Windows Firewalls - blocking outbound traffic - best set-up?

I used to own ZoneAlarm Pro but when I bought a new Vista based machine in
March I had to use Windows Firewall and have been very happy with it
except....

I'm not sure what it's vetting on outbound traffic. All the rules (private,
public, domain) are set to 'allow (default)' and I never get asked for
permission for traffic in the way I was used to with ZAP. I tried turning
all 3 to block but then lost internet connectivity until I reversed the
settings.

Can anybody explain what a secure set-up should be and am I on the right
track?

ZAP is STILL not ready for Vista, in what seems like a marketing scam by
Checkpoint (trying to force you to upgrade to their full Suite). Also, ZA
Free seems to slow the traffic down to a crawl and mess Vista up when trying
to uninstall it....

Thanks.
Steve

System Specs:

Vista Ultimate 32 bit
Asus P5B Deluxe motherboard
Core 2 Duo 6700 clocked @ 3GHz
4 GB Corsair 8500 Dominator RAM clocked @ 900MHz
Gigabyte 8800GTS 640MB
Western Digital 150GB Raptor SATA
Western Digital 500GB Caviar SATA2
Creative XFi Xtreme Music
Samsung SH-W183 DVD-RW SATA
Enermax 850W Galaxy PSU
Akasa Mirage 62 case
plus e-SATA Western Digital 500GB Caviar SATA2

"Steve Campbell" <SteveCampbell@discussions.microsoft.com> wrote in message
news:63C2ACC7-757C-450D-B441-78F3F17F5AE9@microsoft.com...
>I used to own ZoneAlarm Pro but when I bought a new Vista based machine in
> March I had to use Windows Firewall and have been very happy with it
> except....
>
> I'm not sure what it's vetting on outbound traffic. All the rules
> (private,
> public, domain) are set to 'allow (default)' and I never get asked for
> permission for traffic in the way I was used to with ZAP. I tried turning
> all 3 to block but then lost internet connectivity until I reversed the
> settings.
>
> Can anybody explain what a secure set-up should be and am I on the right
> track?

Blocking outbound traffic isn't going to improve the security situation
unless you have a very specific use in mind. If your machine is already
compromised it can probably get around any outgoing filtering anyway.

--
Paul Smith,
Yeovil, UK.
Microsoft MVP Windows Shell/User.
http://www.dasmirnov.net/blog/
http://www.windowsresource.net/

*Remove nospam. to reply by e-mail*

Ah.... I thought that the problem with the XP firewall was that it was one
way only. Am I confusing 2 separate things?

Thanks for getting back.

Steve

"Paul Smith" wrote:

> "Steve Campbell" <SteveCampbell@discussions.microsoft.com> wrote in message
> news:63C2ACC7-757C-450D-B441-78F3F17F5AE9@microsoft.com...
> >I used to own ZoneAlarm Pro but when I bought a new Vista based machine in
> > March I had to use Windows Firewall and have been very happy with it
> > except....
> >
> > I'm not sure what it's vetting on outbound traffic. All the rules
> > (private,
> > public, domain) are set to 'allow (default)' and I never get asked for
> > permission for traffic in the way I was used to with ZAP. I tried turning
> > all 3 to block but then lost internet connectivity until I reversed the
> > settings.
> >
> > Can anybody explain what a secure set-up should be and am I on the right
> > track?
>
> Blocking outbound traffic isn't going to improve the security situation
> unless you have a very specific use in mind. If your machine is already
> compromised it can probably get around any outgoing filtering anyway.
>
> --
> Paul Smith,
> Yeovil, UK.
> Microsoft MVP Windows Shell/User.
> http://www.dasmirnov.net/blog/
> http://www.windowsresource.net/
>
> *Remove nospam. to reply by e-mail*
>
>

"Steve Campbell" <SteveCampbell@discussions.microsoft.com> wrote in message
news:F15AC033-C9AA-41A2-A74B-EB5BE1656D7E@microsoft.com...
> Ah.... I thought that the problem with the XP firewall was that it was one
> way only. Am I confusing 2 separate things?

Sure its one way, setup as an inbound firewall by default, in that an
application internal to your machine can talk to an outside server freely.

Outbound firewalls are designed to help prevent a compromised machine from
talking to an external server, but if the machine is already compromised it
can probably turn the firewall off, or hide in another application and talk
to the external server anyway.

--
Paul Smith,
Yeovil, UK.
Microsoft MVP Windows Shell/User.
http://www.dasmirnov.net/blog/
http://www.windowsresource.net/

*Remove nospam. to reply by e-mail*

Thanks Paul. All the advice I've seen so far has always been to secure
outgoing connections as well, though I take your point. I suppose I'm
looking for an albeit 'lockdown' period whilst I find and eliminate any
security breach.

Steve

"Paul Smith" wrote:

> "Steve Campbell" <SteveCampbell@discussions.microsoft.com> wrote in message
> news:F15AC033-C9AA-41A2-A74B-EB5BE1656D7E@microsoft.com...
> > Ah.... I thought that the problem with the XP firewall was that it was one
> > way only. Am I confusing 2 separate things?
>
> Sure its one way, setup as an inbound firewall by default, in that an
> application internal to your machine can talk to an outside server freely.
>
> Outbound firewalls are designed to help prevent a compromised machine from
> talking to an external server, but if the machine is already compromised it
> can probably turn the firewall off, or hide in another application and talk
> to the external server anyway.
>
> --
> Paul Smith,
> Yeovil, UK.
> Microsoft MVP Windows Shell/User.
> http://www.dasmirnov.net/blog/
> http://www.windowsresource.net/
>
> *Remove nospam. to reply by e-mail*
>
>