Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Windows Vista Firewall

Published: 2006-04-26
Last Updated: 2006-04-26 21:53:04 UTC
by Ed Skoudis (Version: 1)
0 comment(s)
In a somewhat related story, ZDNet has an interesting article that discusses the fact that Microsoft has decided that the Windows Vista firewall will include no outbound filtering by default.  Apparently, Microsoft was considering blocking outbound connections by default, but, in response to large enterprise customer requests, they won't be doing that.  Not breaking corporate apps is more important than security, I suppose is the reasoning.  This is a change from the original Plan (yes, note the capital P), which said that Vista would ship with a two-way firewall.  It still has that capability, but outbound filtering will be turned off by default.

I remember a recent fascinating rant from Marcus Ranum, saying (I paraphrase) that a firewall that doesn't block outbound traffic isn't worthy of the name firewall.  From the guy who popularized the term firewall so long ago (and the term script kiddie), that's an interesting point.

But, of course, the lack of outbound filtering isn't a problem, given that the client-side apps are so rock solid.  Also, with your Jedi-like Windows command-line Kung Fu, it won't matter if your box gets hit, because you'll be able to figure it out so quickly and respond...  Yeah, right!

To be fair, there are some arguments for not doing outbound filtering on a personal firewall.  I don't agree with them, but the arguments do exist.

Thanks to reader Tony van der Togt for the heads-up on the ZDNet article.

--Ed Skoudis.
Intelguardians.

UPDATE: Our readers are the best!  It seems that we have eyes everywhere.  Chris Gurley, one of said readers, told us that he was at a Microsoft Security Summit yesterday in Dallas, TX.  He said that a Microsoft security guru at this meeting mentioned that they still intend on shipping Vista with the outbound firewall filtering activated by default.  So, the ZDNet article may be incorrect.  We don't have an authoritative word on The Plan here... but we want to give you all the info we have.  This one will be interesting!

Keywords:
0 comment(s)
Diary Archives