Vista FW outbound check - Firewalls

This is a discussion on Vista FW outbound check - Firewalls ; Hi, Vista FW with advanced security comes with an outbound traffic default setting "allow everything which is not denied". I think this is completely useless, because the main reason for outbound traffic filter is to block UNKNOWN programs (worm, trojans ...

+ Reply to Thread
Results 1 to 19 of 19

Thread: Vista FW outbound check

  1. Vista FW outbound check

    Hi,
    Vista FW with advanced security comes with an outbound traffic default
    setting "allow everything which is not denied". I think this is completely
    useless, because the main reason for outbound traffic filter is to block
    UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule to
    deny an unknown program/destination port. On the other hand if I change the
    outbound setting to "block everything that does not match a rule" it is
    nearly impossible to design a rule for legitimate programs because, as far
    as I understand, there is no "display notification" for outbound breaking
    rule, and it is not simple to know applications/services/ports of the
    majority of legitimate applications (apart from browser mailer and few
    others).
    My question is: is there a way to have a kind of display notification of the
    outbound offended rule with applications/services/ports of the offending
    programs?
    Thanks in advance
    Riccardo


  2. Re: Vista FW outbound check


    "news.tim.it" wrote in message
    news:4699e242$0$4790$4fafbaef@reader4.news.tin.it. ..

    >
    > and it is not simple to know applications/services/ports of the majority
    > of legitimate applications (apart from browser mailer and few others).


    That's not true, because you can run something like Currports, which runs on
    Vista, and look at all connections being made by a program, what port it's
    using and whether it is TCP or UDP.

    http://www.nirsoft.net/

    You can find Currports here too.

    http://www.bestvistadownloads.com/

    So, you can know all the programs that are running on your machine and stop
    outbound traffic for everything, execpt for the known/accepted programs.

    > My question is: is there a way to have a kind of display notification of
    > the outbound offended rule with applications/services/ports of the
    > offending programs?


    I myself, I don't need more questions being asked by Vista. I see enough of
    them. So that will never be enabled or some kind of rules set.

    I don't think this NG is ready to help you with Vista and its FW, so maybe,
    you should post to Microsoft.Public.Windows.Vista General or Security NG
    where there are people that know how to set the rules you're looking to
    implement, and the popup FW messages too.

    msnews.microsoft.com


  3. Re: Vista FW outbound check

    "news.tim.it" wrote:

    > Vista FW with advanced security comes with an outbound traffic default
    > setting "allow everything which is not denied". I think this is
    > completely useless, because the main reason for outbound traffic
    > filter is to block UNKNOWN programs (worm, trojans ....) so it is
    > impossible to make a rule to deny an unknown program/destination port.


    OTOH, if the trojan is already running on your machine and wants to
    connect outbound, how's a piece of software going to distinguish wether
    you want that to happen or not?

    Outbound filtering sounds like a nice idea, but it really only adds a
    little bit more complexity to trojans. If you install a trojan that
    says "I need to connect to my website to check for updates" - just what
    are you going to do? ;-)

    Juergen Nieveler
    --
    Unsecured turrets will only swing freely mid-way through a rail tunnel.

  4. Re: Vista FW outbound check

    "news.tim.it" wrote in message
    news:4699e242$0$4790$4fafbaef@reader4.news.tin.it. ..
    > Hi,
    > Vista FW with advanced security comes with an outbound traffic default
    > setting "allow everything which is not denied". I think this is completely
    > useless, because the main reason for outbound traffic filter is to block
    > UNKNOWN programs (worm, trojans ....) so it is impossible to make a rule
    > to deny an unknown program/destination port. On the other hand if I change
    > the outbound setting to "block everything that does not match a rule" it
    > is nearly impossible to design a rule for legitimate programs because, as
    > far as I understand, there is no "display notification" for outbound
    > breaking rule, and it is not simple to know applications/services/ports of
    > the majority of legitimate applications (apart from browser mailer and few
    > others).
    > My question is: is there a way to have a kind of display notification of
    > the outbound offended rule with applications/services/ports of the
    > offending programs?
    >


    Learn how to configure Vista Firewall to suit your computing habits.

