Vista - Do I really need a third party firewall?

With Vista and Defender, and a good antiVirus (Avast), do I need
another layer of complexity and protection?

-- Windows Defender tells you not to have more than one Firewall running at
the same time, for example, so if you fall for the hype, you must disable
Windows Defender, which came free with Vista, and use another product that
someone will tell you is the "best". If you have a good free anti-virus (such
as the highly-praised Avast, which you have) and MS own Windows Defender
you're protected.
Read "Security Center" help in Control Panel to answer your concerns.
Wayne

"notachance" wrote:

> With Vista and Defender, and a good antiVirus (Avast), do I need
> another layer of complexity and protection?
>

Further to what I said is the "rule of thumb" that you only have one of any
protection running at one time. This is specially true of antivirus programs.
I use only Avast and Windows Defender, and cancelled my Internet Provider's
free
protection, because it comes free with Vista, and it would have lessened my
protection. One of each is the rule, and more is not better.
Go into Control Panel> Security Center, Windows Firewall, Windows Defender,
and all will be explained. Make sure everything is on, and set to your
liking. Wayne
--
Wayne L.


"Wayne L." wrote:

>
> -- Windows Defender tells you not to have more than one Firewall running at
> the same time, for example, so if you fall for the hype, you must disable
> Windows Defender, which came free with Vista, and use another product that
> someone will tell you is the "best". If you have a good free anti-virus (such
> as the highly-praised Avast, which you have) and MS own Windows Defender
> you're protected.
> Read "Security Center" help in Control Panel to answer your concerns.
> Wayne
>
> "notachance" wrote:
>
> > With Vista and Defender, and a good antiVirus (Avast), do I need
> > another layer of complexity and protection?
> >

Wayne

You do NOT have to disable Windows Defender in order to use a firewall.. WD
is an anti-spyware utility, not a firewall..


"Wayne L." <enyawnodnolOBVIOUS@hotmail.com> wrote in message
news:67A90B4A-42E9-4D2B-8DE3-872F49C08C85@microsoft.com...
>
> -- Windows Defender tells you not to have more than one Firewall running
> at
> the same time, for example, so if you fall for the hype, you must disable
> Windows Defender, which came free with Vista, and use another product that
> someone will tell you is the "best". If you have a good free anti-virus
> (such
> as the highly-praised Avast, which you have) and MS own Windows Defender
> you're protected.
> Read "Security Center" help in Control Panel to answer your concerns.
> Wayne
>
> "notachance" wrote:
>
>> With Vista and Defender, and a good antiVirus (Avast), do I need
>> another layer of complexity and protection?
>>

--


Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/

Run the Windows Firewall alongside them.. people will tell you that a 3rd
party firewall is the best solution, but the problem with those is that they
ask the users questions regarding allowing access for which the users do not
have an educated answer.. so, do you want ICQ to act as a server (you have
five seconds to respond or quit the program)? What are the implications?
Most do not know, so they answer YES.. now ICQ will let anything through,
and the firewall has been told it is ok to do that.. OOPS..

In actual fact, ICQ is useless if not allowed to act as a server, but other
programs that ask for access may not be so forgiving, especially when the
reference is to some obscure internal executable..


"notachance" <nochance@all.to> wrote in message
news:f5nk1j$6bu$1@registered.motzarella.org...
> With Vista and Defender, and a good antiVirus (Avast), do I need another
> layer of complexity and protection?

--


Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/

"Mike Hall - MVP" <mikehall@mvps.org> wrote in message
news:e1y3WPytHHA.3480@TK2MSFTNGP04.phx.gbl...
> Run the Windows Firewall alongside them.. people will tell you that a 3rd
> party firewall is the best solution, but the problem with those is that
> they ask the users questions regarding allowing access for which the users
> do not have an educated answer.. so, do you want ICQ to act as a server
> (you have five seconds to respond or quit the program)? What are the
> implications? Most do not know, so they answer YES.. now ICQ will let
> anything through, and the firewall has been told it is ok to do that..
> OOPS..
>
> In actual fact, ICQ is useless if not allowed to act as a server, but
> other programs that ask for access may not be so forgiving, especially
> when the reference is to some obscure internal executable..
>
>


If that's an attempt to justify the inexcusable lack of prompts in the
outbound Vista firewall, then it doesn't wash.

Most people are computer savvy enough to realize that when dkfljdf.exe is
trying to connect to collectcreditcardinfo.com then something aint quite
right. The prompts act an invaluable warning sign.

