Leave a comment

Windows Vista Firewall Review

Written by:  • Edited by: Lamar Stonecypher
Updated Mar 5, 2010 • Related Guides: Windows Vista
4

Most computer geeks know that there is no silver bullet for computer security . A good solution needs to be layered. One important part of a layered approach is the use of a firewall, and this Windows Vista Firewall review is intended to help you decide if the Vista Firewall will meet your needs.

Overview

In this Windows Vista Firewall review, I will cover the following:

  • Cost of Vista Firewall
  • Vista Firewall installation and configuration impression
  • Vista Firewall operation and effectiveness
  • Verdict: what's the recommendation?

The cost of the Vista Firewall

If you've recently purchased a computer and it has the Windows Vista operating system, then you already have it. As such, there is no additional cost to you.

Installation and Configuration

vista-control-panel
click to enlarge
The Windows Vista firewall comes with every Windows Vista computer system; it comes pre-installed. You can access the firewall via Control Panel; it is the icon labeled Windows Firewall.

In this aspect of the firewall, there are three areas: general, exceptions, and advanced.

vistafw-general
click to enlarge
The General tab has configurations to turn on or off the firewall. Specifically, there you will find that it comes pre-configured set to "ON (recommended)". If you want added protection, check the option "Block all incoming connections"; this will keep unsolicited connections from your computer. The only other setting is "OFF", and this isn't recommended. This is pretty much it. Note that the "ON" setting only means that, except for the "Exceptions", the firewall will block all outside sources from connecting to your computer (i.e. inbound blocking). However, in Vista outbound blocking isn't set. I repeat, outbound blocking isn't set.

In the Exceptions tab, you will find a list of programs or ports that are exceptions to any block rules. Here you can add new programs or if you know the port, add the port to any block exceptions. There is even an option to notify the user if the firewall blocks a new program.

The third and final tab is the Advanced tab. There you can specify which interface (Local Area connection or Wireless Network connection) you wish to apply the firewall protection. It is relatively simple; just put a check mark next to the type of network connection that needs firewall protection.

I've worked with consumer personal firewall class products before, and because the concepts and technology behind firewall is beyond most users' comprehension, I can understand why Microsoft has kept things this simple. Typical users would just get lost if it got more technical than this. As it is, some of the terms already shown are terms that are foreign to most typical computer users.

Vistafw-advancedSecurity
click to enlarge
The good news though is that for the more technically adept users, Vista's firewall comes with advanced settings that can be manipulated to a level of detail that would fit most geeks' needs. The advanced features of the Vista firewall can be launched from the Administrator Tools section in the Control Panel. The user interface can be accessed by opening the Windows Firewall with Advanced Security, or by running wf.msc from the RUN command.

vistafw-profiles
click to enlarge
Through this Advanced Security interface, one can control inbound and outbound rules under three profiles: Domain, Private, and Public. The Domain profile is intended for work. The Private profile is typically used for the home network, and the Public network is for any other network that is neither work nor home.

Operation and Effectiveness

For most typical users, the basic user configuration of having the firewall ON and blocking all incoming connections is sufficient. The option to inform the user when a new program is blocked by the firewall (found on the bottom of the Exceptions tab) is also sufficient for most users. In combination with Windows Defender (also built-in to Vista), it is OK, but is potentially susceptible to malware that is already on the computer that "phones home" to the Internet. To plug this hole, most users would need some sort of user-friendly product to do outbound blocking. This is essential since non-technical users do not have the know-how to understand and manage the detailed firewall settings that would be needed to make outbound blocking work on Vista.

Vistafw-advancedSecurity
click to enlarge
On the other hand, very technical users can easily figure out how to enable outbound blocking. The Vista firewall makes this very possible through its advanced security features which allows one to completely limit only known applications from initiating Internet network connections. I"ve done this to one of my Vista computers, and I've completely limited network connections to only certain trusted computer applications. Configuration of the advanced firewall settings from a network techie's standpoint is relatively easy and very flexible, as I have learned.

The Verdict
Rating Average

This Windows Vista Firewall review has determined that for non-technical users, the firewall needs to be augmented with a third party user-friendly outbound-blocking product. Without this, the typical computer user would be totally incapable of understanding firewall setting and would be susceptible to malicious outbound Internet communication of an already infected computer! There are many outbound blocking solutions out there. Zone Alarm is such a solution.

For the network techie, however, the Vista firewall is more than enough to do the job. It is flexible and easy enough to setup, and it could easily add to ones' layered computer security solution.

Next Article »
We Also Recommend...
 
blog comments powered by Disqus
Computer Security
FEATURED AUTHORS
Tom Olzak, CISSP Chad Anderson J. Forlanda Jon Buys
Christian Cawley Charles Crust goforitandy C.D. Crowder
Most Popular Articles
Email to a friend