    Interesting/educational reading:
    http://www.microsoft.com/technet/tec...s/default.aspx
    Scroll down to:
    "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."

    http://www.microsoft.com/technet/tec...l/default.aspx
    "Outbound protection is security theater-it's a gimmick..."
    "...the Windows firewall will provide the protection you need..."

    Stay away from 'Phoney-Baloney' 3rd party PFW's - use your brain and filter
    out the absurd advertisement hype created by these makers.
    http://samspade.org/d/firewalls.html
    "Personal Firewalls" are mostly snake-oil"


  5. Re: Vista FW outbound check


    "Kayman" wrote in message
    news:f7ebo4$nci$1@aioe.org...
    > "news.tim.it" wrote in message
    > news:4699e242$0$4790$4fafbaef@reader4.news.tin.it. ..
    >> Hi,
    >> Vista FW with advanced security comes with an outbound traffic default
    >> setting "allow everything which is not denied". I think this is
    >> completely useless, because the main reason for outbound traffic filter
    >> is to block UNKNOWN programs (worm, trojans ....) so it is impossible to
    >> make a rule to deny an unknown program/destination port. On the other
    >> hand if I change the outbound setting to "block everything that does not
    >> match a rule" it is nearly impossible to design a rule for legitimate
    >> programs because, as far as I understand, there is no "display
    >> notification" for outbound breaking rule, and it is not simple to know
    >> applications/services/ports of the majority of legitimate applications
    >> (apart from browser mailer and few others).
    >> My question is: is there a way to have a kind of display notification of
    >> the outbound offended rule with applications/services/ports of the
    >> offending programs?
    >>

    >
    > Learn how to configure Vista Firewall to suit your computing habits.
    >
    > Interesting/educational reading:
    > http://www.microsoft.com/technet/tec...s/default.aspx
    > Scroll down to:
    > "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."
    >
    > http://www.microsoft.com/technet/tec...l/default.aspx
    > "Outbound protection is security theater-it's a gimmick..."
    > "...the Windows firewall will provide the protection you need..."
    >
    > Stay away from 'Phoney-Baloney' 3rd party PFW's - use your brain and
    > filter
    > out the absurd advertisement hype created by these makers.
    > http://samspade.org/d/firewalls.html
    > "Personal Firewalls" are mostly snake-oil"


    Personal FW's are packet filters running at the machine level.

    For the most part, the 3rd party solutions are doing the same thing as
    Vista's FW in their ability to set packet filtering rules to stop inbound or
    outbound packets to and from the machine, which is no different than Vista's
    FW/packet filter.

    Granted, 3rd party solutions have some snake-oil in them too, beyond just
    being simple packet filters and so does Vista's FW/packet filter as well
    with its WPF and BEF, which malware can cut right through it if it can get
    on the machine and execute.

    As far as outbound filtering by setting packet filtering rule to stop
    traffic for a 3rd party solution, then there is nothing wrong with it.



  6. Re: Vista FW outbound check

    "Mr. Arnold" Arnold@Arnold.com> wrote in message
    news:L_ymi.7422$rR.1208@newsread2.news.pas.earthli nk.net...
    >
    > For the most part, the 3rd party solutions are doing the same thing as
    > Vista's FW in their ability to set packet filtering rules to stop inbound
    > or outbound packets to and from the machine, which is no different than
    > Vista's FW/packet filter.
    >

    The difference is that the in-built f/w (p/filter) is an integrated part of
    the OS.
    >
    > Granted, 3rd party solutions have some snake-oil in them too,...

