Easy guide to tweak Windows Firewall (also applicable for Windows 7)
As Microsoft says: “The default behavior of the Windows [Vista] Firewall is to: Block all incoming traffic unless it is solicited or it matches a configured rule. Allow all outgoing traffic unless it matches a configured rule.”
And it is indeed like that – if you check this setting (Control Panel – Administrative Tools – Windows Firewall with Advanced Security – Windows Firewall Properties, you will see that in the “Public Profile” tab all Outbound Connections ARE allowed (see the screenshot below). Though I know now that outbound connections are not filtered, I felt pretty much deceived, because I thought I was protected. On one hand your PC is stealth to inbound threats, on the other hand any program can “call home”, i.e. you are not protected in case an application wants to send data over the internet from your computer, or, what is even worse, it could be a Trojan horse, secretly sending out your poems. Next surprise was I could not enable “automatic rules creation” mode for outbound in the way it works for inbound: firewall asks you to permit or deny the connection once a program tries to connect. The reason: this mode does not exist in Vista firewall. Windows Firewall has its much touted outbound filtering in off state. I think it is done to allow OneCare firewall to catch up for extra cash.
One solution could be 3rd party firewall. But why invest more? Let’s use what we already have.
In this article I will try to show how to engage Windows Firewall outbound filtering and make your information more secure in Windows Vista.
Default settings overview
First of all let’s get familiar with the Windows Firewall default settings. Follow the path: Control Panel -> System and Maintenance -> Administrative Tools -> Windows Firewall with Advanced Security.
In the Windows Firewall with Advanced Security notice the left panel.
It contains three sections: Inbound Rules, Outbound Rules, Connection Security Rules, and Monitoring. Outbound Rules list the entire predefined and new (created) rule. The rule is basically an instruction of which connection is allowed/disallowed for particular service/program. Predefined rules serve for system/core media communication purposes, allowing specific connections like Network Discovery, Remote Assistance, Windows Media Player Network Sharing Service, etc.
If you double click the rule, you will see exactly what it defines. Monitoring section shows all the rules which are currently active. Let’s go back to the main screen’s central section “Overview”.
Here you can see the situation for the three main profiles: Domain, Private, and Public. Profile depends on where the computer is connected. Generally, for a home user Public profile should be active where internet connection is concerned, because it the most restrictive profile. Notice here the following green tick (I would make it red, as it is inconsistent with the fact it is bad!): “Outbound connections that do not match a rule are allowed.”
Nice, isn’t it? It makes the predefined list of outbound rules pretty much useless at this stage. So, let’s stop this flooding right now.
Cut outbound flood
In the central section Overview find the blue link “Windows Firewall Properties” and click it. Then select tab “Public Profile”. (In some cases you have to do the following for all 3 profiles, not only Public).
For the Firewall State select “Block” in the Outbound connection.
Click “OK” Make sure new Public Profile looks like this:
As of now, no applications (except system services) can communicate via internet. Check you IE7. If it is not the case and IE7 can connect, than you have to block outbound connection for other Profiles accordingly. So we have cut outbound connection. Let’s restore that selectively.
Create outbound connection
As you may notice, for inbound connections there is a “learning” mode, i.e. when a program requests the connection, you will see the dialog window, asking for your permission. Contrary to that there is no “learning” mode for outbound. If it is cut, it is cut unless you do something.
So, let’s restore Internet Explorer connection. Click to Outbound Rules section. In the right panel click “New Rule”. You will activate new rule wizard. The following screen shows what you have to do to create new outbound rule for IE7.
Check IE7 again, it should be able to connect now. Be careful if you use Avast! antivirus or similar. Avast has Web Shield “provider” which works as a local proxy server. Therefore, the solution here is to create another outbound connection rule for application avast! Web Scanner [ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe ], otherwise your web connection is disrupted.
Anyway, that is how it is supposed to work. No wonder this manual setting process is not very convenient (if you consider that you have to create rules for ALL your programs you want to have internet connection), I think that was the idea to make OneCare firewall more attractive in this regard.
This solution is better than nothing and cost you nothing, yet some thinking and putting effort is required, which probably means outbound manual setup in Windows Vista Firewall (also applicable for Windows 7) will not be very popular.