does windows vista firewall prompt you outgoing connect

Does Windows Vista Firewall prompt you for outgoing connections in order to allow, deny or create a rule for outgoing connections? Any screenshots?

You can block incoming and outgoing based on all kinds of things: program, group membership, protocol, address, and such. You can allow only secure connections and require encryption. You can define rules and base the whole thing on policies. I suppose it can prompt rather than just block. But I haven't messed around with it enough to be sure.

I can't do a screenshot here but maybe someone else can send you to one. The console is in Administrative Tools under Windows Firewall with Advanced Security.
"Franz" wrote in message

Does Windows Vista Firewall prompt you for outgoing connections in order to allow, deny or create a rule for outgoing connections? Any screenshots?

Hello!
"Franz" wrote in message

Does Windows Vista Firewall prompt you for outgoing connections in order to allow, deny or create a rule for outgoing connections? Any screenshots?

Here are some nice articles :>
Crippled Vista http://www.securitypronews.com/news/securitynews/spn-45-20060428CrippledVista.html
Vista To Handcuff Firewall http://www.techweb.com/wire/security/187000304
OTOH: How to enable two-way firewall? http://www.edbott.com/weblog/?p=1219
Roman

why cant you do a screenshot?
Just curious...
-- "What concerns me is not the way things are, but rather the way people think things are." - Epictetus 55-135
"Puppy Breath" wrote in message

You can block incoming and outgoing based on all kinds of things: program, group membership, protocol, address, and such. You can allow only secure connections and require encryption. You can define rules and base the whole thing on policies. I suppose it can prompt rather than just block. But I haven't messed around with it enough to be sure.

I can't do a screenshot here but maybe someone else can send you to one. The console is in Administrative Tools under Windows Firewall with Advanced Security.
"Franz" wrote in message Does Windows Vista Firewall prompt you for outgoing connections in order to allow, deny or create a rule for outgoing connections? Any screenshots?

If you're going to play with the Firewall, head on over to the MMC console in Administrative Tools as that has a hell of a lot more options with it, as opposed to the Control Panel applet :o)
-- Zack Whittaker » ZackNET Enterprises: www.zacknet.co.uk » MSBlog on ResDev: www.msblog.org » Vista Knowledge Base: www.vistabase.co.uk » This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, Ghandi, my mother or my cat. Glad we cleared that up!
--: Original message follows :-- "roman modic" wrote in message

Hello!
"Franz" wrote in message Does Windows Vista Firewall prompt you for outgoing connections in order to allow, deny or create a rule for outgoing connections? Any screenshots?
Here are some nice articles :
Crippled Vista http://www.securitypronews.com/news/securitynews/spn-45-20060428CrippledVista.html
Vista To Handcuff Firewall http://www.techweb.com/wire/security/187000304
OTOH: How to enable two-way firewall? http://www.edbott.com/weblog/?p=1219
Roman

why cant you do a screenshot?

Don't know how.
(Kidding). I can do the shot but WinMail doesn't want to send it. Don't know why yet. Maybe I shouldn'ta been screwing around with the firewall. .

"John Jay Smith" <-> wrote in message

why cant you do a screenshot?
Just curious...
-- "What concerns me is not the way things are, but rather the way people think things are." - Epictetus 55-135
"Puppy Breath" wrote in message You can block incoming and outgoing based on all kinds of things: program, group membership, protocol, address, and such. You can allow only secure connections and require encryption. You can define rules and base the whole thing on policies. I suppose it can prompt rather than just block. But I haven't messed around with it enough to be sure.

I can't do a screenshot here but maybe someone else can send you to one. The console is in Administrative Tools under Windows Firewall with Advanced Security.
"Franz" wrote in message Does Windows Vista Firewall prompt you for outgoing connections in order to allow, deny or create a rule for outgoing connections? Any screenshots?

Here's a screenshot of the main outgoing port window (all crunched together). Assumins WinMail cooperates. You can also configure through a dialog box.
"Franz" wrote in message

Does Windows Vista Firewall prompt you for outgoing connections in order to allow, deny or create a rule for outgoing connections? Any screenshots?

"Puppy Breath" wrote:

You can block incoming and outgoing based on all kinds of things: program, group membership, protocol, address, and such. You can allow only secure connections and require encryption. You can define rules and base the whole thing on policies. I suppose it can prompt rather than just block. But I haven't messed around with it enough to be sure.

yes I know you can create an off-line rule from the MMC, but I want to know if Windows Vista firewall prompt you with a pop-up when a program need estabilish an outgoing connection or you must create an off-line rule. Why I didn't see in Internet an article about this? I read this http://www.microsoft.com/technet/community/columns/cableguy/cg0106.mspx but there's not a screenshot or an explaination about prompt for outgoing connection (I only see you can create a rule, but not prompt?).

Oh, sorry. Don't know about that part of it. Haven't played with it much. Maybe someone else knows.
"Franz" wrote in message

"Puppy Breath" wrote:
You can block incoming and outgoing based on all kinds of things: program, group membership, protocol, address, and such. You can allow only secure connections and require encryption. You can define rules and base the whole thing on policies. I suppose it can prompt rather than just block. But I haven't messed around with it enough to be sure.
yes I know you can create an off-line rule from the MMC, but I want to know if Windows Vista firewall prompt you with a pop-up when a program need estabilish an outgoing connection or you must create an off-line rule. Why I didn't see in Internet an article about this? I read this http://www.microsoft.com/technet/community/columns/cableguy/cg0106.mspx but there's not a screenshot or an explaination about prompt for outgoing connection (I only see you can create a rule, but not prompt?).