    No debate here, 'some' snake-oil is too much already.
    >
    > ...beyond just being simple packet filters and so does Vista's FW/packet
    > filter as well with its WPF and BEF, which malware can cut right through
    > it if it can get on the machine and execute.
    >

    True, didn't imply otherwise.
    >
    > As far as outbound filtering by setting packet filtering rule to stop
    > traffic for a 3rd party solution, then there is nothing wrong with it.
    >

    PFW is not a solution, it's an illusion.
    'Hardening' of OS plus reviewing and implementing different/proven security
    measures (which among other things excludes PFW) *is* the right way striving
    to a safer computing environment.


  7. Re: Vista FW outbound check


    "Kayman" wrote in message
    news:f7f3dm$nri$1@aioe.org...
    > "Mr. Arnold" Arnold@Arnold.com> wrote in message
    > news:L_ymi.7422$rR.1208@newsread2.news.pas.earthli nk.net...
    >>
    >> For the most part, the 3rd party solutions are doing the same thing as
    >> Vista's FW in their ability to set packet filtering rules to stop inbound
    >> or outbound packets to and from the machine, which is no different than
    >> Vista's FW/packet filter.
    >>

    > The difference is that the in-built f/w (p/filter) is an integrated part
    > of the OS.


    I have to disagree with you now, as 3rd party vendors will be able to
    intergate their solutions.

    http://www.microsoft.com/technet/com...uy/cg0905.mspx
    http://www.microsoft.com/whdc/device/network/WFP.mspx

    >>
    >> Granted, 3rd party solutions have some snake-oil in them too,...

    > No debate here, 'some' snake-oil is too much already.
    >>
    >> ...beyond just being simple packet filters and so does Vista's FW/packet
    >> filter as well with its WPF and BEF, which malware can cut right through
    >> it if it can get on the machine and execute.
    >>

    > True, didn't imply otherwise.


    I knocked WPF and BEF a little bit. They are not bullet proof but nothing is
    that in the first place, nor will it every be that. But it's better than
    nothing.

    >>
    >> As far as outbound filtering by setting packet filtering rule to stop
    >> traffic for a 3rd party solution, then there is nothing wrong with it.
    >>


    > PFW is not a solution, it's an illusion.
    > 'Hardening' of OS plus reviewing and implementing different/proven
    > security measures (which among other things excludes PFW) *is* the right
    > way striving to a safer computing environment.


    Some parts of a personal FW/packet filter shouldn't be implemented as it
    gives a false sense of security. I agree with that, but I don't agree with
    your conclusion of its role of being a basic packet filter if all else is
    removed or disabled in the solution, and it's just in a role of being a
    packet filter running at the machine level.


  8. Re: Vista FW outbound check

    "Mr. Arnold" Arnold@Arnold.com> wrote in message
    news:YGImi.8751$zA4.6573@newsread3.news.pas.earthl ink.net...
    >
    > I have to disagree with you now, as 3rd party vendors will be able to
    > intergate their solutions.
    >

    *will*...as in future tense?
    >
    > I knocked WPF and BEF a little bit. They are not bullet proof but nothing
    > is that in the first place, nor will it every be that. But it's better
    > than nothing.
    >

    Well, IMO and in this particular case, nothing is better than 3rd party PFW.
    >
    > Some parts of a personal FW/packet filter shouldn't be implemented as it
    > gives a false sense of security. I agree with that,...
    >

    Good to know.
    >
    > ...but I don't agree with your conclusion of its role of being a basic
    > packet filter if all else is removed or disabled in the solution,
    >

    I reiterate, it's not a solution, it's a night mare for the users as most of
    them are inexperienced; they just want to click and go and are incapable to
    dissect a software (in this case fantasyware) application...
    >
    > and it's just in a role of being a packet filter running at the machine
    > level.
    >

    ....that's why they're better off with built-in f/w (p/sniffer) in the first
    place.


  9. Re: Vista FW outbound check


    "Kayman" wrote in message
    news:f7h0th$bg0$1@aioe.org...
    > "Mr. Arnold" Arnold@Arnold.com> wrote in message
    > news:YGImi.8751$zA4.6573@newsread3.news.pas.earthl ink.net...
    >>
    >> I have to disagree with you now, as 3rd party vendors will be able to
    >> intergate their solutions.
    >>

    > *will*...as in future tense?


