Why is it that SP2 Firewall has no Outbound Protections?

Discussion in 'other firewalls' started by sweater, Aug 29, 2005.

Thread Status:
Not open for further replies.
  1. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    :rolleyes: I'm wondering why is it that the Windows XP SP2 built-in firewall didn't include an outbound protections or outgoing application control... is it maybe they've made a deal w other firewall makers not to do that or else... :mad:

    Unlike the MS Antispyware Beta it is "complete" and probably one of the best anti-spyware at present. Is it more expensive to make outbound protections? o_O :doubt: :'(
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
    A guess would be that they didn't want to be accused of killing the competition. The Windows built in firewall is on by default in sp2 and will protect new users from attacks.
     
    Last edited: Aug 29, 2005
  3. Mem1

    Mem1 Guest

    Why? Because of ease of use concerns for the end user. It has always been a balance of security vs ease of use. The original beta of XPSP2 announcement stated outbound control (and you'll see that in early media reports) but further end user groups showed a lot of technical misunderstanding on it. Heck, we still see users having problems with the blocking pop-up to allow a program to listen incoming on a port with Windows Firewall. By blocking unsolicited inbounds, the firewall does a decent job for those just hooking up to the Internet. Outbound requires more user interaction and can be supplied by free alternatives - or paid alternatives for those wanting even more features.

    BTW, it looks like Vista will have an in/out-bound firewall built in. It should be interesting to see how flexible it is and how users react to it.
     
  4. Tyreman

    Tyreman Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    107
    :D Well maybe M$ just wants to let all Gods children to go/call/come home base?<>
     
  5. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    Funny...I was thinking the same thing. ;)
     
  6. Syncman9

    Syncman9 Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    113
    Location:
    UK
    MS Firewall uses application control to control which applications can output to the internet, but it's not proper outbound protection, since once you allow an application it can do what ever it likes.
     
  7. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Actually WinXP SP2 firewall does have an outbound control. These are warnings when an app attempts to act like a server (FTP/HTTP server,P2P programs etc)
     
  8. ---

    --- Guest

    Simple enough to build in a bypass for MS approved stuff. I think Mem1's post is the right one.
     
  9. Syncman9

    Syncman9 Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    113
    Location:
    UK
    RejZor,

    Applications which act like a server, normally mean it's allowing an inbound connection which yes MS firewall does control. Outgoing connections are control by controling whether an application can run or not, but it's not a proper outgoing connection control.
     
  10. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well for me it's enough to just block it if desired. I tried few firewalls,but in the end i came back to WinXP SP2 firewall. I'm tired of endles popups to allow this and that just because some softare updated. Bah.
     
  11. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    For the average user who doesn't want even more decisions to make, WF is enough.

    I'm happy that MS at least has a firewall that on in-bound is just as good as anything eles. I personnally use a 3rd party firewall to control mainly legitimate apps that are "out of control" with their constant connection behavior, whether appropriate or not.

    With apps such as PG and SSM though, a good case can be made for dispensing with outbound control firewalls.

    Regards - Charles
     
  12. Tyreman

    Tyreman Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    107
    :D It seems no matter which soft 'wall one loads no "perfect" as yet app exists :( .
     
  13. Syncman9

    Syncman9 Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    113
    Location:
    UK
    Not completely, these programs are good, but I personally like the extra control that a software firewall gives me in regards to outbound traffic. For example I have a few apps which I run, but I don't want to give them net acccess. You can't do that PG etc, you can only choose whether they run.
     
  14. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    Hello Syncman9,

    but I personally like the extra control that a software firewall gives me in regards to outbound traffic. For example I have a few apps which I run, but I don't want to give them net acccess.
    Agree, and wrote much the same in the first part of my post.

    Not completely, these programs are good
    For the record, SSM gives you finer contols of app behavior than PG.

    This and any other security question always revolves around what mix of apps are run, user knowledge, abililty, and willingness to pay attention to security alerts. Everyone here is interested in the best possible security given their system, that attitude is not unversal to say the least, although it is getting better.