I suspect the real reason for the lack of outbound prompts is that MS don't
want the average user being made aware of every outbound connection that
their own operating system is making.

--
Jon

"Jon" <Email_Address@SomewhereOrOther.com> wrote in message
news:eojDbVztHHA.1168@TK2MSFTNGP02.phx.gbl...
>
> "Mike Hall - MVP" <mikehall@mvps.org> wrote in message
> news:e1y3WPytHHA.3480@TK2MSFTNGP04.phx.gbl...
>> Run the Windows Firewall alongside them.. people will tell you that a 3rd
>> party firewall is the best solution, but the problem with those is that
>> they ask the users questions regarding allowing access for which the
>> users do not have an educated answer.. so, do you want ICQ to act as a
>> server (you have five seconds to respond or quit the program)? What are
>> the implications? Most do not know, so they answer YES.. now ICQ will let
>> anything through, and the firewall has been told it is ok to do that..
>> OOPS..
>>
>> In actual fact, ICQ is useless if not allowed to act as a server, but
>> other programs that ask for access may not be so forgiving, especially
>> when the reference is to some obscure internal executable..
>>
>>
>
>
> If that's an attempt to justify the inexcusable lack of prompts in the
> outbound Vista firewall, then it doesn't wash.
>
> Most people are computer savvy enough to realize that when dkfljdf.exe is
> trying to connect to collectcreditcardinfo.com then something aint quite
> right. The prompts act an invaluable warning sign.

The average joe blow computer user is not savvy enough to know this. And
there are too many questions asked by such solutions that the user becomes
oblivious to them, much like I would suspect is happening with UAC. It's to
the point with these type of solutions for most users, solutions that ask
too many questions, that they basically start blowing them off.

>
> I suspect the real reason for the lack of outbound prompts is that MS
> don't want the average user being made aware of every outbound connection
> that their own operating system is making.

A FW's main job is to stop unsolicted inbound traffic and to protect
services like HTTP, SMTP, POP etc and etc. Its job is not to be asking the
user to be making decisions as to what they should and what they should not
allow to access the Internet with something like Application Control in
personal FW(s).

Personal FW's are not FW(s) and are only machine level packet filters with a
bunch of snake oil in them trying to protect one from his or her self that
it cannot do.

"notachance" <nochance@all.to> wrote in message
news:f5nk1j$6bu$1@registered.motzarella.org...
> With Vista and Defender, and a good antiVirus (Avast), do I need another
> layer of complexity and protection?

No you don't need another level of complexity. You should be enabling the
Vista FW/personal packet filter. There is another element on the O/S that I
like to use to supplement the Vista FW, when the machine has a direction
connection with the modem and is a direct connection to the Internet.

It's called IPsec, which can be used to stop inbound or outbound traffic by
port, protocol, IP or subnet. I use IPsec to stop outbound traffic behind
the Vista FW if I ever need to stop outbound. I never had a need to stop
outbound traffic using XP's FW and IPsec as well, when I was using XP.

http://www.petri.co.il/block_ping_tr...with_ipsec.htm

I implemented the AnalogX IPsec polices and made my adjustments to the
policies as to what I was letting through and what I was not letting through
for services like HTTP, POP3, SMTP. On the client side I let the traffic
through for those services needed. On the server side of the polices,
traffic is not let through for the services, because I have no need for
those services to be active.

http://www.analogx.com/CONTENTS/articles/ipsec.htm

I have never had to use this part of IPsec, but it's there.

http://support.microsoft.com/kb/813878

In no way does it justify lack of prompts by a Windows firewall.. people
griping about an MS monopoly is what causes the lack of prompts by a Windows
firewall..

And you are wrong about most being computer savvy.. if only I had a cent for
everytime a user said to me "but I have a firewall".. the majority ask how
to turn the prompts off because they get in the way.. or worse still,
disable the firewall..