    I am running Vista, and from what I have heard from an MVP over in the
    Vista, security NG, some 3rd party solutions are already using it and the
    Vista FW is using it right now.

    >>
    >> I knocked WPF and BEF a little bit. They are not bullet proof but nothing
    >> is that in the first place, nor will it every be that. But it's better
    >> than nothing.
    >>

    > Well, IMO and in this particular case, nothing is better than 3rd party
    > PFW.


    I don't even know what you're talking about, and I don't think you know
    about the purpose of the WPF and BEF solutions and features that the Vista
    FW is already using and other solutions will be able to use them.

    >>
    >> Some parts of a personal FW/packet filter shouldn't be implemented as it
    >> gives a false sense of security. I agree with that,...
    >>

    > Good to know.
    >>
    >> ...but I don't agree with your conclusion of its role of being a basic
    >> packet filter if all else is removed or disabled in the solution,
    >>

    > I reiterate, it's not a solution, it's a night mare for the users as most
    > of them are inexperienced; they just want to click and go and are
    > incapable to dissect a software (in this case fantasyware) application...


    Sorry, I'll simply have to disagree with you. You have shown no proof to
    show otherwise.

    >>
    >> and it's just in a role of being a packet filter running at the machine
    >> level.
    >>

    > ...that's why they're better off with built-in f/w (p/sniffer) in the
    > first place.


    Well, it's not going to happen no matter how much you don't like, and I
    don't think anyone that's using the solutions are going to listen to it
    anyway.

    It's just a suggestion. You might want to keep the negative in check and on
    a low heat, thus you will be viewed in that same bad light as Sebastian G.
    is with his ramblings to the point that he is being ignored by many, as not
    credible.

    In other words, we have already been there, done that, seen that, and read
    that.



  10. Re: Vista FW outbound check

    "Mr. Arnold" Arnold@Arnold.com> wrote in message
    news:%oUmi.7730$rR.416@newsread2.news.pas.earthlin k.net...
    >
    > It's just a suggestion. You might want to keep the negative in check and
    > on a low heat,

    What are you, some kind of a Nazi control freak? Ooooh, I'm so afraid! I
    can't help if you deem my post to the OP as negative because you don't
    happen to agree. You call it rambling, I call a good factual response
    [Period].
    >
    > thus you will be viewed in that same bad light as Sebastian G. is with his
    > ramblings to the point that he is being ignored by many, as not credible.
    >

    I don't care about you, your imperious views and SG; Are you on medication?
    I am talking about a 3rd party firewall and you're jabbering about a 3rd
    person. You are turning this thread into a psychedilic rainbow of confusion.
    Why don't you just put a sock over your typing fingers.
    >
    > In other words, we have already been there, done that, seen that, and
    > read that.
    >

    Huh, *we*?
    But you haven't got the T-Shirt, have you...and *we* all know why.
    Hint: just measure the circumference of your head.


  11. Re: Vista FW outbound check

    >> Why don't you just put a sock over your typing fingers.

    Well folks, we have been hammered for well over a year with this, and I
    think we more in store for more.

    It looks like we'll have another one of these lunatics loose in the NG,
    again, that really doesn't have anything to say, doesn't know anything about
    security, he's an expert's expert, and he'll ramble about his security
    concepts to the point that he becomes boring.

    Does it sound familiar and you heard it first?

    I tried to tell the old boy, but is head is ten bricks hard.

    He ain't got the nothing to say. It's all about don't, don't, don't, do
    this, do this, this if phoney baloney, that's crap, this is snak-oil, do
    this, do this and do that, because listen to me now, I know what's good for
    you.

    Hopefully, he'll disappear soon.




  12. Re: Vista FW outbound check

    Mr. Arnold wrote:
    >>> Why don't you just put a sock over your typing fingers.

