Why is it that SP2 Firewall has no Outbound Protections?

I'm wondering why is it that the Windows XP SP2 built-in firewall didn't include an outbound protections or outgoing application control... is it maybe they've made a deal w other firewall makers not to do that or else...

Unlike the MS Antispyware Beta it is "complete" and probably one of the best anti-spyware at present. Is it more expensive to make outbound protections?

 

Why? Because of ease of use concerns for the end user. It has always been a balance of security vs ease of use. The original beta of XPSP2 announcement stated outbound control (and you'll see that in early media reports) but further end user groups showed a lot of technical misunderstanding on it. Heck, we still see users having problems with the blocking pop-up to allow a program to listen incoming on a port with Windows Firewall. By blocking unsolicited inbounds, the firewall does a decent job for those just hooking up to the Internet. Outbound requires more user interaction and can be supplied by free alternatives - or paid alternatives for those wanting even more features.

BTW, it looks like Vista will have an in/out-bound firewall built in. It should be interesting to see how flexible it is and how users react to it.

 

Well maybe M$ just wants to let all Gods children to go/call/come home base?<>

 

Funny...I was thinking the same thing.

 

MS Firewall uses application control to control which applications can output to the internet, but it's not proper outbound protection, since once you allow an application it can do what ever it likes.

 

Actually WinXP SP2 firewall does have an outbound control. These are warnings when an app attempts to act like a server (FTP/HTTP server,P2P programs etc)

 

Simple enough to build in a bypass for MS approved stuff. I think Mem1's post is the right one.

 

RejZor,

Applications which act like a server, normally mean it's allowing an inbound connection which yes MS firewall does control. Outgoing connections are control by controling whether an application can run or not, but it's not a proper outgoing connection control.

 

Well for me it's enough to just block it if desired. I tried few firewalls,but in the end i came back to WinXP SP2 firewall. I'm tired of endles popups to allow this and that just because some softare updated. Bah.

 

For the average user who doesn't want even more decisions to make, WF is enough.

I'm happy that MS at least has a firewall that on in-bound is just as good as anything eles. I personnally use a 3rd party firewall to control mainly legitimate apps that are "out of control" with their constant connection behavior, whether appropriate or not.

With apps such as PG and SSM though, a good case can be made for dispensing with outbound control firewalls.

Regards - Charles

 

It seems no matter which soft 'wall one loads no "perfect" as yet app exists .

 

Not completely, these programs are good, but I personally like the extra control that a software firewall gives me in regards to outbound traffic. For example I have a few apps which I run, but I don't want to give them net acccess. You can't do that PG etc, you can only choose whether they run.

 

Hello Syncman9,

but I personally like the extra control that a software firewall gives me in regards to outbound traffic. For example I have a few apps which I run, but I don't want to give them net acccess.
Agree, and wrote much the same in the first part of my post.

Not completely, these programs are good
For the record, SSM gives you finer contols of app behavior than PG.

This and any other security question always revolves around what mix of apps are run, user knowledge, abililty, and willingness to pay attention to security alerts. Everyone here is interested in the best possible security given their system, that attitude is not unversal to say the least, although it is getting better.

Regards - Charles

 

"Everyone here is interested in the best possible security given their system, that attitude is not unversal to say the least, although it is getting better."

You'd sure think so by now

...reminds me of awhile ago when a relative reloaded aothers contaminated system for them, warned them got them apps and bingo a week or so later now they couldn't even boot to the welcome screen

It makes you scratch your head in wonderment

 

I just re-read this thread - the above is not true, WF blocks the outbound connection attempt of any app that's added thru WF's advanced tab > exceptions. The app can be merrily running, just can't connect out.

Regards - Charles

 

Exceptions are allowing programs to listen for unsolicited inbound connections - not stop/allow/control outbound connections: http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx

When your computer gets an unsolicited request, Windows Firewall blocks the connection. If you run a program such as an instant messaging program or a multiplayer network game that needs to receive information from the Internet or a network, the firewall asks if you want to block or unblock (allow) the connection. If you choose to unblock the connection, Windows Firewall creates an exception so that the firewall won't bother you when that program needs to receive information in the future.

http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx

 

mem1, you're right, what was I thinking

In XP's Help and Support in the Start menu says the same thing.

My apologies to Syncman9.

Regards - Charles

 

zcv,

No worries, we all make mistakes from time to time.

 

By the way, Windows XP 2 Firewall is still bad when comparing with other free firewalls available.

If using XP2 Firewall, none leak attacks can be blocked.
If using others, it can block up to about 50% leak attacks depending on what firewalls you choose.
If using Firewall + Intrusion Prevention System, it can block up to 90-100% leak attacks.
Ref: http://www.firewallleaktester.com/tests.htm

Since free third-party firewalls are available, it is strongly recommend any user pick 1 third-party firewall and install in their computers.

 

XP2 firewall has no outbound filtering, obviously it can't handle leak test lol.

 

zaizai,

The MS firewall does have outbound control via Application Control but nothing else. It fails the leak tests because often MS firewall isn't even aware that the test has run.

It's also important to bear in mind that no software firewall at this time, can stop all the leaktests.

Wai_Wai,

Personally I agree with you, there are plenty of good free firewalls on the market that are far better than the MS firewall, but I know some people do use and like it. In addition you have to admit, it uses very little resource or memory.

 

Here we go again.... take a look at my post above and the links - Windows XPSP2 firewall does not have outbound control. It does allow you to open a port (exceptions) so an application can listen (in other words control unsolicited inbound) but it does not control an application or potrts to limit outbound in anyway right now.

This is an important distinction for those looking for outbound control.

 

mem1,

I don't want to argue you the point, but it does ask you whether you want to allow an application to access the internet or block it. Granted it's very basic, but it's a form of outbound control, a very crude one, but it is there.

 

The block message is quite clear where it states at the bottom:

"Windows Firewall has blocked this program from accepting connections from the Internet or network. If you recognize the program or trust the publisher, you can unblock it."

Notice the 'accepting connections' is opening a port for inbound, not blocking the application for outbound. You can see the message box in the first link in my post above.

Microsoft also has an TechNet article specifying how to use IPSec with Windows Firewall to supplement it to control outbound. I'll see if I can find a link to it.

BTW, it's not a matter of arguing the point but clarification to ensure people don't have a false sense of security.