Windows Vista Firewall: No Outbound Filtering By Default

["Fergie" <fergdawg () netzero net>]

I'm sure most of you have read this by now, but it raises
an interesting point (or two).

Ed Skoudis writes on the SANS ISC Daily Handler's Diary:

[snip]

In a somewhat related story, ZDNet has an interesting article that discusses the fact that Microsoft has decided that 
the Windows Vista firewall will include no outbound filtering by default. Apparently, Microsoft was considering 
blocking outbound connections by default, but, in response to large enterprise customer requests, they won't be doing 
that. Not breaking corporate apps is more important than security, I suppose is the reasoning. This is a change from 
the original Plan (yes, note the capital P), which said that Vista would ship with a two-way firewall. It still has 
that capability, but outbound filtering will be turned off by default.

I remember a recent fascinating rant from Marcus Ranum, saying (I paraphrase) that a firewall that doesn't block 
outbound traffic isn't worthy of the name firewall. From the guy who popularized the term firewall so long ago (and the 
term script kiddie), that's an interesting point.

[snip]

More:
http://isc.sans.org/diary.php?storyid=1293

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.