"Jon" <Email_Address@SomewhereOrOther.com> wrote in message
news:eojDbVztHHA.1168@TK2MSFTNGP02.phx.gbl...
>
> "Mike Hall - MVP" <mikehall@mvps.org> wrote in message
> news:e1y3WPytHHA.3480@TK2MSFTNGP04.phx.gbl...
>> Run the Windows Firewall alongside them.. people will tell you that a 3rd
>> party firewall is the best solution, but the problem with those is that
>> they ask the users questions regarding allowing access for which the
>> users do not have an educated answer.. so, do you want ICQ to act as a
>> server (you have five seconds to respond or quit the program)? What are
>> the implications? Most do not know, so they answer YES.. now ICQ will let
>> anything through, and the firewall has been told it is ok to do that..
>> OOPS..
>>
>> In actual fact, ICQ is useless if not allowed to act as a server, but
>> other programs that ask for access may not be so forgiving, especially
>> when the reference is to some obscure internal executable..
>>
>>
>
>
> If that's an attempt to justify the inexcusable lack of prompts in the
> outbound Vista firewall, then it doesn't wash.
>
> Most people are computer savvy enough to realize that when dkfljdf.exe is
> trying to connect to collectcreditcardinfo.com then something aint quite
> right. The prompts act an invaluable warning sign.
>
> I suspect the real reason for the lack of outbound prompts is that MS
> don't want the average user being made aware of every outbound connection
> that their own operating system is making.
>
> --
> Jon
>
>

--


Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/

"Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
news:ubg5O8ztHHA.3404@TK2MSFTNGP03.phx.gbl...
>
> "Jon" <Email_Address@SomewhereOrOther.com> wrote in message
> news:eojDbVztHHA.1168@TK2MSFTNGP02.phx.gbl...
>>
>> "Mike Hall - MVP" <mikehall@mvps.org> wrote in message
>> news:e1y3WPytHHA.3480@TK2MSFTNGP04.phx.gbl...
>>> Run the Windows Firewall alongside them.. people will tell you that a
>>> 3rd party firewall is the best solution, but the problem with those is
>>> that they ask the users questions regarding allowing access for which
>>> the users do not have an educated answer.. so, do you want ICQ to act as
>>> a server (you have five seconds to respond or quit the program)? What
>>> are the implications? Most do not know, so they answer YES.. now ICQ
>>> will let anything through, and the firewall has been told it is ok to do
>>> that.. OOPS..
>>>
>>> In actual fact, ICQ is useless if not allowed to act as a server, but
>>> other programs that ask for access may not be so forgiving, especially
>>> when the reference is to some obscure internal executable..
>>>
>>>
>>
>>
>> If that's an attempt to justify the inexcusable lack of prompts in the
>> outbound Vista firewall, then it doesn't wash.
>>
>> Most people are computer savvy enough to realize that when dkfljdf.exe is
>> trying to connect to collectcreditcardinfo.com then something aint quite
>> right. The prompts act an invaluable warning sign.
>
> The average joe blow computer user is not savvy enough to know this. And
> there are too many questions asked by such solutions that the user becomes
> oblivious to them, much like I would suspect is happening with UAC. It's
> to the point with these type of solutions for most users, solutions that
> ask too many questions, that they basically start blowing them off.
>
>>
>> I suspect the real reason for the lack of outbound prompts is that MS
>> don't want the average user being made aware of every outbound connection
>> that their own operating system is making.
>
> A FW's main job is to stop unsolicted inbound traffic and to protect
> services like HTTP, SMTP, POP etc and etc. Its job is not to be asking
> the user to be making decisions as to what they should and what they
> should not allow to access the Internet with something like Application
> Control in personal FW(s).
>
> Personal FW's are not FW(s) and are only machine level packet filters with
> a bunch of snake oil in them trying to protect one from his or her self
> that it cannot do.
>
>



I'll refrain from quibbling about how widely computing knowledge is
disseminated, or on what the limits to the role of a firewall should be -
since both of those are fairly subjective.

What I will say is this. Anyone who has ever used a third party firewall,
such as Zone Alarm, Sygate etc - of which the numbers are many - is already
familiar with being told, on a fairly informative level, which applications
are connecting and to where.

If you quizzed Vista users who have downloaded another firewall (such as
Zone Alarm, Vista firewall) in preference to the Vista one, on why they made
the switch, then I suspect you'd also discover that the number one reason
for the switch (however trivial it may seem to some), is that they WANT the
prompts. They want to know which applications are connecting from their
computer and to where.

Yes, in older versions of Windows it WAS a bit of a snake oil - any other
running program could (and did )easily toggle off the firewall to suit its
evil purposes. With the introduction of UAC this is no longer the case - the
potential is there for a fairly robust outbound firewall + UAC combination.
So it's kind of ironic that an otherwise highly security conscious operating
system, should have such a major area of weakness.

--
Jon