mouse click to change them from Open to Closed.

"Tom Porterfield" <tpporter@mvps.org> wrote in message
news:utanX6FcGHA.4896@TK2MSFTNGP03.phx.gbl...
> Puppy Breath wrote:
>> The whole gist of that article is kinda dumb. What difference does it
>> make
>> what the default settings are? How do default settings "limit" a
>> firewall? I think most commercial firewalls come with all the well-known
>> ports open for incoming traffic, and all outgoing ports open as well. But
>> what difference does it make? Everybody has to define their own ingress
>> and egress filters for their own network. You couldn't come up with
>> default settings that work for everyone.
>
> They have set the defaults (no monitoring of outgoing traffic) based on
> feedback from enterprise customers. This seems strange as it is the
> enterprise customer that is most likely to have someone on staff who knows
> how to properly configure this for their enterprise.
>
> The typical home user (for whom some basic defaults could be defined well)
> will not know how to configure this and will therefore never take
> advantage of those parts of the firewall.
>
> I suspect the "because our enterprise customers asked us to" reason is not
> really valid and that the true reason is they found they don't have enough
> time to make this friendly enough for the average home user, and therefore
> went with the option that will allow them to meet their delivery dates.
> --
> Tom Porterfield

05-05-2006	#6 (permalink)
Puppy Breath n/a posts	Re: Microsoft limits Vista Firewall - for their own good ? You guys may be right. However, even if they did close all ports, would users know if/when it's OK to let something go through? Also, there's over 32,000 ports to worry about (65,635 if you look at it terms of TCP and UP). I don't see how you could make it "user friendly". Besides, the threats come from outside your own network, not inside. At least, they shouldn't be coming from the inside if the rest of your security is in place. And what's to keep a piece of malware from sending out through port 80, which is always open on everyone's machine? I don't know, I think closing all outgoing ports by default would be a real nightmare for end users. Especially since the threats shouldn't be coming from inside in the first place. But again, what difference does it make? It only takes a mouse click to change them from Open to Closed. "Tom Porterfield" <tpporter@mvps.org> wrote in message news:utanX6FcGHA.4896@TK2MSFTNGP03.phx.gbl... > Puppy Breath wrote: >> The whole gist of that article is kinda dumb. What difference does it >> make >> what the default settings are? How do default settings "limit" a >> firewall? I think most commercial firewalls come with all the well-known >> ports open for incoming traffic, and all outgoing ports open as well. But >> what difference does it make? Everybody has to define their own ingress >> and egress filters for their own network. You couldn't come up with >> default settings that work for everyone. > > They have set the defaults (no monitoring of outgoing traffic) based on > feedback from enterprise customers. This seems strange as it is the > enterprise customer that is most likely to have someone on staff who knows > how to properly configure this for their enterprise. > > The typical home user (for whom some basic defaults could be defined well) > will not know how to configure this and will therefore never take > advantage of those parts of the firewall. > > I suspect the "because our enterprise customers asked us to" reason is not > really valid and that the true reason is they found they don't have enough > time to make this friendly enough for the average home user, and therefore > went with the option that will allow them to meet their delivery dates. > -- > Tom Porterfield
My System Specs