    Regards - Charles
     
  15. Tyreman

    Tyreman Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    107
    "Everyone here is interested in the best possible security given their system, that attitude is not unversal to say the least, although it is getting better."

    You'd sure think so by now :D

    ...reminds me of awhile ago when a relative reloaded aothers contaminated system for them, warned them got them apps and bingo a week or so later now they couldn't even boot to the welcome screen o_O

    It makes you scratch your head in wonderment :)
     
  16. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    I just re-read this thread - the above is not true, WF blocks the outbound connection attempt of any app that's added thru WF's advanced tab > exceptions. The app can be merrily running, just can't connect out.

    Regards - Charles
     
  17. mem1

    mem1 Guest

    Exceptions are allowing programs to listen for unsolicited inbound connections - not stop/allow/control outbound connections: http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx

    When your computer gets an unsolicited request, Windows Firewall blocks the connection. If you run a program such as an instant messaging program or a multiplayer network game that needs to receive information from the Internet or a network, the firewall asks if you want to block or unblock (allow) the connection. If you choose to unblock the connection, Windows Firewall creates an exception so that the firewall won't bother you when that program needs to receive information in the future.

    http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx
     
  18. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    mem1, you're right, what was I thinking :oops:

    In XP's Help and Support in the Start menu says the same thing.

    My apologies to Syncman9.

    Regards - Charles
     
    Last edited: Aug 31, 2005
  19. Syncman9

    Syncman9 Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    113
    Location:
    UK
    zcv,

    No worries, we all make mistakes from time to time.
     
  20. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    By the way, Windows XP 2 Firewall is still bad when comparing with other free firewalls available.

    If using XP2 Firewall, none leak attacks can be blocked.
    If using others, it can block up to about 50% leak attacks depending on what firewalls you choose.
    If using Firewall + Intrusion Prevention System, it can block up to 90-100% leak attacks.
    Ref: http://www.firewallleaktester.com/tests.htm

    Since free third-party firewalls are available, it is strongly recommend any user pick 1 third-party firewall and install in their computers.
     
  21. zaizai

    zaizai Guest

    XP2 firewall has no outbound filtering, obviously it can't handle leak test lol.
     
  22. Syncman9

    Syncman9 Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    113
    Location:
    UK
    zaizai,

    The MS firewall does have outbound control via Application Control but nothing else. It fails the leak tests because often MS firewall isn't even aware that the test has run.

    It's also important to bear in mind that no software firewall at this time, can stop all the leaktests.

    Wai_Wai,

    Personally I agree with you, there are plenty of good free firewalls on the market that are far better than the MS firewall, but I know some people do use and like it. In addition you have to admit, it uses very little resource or memory.
     
  23. mem1

    mem1 Guest

    Here we go again.... take a look at my post above and the links - Windows XPSP2 firewall does not have outbound control. It does allow you to open a port (exceptions) so an application can listen (in other words control unsolicited inbound) but it does not control an application or potrts to limit outbound in anyway right now.

    This is an important distinction for those looking for outbound control.
     
  24. Syncman9

    Syncman9 Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    113
    Location:
    UK
    mem1,

    I don't want to argue you the point, but it does ask you whether you want to allow an application to access the internet or block it. Granted it's very basic, but it's a form of outbound control, a very crude one, but it is there.
     
  25. mem1

    mem1 Guest

    The block message is quite clear where it states at the bottom:

    "Windows Firewall has blocked this program from accepting connections from the Internet or network. If you recognize the program or trust the publisher, you can unblock it."

    Notice the 'accepting connections' is opening a port for inbound, not blocking the application for outbound. You can see the message box in the first link in my post above.

    Microsoft also has an TechNet article specifying how to use IPSec with Windows Firewall to supplement it to control outbound. I'll see if I can find a link to it.

    BTW, it's not a matter of arguing the point but clarification to ensure people don't have a false sense of security.
     
Loading...
Thread Status:
Not open for further replies.