Vista - Network Location badly explained in Vista Help

Just a reflection on Vista help, really:

It has occured to me that the help section, that pops up when you ask the Network and Sharing Center to "Help Me Choose", is very badly written.

It appears to say (at a first glance):

• Home or Work (Private Network) - Choose one of these locations for home [or work]...
• Public place (Public Network) - Choose this location for networks in public places (such as coffee shops or airports).

This is manifestly wrong, as you should choose Public for Internet Connections, whether they are in a coffee shop, in at your own home or where ever; moreover, you might wish to secure even a Private Network with Public settings.

The names are confusing too: Public sounds as if you are opening yourself up to everyone; Private sounds more secure.

Obviously this is the wrong way round... It took me ages (and a lot of hunting around forums like this) to figure it all out.

Statements like "If there’s only one computer on your network..." don't help since the statement "network with only one computer" is surely a non-sequetur: there needs to be more than one for a network...
The internet is made up of billions of computers, so technically there are billions of computers on "my" network, we just can't see each other.

There is no mention at all of general internet connections, in fact. Perhaps MS could find a way to rewrite this section of Help to make it clear to people without home networks (the vast majority, probably) that their Internet settings should be Public?

Thanks for editing the post for clarity, barman. I can't seem to be able to get the format buttons to work in FireFox.

Nah. Think about it in terms of security boundaries. When you connect to a "private" network, there's an expectation of an edge security system keeping out the public and thus keeping the network "private". That edge security is provided by the (hardware) firewall/router which most advanced users run at home. Therefore, their home network is indeed "private", even if the client machines can access the internet through the edge firewall.

"Private" means the network itself is considered more secure, which is why the firewall on the Vista machine can afford to relax a little and permit activities which it would normally block on a public network. In other words, there are two variables here: the type of network and the level of protection from the Vista firewall.

I'm not arguing the wording. If you think it's confusing, then by definition it is. I just thought I'd sort out some of the nomenclature

Er... now I am even more confused.

As I understood it, Private is less secure as it allows Network Discovery and Printer and File Sharing. In other words, not only can every one see your computer, they can access your files and print their own dodgy files out on your printer... Not the best choice for an internet connection, I guess. Fine for a home or office network behind a ton of firewalls. Public or Private Network?

Anyway, the point is that the help file does not address the general user but only those with private networks: those who already understand. It says nothing about internet connections. An unwary reader with no knowledge (ie most users) might interpret it as saying: if you are in a coffee shop use Public, at home use Private, in all situations, even when browsing the internet. Not good.

A "private network" is more secure. A "private network firewall profile" is more permissive and therefore somewhat less secure.

A "public network" is the most dangerous type of network to connect to. A "public network firewall profile" is the most locked down firewall preset, as befitting the (potentially hazardous) nature of a public network.

That user's interpretation of the guidelines would be correct

If you're at home on a private network - behind an edge firewall - always use "private", even when intending to browse the internet. Otherwise, functionality such as file sharing with other machines on that private network will be unavailable.

Let's be clear here: I am at home with no network at all except the internet and with only software firewalls (eg Kaspersky IS plus Vista Firewall): what do I choose? Public Location surely? Despite my not being "in public places (such as coffee shops or airports)." This is not explained in the help file.

Surely not?!

I meant only browsing the internet with basic software and no other network. (Or a "one machine network" as it is described by MS.) That's what I meant when I said "Not good": if you are only browsing the internet, choose Public Location whether you happen to be in a youth centre, at home, or on Mars (since the internet is the most Public Network in the world and therefore least secure). This is the situation described in Public or Private Network?

A private network is only as secure as it is made, presumably, but that isn't the point: I am talking about Vista settings and the fact that Microsoft provide very poor explanations. I think you and I have made that point very obvious!

Hi Iain,

I think this post has proved it's own worth by the very fact that there is room for discussion .

I think the major difficulty is the definition, in this context, of the word "secure" I personally would like to see that work replaced with "Trusted". The Private Home or work network is more trusted than the Public network. Strangely enough this is the very word used by Microsoft to describe similar concepts in the network server field

Then there is the definition of Private/Work and Public Networks I personally define a public network as one that is directly connected to the internet and not protected by a router / NAT / firewall.

This is therefore less of a location based definition than a connection based one. Your situation would of course under my definition be a public network and thus require to setup in as such

Just my own musings on the subject

Nail on head, barman! It is the usage of particular words that confuses.

The worst is Location: "I am in private at home on the net, so I must choose Private Location, right?" Wrong! But that was my thinking before I checked it out...

Your definition of Public Network is the best I've heard, but surely some Private Networks should also be treated as if they were Public?

And "...one computer on your network... still makes me laugh!


Actually, it is not only this particular setting that is badly explained in Help and Support, but it is probably one of the most dangerous to get wrong.

Another confusing statement (from What is network discovery?):

• "Network discovery is a network setting that affects whether your computer can see(find) other computers and devices on the network..."

"But surely I need to see/find other computers and devices on the internet, otherwise how do I interact with them...?" Um... Think we missed the point somewhere...

Hi Iain,

This is yet another terminology Issue, I take it that when Microsoft uses the word Network they mean Local Area Network (LAN), and the Wide Area Network (WAN) is referred to by the popular term Internet.

Now the way I understand these terms is that a LAN is a number of computers (1 upwards ), on the users side of a Router/Firewall, and corresponds to the Private area I mentioned above.

As said above if a router/firewall is not present then you are connected to the WAN (internet) and thus in the public area.

In the case of the Internet cafe or wireless hotspot where a router will normally be present, and thus a LAN exists, as you have no control of the router, or trust of the other machines on the LAN this must also be considered as a Public location.

Hope this explains my understanding of this

Pretty much mine too. I hadn't thought of the restricted (and potentially confusing) use of Network. If they explained it your way, there would be no problem!