Security

Surprise! You May Have More Firewall Than You Need

When Microsoft shipped Windows Vista, it included an upgraded firewall that enabled Windows--for the first time--to filter outgoing connections from your computer. But the company elected to turn off the outbound filtering by default and even made the feature hard to access. Smart, security-conscious people cried foul, saying that Microsoft had dropped the ball.

But Microsoft was right: You don't need outbound filtering.

Sure, many good, free firewalls (like ZoneAlarm and Agnitum) and security suites for XP offer this extra layer of defense, which can be useful for stopping malware such as a keylogger that tries to transmit stolen passwords to a remote server, or a bot that tries to fetch malicious instructions from an IRC (Internet Relay Chat) channel. With these firewalls, you get a pop-up warning that a program is trying to connect to an Internet destination, and you have the opportunity to say no.

The problem is, such protection doesn't mean much. For one thing, if you have a good antivirus program, if you're smart enough not to open unknown e-mail attachments, and if you don't use Internet Explorer 6, you already have strong layers of defense against Internet-based attacks.

For outbound blocking to be worthwhile, you must know--or be willing to research--every program and program component that needs to connect out for any valid reason, such as to get necessary program updates. Choose wrong, and something breaks. Or more likely, you become conditioned to clicking 'OK' in response to all prompts, and do so when it causes a problem.

Where outbound filtering can be useful is in catching those extra-chatty programs that send more info than they should--like Microsoft's original WGA Notifications, which last year sent many unnecessary PC details back to Redmond. But again, to know whether the data being sent is a benign check for program updates or a list of all your installed programs, you have to be willing to dig deep with additional, highly technical programs that can capture and scan network traffic.

Though it's great for experts to help keep software vendors on their toes with this kind of analysis, the average cautious PC user doesn't need the hassle. Still, if you want to become a de facto network expert and dig in, here are some tips:

To bring up the interface for enabling Vista's outbound Filtering software (and for creating rules for it), click Start, type wf.msc in the Start Search box, and hit <Enter>.
The wf.msc interface is by no means user friendly, and I don't recommend it. The free Vista Firewall Control program makes configuring the firewall much easier and adds functionality that will prompt you when new programs try to connect to the Internet, much as many third-party firewalls do.
If you want to supplement your firewall, the Ethereal program can capture and scan network traffic for subsequent expert analysis. It's free.