Ooops, sorry. The screesnshot was intended for Franz (who apparently doesn't need the one I sent).

"Puppy Breath" wrote in message

Here's a screenshot of the main outgoing port window (all crunched together). Assumins WinMail cooperates. You can also configure through a dialog box.
"Franz" wrote in message Does Windows Vista Firewall prompt you for outgoing connections in order to allow, deny or create a rule for outgoing connections? Any screenshots?

As Puppy says, you can't do that with the default Windows Firewall in Windows Vista located in the Control Panel. You have to use the Windows Firewall with Advanced Security.
Here is a great article from the Cable Guy about using it: http://www.microsoft.com/technet/community/columns/cableguy/cg0106.mspx -- -- Andre Windows Connected | http://www.windowsconnected.com Extended64 | http://www.extended64.com Blog | http://www.extended64.com/blogs/andre http://spaces.msn.com/members/adacosta
"Franz" wrote in message

Does Windows Vista Firewall prompt you for outgoing connections in order to allow, deny or create a rule for outgoing connections? Any screenshots?

Has to be less than about 50-75kb or so - save it as a JPG or cut down whatever you can out of the screenshot. Alternatively, stick it on a web host somewhere and send in the link :o)
-- Zack Whittaker » ZackNET Enterprises: www.zacknet.co.uk » MSBlog on ResDev: www.msblog.org » Vista Knowledge Base: www.vistabase.co.uk » This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, Ghandi, my mother or my cat. Glad we cleared that up!
--: Original message follows :-- "Puppy Breath" wrote in message

why cant you do a screenshot?
Don't know how.
(Kidding). I can do the shot but WinMail doesn't want to send it. Don't know why yet. Maybe I shouldn'ta been screwing around with the firewall. .

"John Jay Smith" <-> wrote in message why cant you do a screenshot?
Just curious...
-- "What concerns me is not the way things are, but rather the way people think things are." - Epictetus 55-135
"Puppy Breath" wrote in message You can block incoming and outgoing based on all kinds of things: program, group membership, protocol, address, and such. You can allow only secure connections and require encryption. You can define rules and base the whole thing on policies. I suppose it can prompt rather than just block. But I haven't messed around with it enough to be sure.

I can't do a screenshot here but maybe someone else can send you to one. The console is in Administrative Tools under Windows Firewall with Advanced Security.
"Franz" wrote in message Does Windows Vista Firewall prompt you for outgoing connections in order to allow, deny or create a rule for outgoing connections? Any screenshots?

Hello!
"Andre Da Costa [Extended64]" wrote in message

As Puppy says, you can't do that with the default Windows Firewall in Windows Vista located in the Control Panel. You have to use the Windows Firewall with Advanced Security.
Here is a great article from the Cable Guy about using it: http://www.microsoft.com/technet/community/columns/cableguy/cg0106.mspx

And another from Jesper Johansson: http://blogs.technet.com/jesper_johansson/archive/2006/05/01/426921.aspx

The key problem is that most people think outbound host-based firewall filtering will keep a compromised asset from attacking other assets. This is impossible. Putting protective measures on a compromised asset and asking it not to compromise any other assets simply does not work. Protection belongs on the asset you are trying to protect, not the one you are trying to protect against! Asking the bad guys not to steal stuff after they have already broken into your house is unlikely to be nearly as effective as keeping them from breaking into the house in the first place.
In addition, as the dialogs above suggest, the vast majority of users are unable to make intelligent security decisions based on the information presented. Presenting information that does allow them to make intelligent decisions is much harder than it sounds because it would require the firewall to not just understand ports, protocols, and the application that is making the request, but also to understand what it is the request really is trying to do and what that means to the user. This information is very difficult to obtain programmatically. For instance, the fact that Microsoft Word is attempting to make an outbound connection is not nearly as interesting as what exactly Word is trying to do with that connection. A plethora of dialogs, particularly ones devoid of any information that helps an ordinary mortal make a security decision, are simply another fast clicking exercise. We need to reduce the number of meaningless dialogs, not increase them, and outbound filtering firewalls do not particularly help there. While writing this article I went and looked at the sales documentation for a major host-based firewall vendor. They tout their firewall's outbound filtering capacity and advising capability with a screen shot that says "Advice is not yet available for this program. Choose below or click More Info for assistance." Below are two buttons with the texts "Allow" and "Deny." Well, that clarifies things tremendously! My mom will surely understand what that means: "Unless you click 'Allow' below you won't get to see the naked dancing pigs that you just spent 8 minutes downloading." I rest my case.
Fundamentally, it is incumbent on the administrator to configure all outbound filtering because the end user will not be able to, and once the administrator does that, if there are enough systems using the same protection mechanism, automated malware will just adapt and exploit the weaknesses mentioned above.
Now, given what I just said about outbound filtering, why is it even included in Windows Vista? Here is why: there is one particular area where outbound host-based firewall filtering provides real security value, but only in Windows Vista. In that operating system, services can run with a highly restricted token. In essence, each service has its own security identifier (SID) which is unique to that service and different even from the SIDs of other services running in the same account. This Service SID can be used to restrict access to resources, such as network ports. What that means is that even though two services run as NetworkService, they cannot manage each others processes and the firewall can be configured to allow only one of them to communicate out. If the other one, the blocked one, is compromised, it cannot hijack the allowed service and use its allowed port to communicate out. This functionality is another one of the very cool security features added to Windows Vista, and the new Firewall uses it to actually provide real security value by outbound firewall filtering. In fact, firewall filtering on service SIDs is enabled by default in Windows Vista. The rules are predefined in the HKLM\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\RestrictedServices registry key.

Cheers, Roman