    >
    > Well folks, we have been hammered for well over a year with this, and I
    > think we more in store for more.
    >
    > It looks like we'll have another one of these lunatics loose in the NG,
    > again, that really doesn't have anything to say, doesn't know anything
    > about security, he's an expert's expert, and he'll ramble about his
    > security concepts to the point that he becomes boring.
    >
    > Does it sound familiar and you heard it first?
    >
    > I tried to tell the old boy, but is head is ten bricks hard.
    >
    > He ain't got the nothing to say. It's all about don't, don't, don't, do
    > this, do this, this if phoney baloney, that's crap, this is snak-oil, do
    > this, do this and do that, because listen to me now, I know what's good
    > for you.
    >
    > Hopefully, he'll disappear soon.
    >
    >
    >


    Sorry to say, but Kayman has also plagued alt.comp.freeware, various
    newsgroups at news.grc.com and msnews.microsoft.com, and who knows where
    else of late with the same gibberish. All *any*one needs to do
    *any*where is bring up *any*thing about *any* PFW and there's Kayman,
    popping up to blab on and on about phoney-baloney this and snake-oil
    that and do this and don't do that and then listing a hundred links to
    follow. He's a troll and hard to get rid of, so others elsewhere have
    been finding that it's best to just ignore him.

  13. Re: Vista FW outbound check


    "Kat Mandu" wrote in message
    news:469d098c$0$97237$892e7fe2@authen.yellow.readf reenews.net...
    > Mr. Arnold wrote:
    >>>> Why don't you just put a sock over your typing fingers.

    >>
    >> Well folks, we have been hammered for well over a year with this, and I
    >> think we more in store for more.
    >>
    >> It looks like we'll have another one of these lunatics loose in the NG,
    >> again, that really doesn't have anything to say, doesn't know anything
    >> about security, he's an expert's expert, and he'll ramble about his
    >> security concepts to the point that he becomes boring.
    >>
    >> Does it sound familiar and you heard it first?
    >>
    >> I tried to tell the old boy, but is head is ten bricks hard.
    >>
    >> He ain't got the nothing to say. It's all about don't, don't, don't, do
    >> this, do this, this if phoney baloney, that's crap, this is snak-oil, do
    >> this, do this and do that, because listen to me now, I know what's good
    >> for you.
    >>
    >> Hopefully, he'll disappear soon.
    >>
    >>
    >>

    >
    > Sorry to say, but Kayman has also plagued alt.comp.freeware, various
    > newsgroups at news.grc.com and msnews.microsoft.com, and who knows where
    > else of late with the same gibberish. All *any*one needs to do *any*where
    > is bring up *any*thing about *any* PFW and there's Kayman, popping up to
    > blab on and on about phoney-baloney this and snake-oil that and do this
    > and don't do that and then listing a hundred links to follow. He's a troll
    > and hard to get rid of, so others elsewhere have been finding that it's
    > best to just ignore him.


    Yeah, he is going to be ignored, because the tap dance and song has been
    seen just a little too much, by another tap dance and song security artist
    and his tired show.


  14. Re: Vista FW outbound check

    "Mr. Arnold" Arnold@Arnold.com> wrote in message
    news:vu4ni.8212$tj6.6908@newsread4.news.pas.earthl ink.net...
    >
    > Well folks, we have been hammered for well over a year with this,

    Your are not very observant.
    >
    > ...and I think we more in store for more.
    >

    Your thoughts are of no consequence and irrelevant, nor do they matter.
    >
    > It looks like we'll have another one of these lunatics loose in the NG,
    >

    Your patronizing messages run off like water of a duck's back (nice try
    though). And who's *we*?
    >
    > again, that really doesn't have anything to say, doesn't know anything
    > about security, he's an expert's expert, and he'll ramble about his
    > security concepts to the point that he becomes boring.
    >

    What there is to say has already be said; I do not reinvent the wheel and/or
    restate what's already written. If this befits your description of an
    expert's expert, so be it. And if the content of the article as provided
    are boring to you, so be it. Other n/g participants may find the articles
    interesting, stimulating and educational - but you evidently don't
    comprehend - what a shame.
    To refresh your memory here is my response to the OP: (one hardly has to be
    an expert to provide appropriate information)

    QUOTE
    Learn how to configure Vista Firewall to suit your computing habits.

