Top Tips

Don't rely on just a firewall as your only line of defence against Internet born threats - As many threats are 'blended' attacks comprising of elements taken from Viruses, Worms, Spyware etc, it is necessary to have an array of security tools to repel such attacks. All systems should have a current and updated anti-virus package, a firewall, and at least one up to date anti-spyware package.

With the exception of the anti-spyware packages, DO NOT be tempted to run more than one program of a particular type, you will not get any more protection, and will actually cause them to conflict with each other, and might actually lead to less protection. Multiple spyware products can be useful, especially as in our experience they all seem to capture around 95% of all spyware, but it's not allways the same 95%, so doubling up can definately be an advantage.


Tighten Up The Windows Vista Firewall

The Microsoft Windows Firewall was first introduced in Windows XP, but came under some criticism as it was not enabled by default and only blocked incoming connections, so any programs already on your PC that attempted to 'dial home' could connect out and do their dirty deeds. Windows XP service pack 2 enabled the firewall by default, but still allowed outgoing connections.

With the advent of Windows Vista, Microsoft took the opportunity to add outgoing connection blocking to the firewall thus making Windows PC's safe - or so you would think.

The majority of commercially and freely available firewalls work by automatically blocking all outbound connections and then asking for the users permission when a program wants to connect. The firewall will normally remember which programs have been allowed, so over a period of time the firewall builds up a list of those programs and the questions to the user are reduced.

The Microsoft Windows Vista Firewall works in a different manner: It works by allowing all outbound connections, and blocking only those programs on a pre-defined exceptions list which is updated as part of 'Automatic Updates'. Whilst this is in principle the same idea as the other firewalls it doesn't account for programs that are unknown to Microsoft and thus are not on their exclusion list, should you be unlucky enough to be exposed to a new threat or variation on an old threat before it becomes widely known then Windows Firewall will allow it access until the exclusion list is updated. Similarly, if someone has specifically targeted you then you may be infected with a program that is totally unique and may never appear on the exclusion list.

There are two possible solutions to this problem

  1. Increase the security of the Windows firewall
  2. Install an alternative firewall

If you are upgrading your P.C. And already have a subscription to a firewall that is Vista compatible then we would suggest you use that instead, however if you don't mind getting a little 'down and dirty' with Windows Vista we will show you how to beef up security on the Windows firewall by making it work in a similar manner to all other firewalls

  1. Click the Windows button and type ''wf.msc" in the search box.
  2. Select the option marked Windows Firewall Properties and set Outbound Connections to block for all three of the Public, Private and Domain profiles.
  3. Scroll down the page a little and select Inbound Rules then select the option for New Rule choose the program option and click Next.
  4. Select the option to Browse and select the program you want to allow online. It's usually sufficient to just click Next through the rest of the screens, but just read through all of the options to be sure.
  5. Repeat the above procedure for all programs that need access and you're all done.


This page last updated December 12th 2009 Bookmark and Share