    Interesting/educational reading:
    http://www.microsoft.com/technet/tec...s/default.aspx
    Scroll down to:
    "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."

    http://www.microsoft.com/technet/tec...l/default.aspx
    "Outbound protection is security theater-it's a gimmick..."
    "...the Windows firewall will provide the protection you need..."

    Stay away from 'Phoney-Baloney' 3rd party PFW's - use your brain and filter
    out the absurd advertisement hype created by these makers.
    http://samspade.org/d/firewalls.html
    "Personal Firewalls" are mostly snake-oil"
    UNQUOTE

    And where did I ramble about my security concept to the OP? You are
    becoming a bore with your innuendos which appears to be some kind of a
    paranoia. There is help out there, you know.
    >
    > Does it sound familiar and you heard it first?
    >

    To whom are you talking to?
    >
    > I tried to tell the old boy,

    Your innuendos say absolutely nothing and you have not provided anything
    useful to assist the OP; You contribution to this discussion is despicable.
    >
    > ...but is head is ten bricks hard.
    >

    Haven't counted, but I know it fits thru a T-Shirt.
    >
    > He ain't got the nothing to say.

    You are repeating yourself and what did you say anyway?
    >
    > It's all about don't, don't, don't, do this, do this,

    And where in my response to the OP did I say that? (and who is rambling
    here?)
    >
    > this if phoney baloney, that's crap, this is snak-oil,

    Yes, I said "3rd party PFW are phoney-baloney" (but never said it's
    snake-oil) and provided pertinent links. You disagree, oh well.
    And yes, I said "Learn how to configure Vista Firewall to suit your
    computing habits" and provided pertinent links. You object, oh well (again).
    Why don't you do some reading, and if you oppose the content create a new
    discussion pertaining to this subject matter?
    >
    > do this, do this and do that, because listen to me now, I know what's
    > good for you.
    >

    Well, it's evident that you are delusional; My response to the OP does not
    indicate any of this. (and who is rambling here again?)

    "Stay away from 'Phoney-Baloney' 3rd party PFW's - use your brain and filter
    out the absurd advertisement hype created by these makers."

    The above is my opinion which is based, among other things, on the articels
    as provided. The OP is free to read the articles and is old enough to decide
    as to which avenue he wishes to proceed. If he is in doubt he can continue
    posting to various befitting n/g's and I am sure appropriate
    advice/clarification will be provided.
    >
    > Hopefully, he'll disappear soon.
    >

    Fat chance. I will continue to provide informative/educational links as I
    deem appropriate.
    Why don't you start up a forum, you as the moderator....but the again you'd
    probably talk to yourself.


  15. Re: Vista FW outbound check



  16. Re: Vista FW outbound check

    "Mr. Arnold" Arnold@Arnold.com> wrote in message
    news:dddni.9277$zA4.591@newsread3.news.pas.earthli nk.net...
    >
    >

    As expected


  17. Re: Vista FW outbound check



  18. Re: Vista FW outbound check


    "Kayman" wrote in message
    news:f7ebo4$nci$1@aioe.org...
    >
    > Learn how to configure Vista Firewall to suit your computing habits.
    >
    > Interesting/educational reading:
    > http://www.microsoft.com/technet/tec...s/default.aspx
    > Scroll down to:
    > "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."
    >
    > http://www.microsoft.com/technet/tec...l/default.aspx
    > "Outbound protection is security theater-it's a gimmick..."
    > "...the Windows firewall will provide the protection you need..."
    >
    > Stay away from 'Phoney-Baloney' 3rd party PFW's - use your brain and
    > filter
    > out the absurd advertisement hype created by these makers.
    > http://samspade.org/d/firewalls.html
    > "Personal Firewalls" are mostly snake-oil"
    >

    Thanks a lot to you all for the useful suggestions. I read the Microsoft
    opinion on the subject and I disagree. I still would appreciate an optional
    display notification on outgoing packets, not just for Worm/Trojans etc but
    also to be able to know what happen to my computer when I run a program. On
    my old XP box I used kerio FW and it was very instructive to see (and block)
    many unsolicited outgoing connections that legitimate programs make (not
    just to check for new version) but may be to stole my personal data or
    habits or who knows.
    I still hope Microsoft will include this option on SPx



  19. Re: Vista FW outbound check

    "Riccardo" wrote in message
    news:46a30c83$0$37200$4fafbaef@reader3.news.tin.it ...
    >
    > "Kayman" wrote in message
    > news:f7ebo4$nci$1@aioe.org...
    >>
    >> Learn how to configure Vista Firewall to suit your computing habits.
    >>
    >> Interesting/educational reading:
    >> http://www.microsoft.com/technet/tec...s/default.aspx
    >> Scroll down to:
    >> "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."
    >>
    >> http://www.microsoft.com/technet/tec...l/default.aspx
    >> "Outbound protection is security theater-it's a gimmick..."
    >> "...the Windows firewall will provide the protection you need..."
    >>
    >> Stay away from 'Phoney-Baloney' 3rd party PFW's - use your brain and
    >> filter
    >> out the absurd advertisement hype created by these makers.
    >> http://samspade.org/d/firewalls.html
    >> "Personal Firewalls" are mostly snake-oil"
    >>

    > Thanks a lot to you all for the useful suggestions.

    You're welcome.
    >
    > I read the Microsoft opinion on the subject and I disagree.

    This is your prerogative. What are your technical reason arriving to your
    conclusion?
    >
    > I still would appreciate an optional display notification on outgoing
    > packets, not just for Worm/Trojans etc but also to be able to know what
    > happen to my computer when I run a program.

    Sure, it gives that 'comfortable' feeling
    >
    > On my old XP box I used kerio FW and it was very instructive to see (and
    > block) many unsolicited outgoing connections that legitimate programs make
    > (not just to check for new version) but may be to stole my personal data
    > or habits or who knows.
    >

    So you think, (remember the illusion bit?)
    >
    > I still hope Microsoft will include this option on SPx
    >

    Won't happen (please do some more research on this).
    >

    Below are a couple of additional write-ups which you may also find
    interesting and educational.
    BTW - I have yet to see reports challenging these views from the makers of
    PFW's (aka Phoney-Baloney Ware) .

    Please take some time to read this article by Bruce Schneier about why bad
    security products tend to beat the good ones in the market place:

    http://www.wired.com/politics/securi...tymatters_0419

    Some interesting extracts:

    "Why are there so many bad security products out
    there? Why do mediocre security products beat the good ones in the
    marketplace?"

    "In a market where the seller has more information about the product
    than the buyer, bad products can drive the good ones out of the
    market."

    "In the late 1980s, there were more than a hundred competing firewall
    products. The few that "won" weren't the most secure firewalls - they
    were the ones that were easy to set up, easy to use, and didn't annoy
    users too much. Because buyers couldn't base their buying decision on
    the relative security merits, they based them on these other
    criteria."
    --
    And an article by Jesper Johansson:

    "There are several serious flaws in the reasoning that outbound,
    host-based firewalls will actually stop attacks."

    "Since there is no application isolation between applications running
    within the same user context there is no real way to prevent this from
    happening. Only by completely re-architecting Windows could this be
    prevented, and even then, it would only truly work if everything we
    know about computers, from the hardware on up, changed fundamentally."

    http://msinfluentials.com/blogs/jesp...l-is-free.aspx

    Happy reading