Microsoft Vista Firewall Defanged by Switching off Outbound Filtering by Default

In an interesting move Microsoft decided to turn off outbound filtering of inbuilt Firewall in Vista by default.

Outbound filtering for applications will configurable by enterprise administrators through Group Policy. Microsoft has been previously promoting Vista’s firewall as better than XP’s because of it’s able to stop both incoming attacks and filter outbound traffic.

With this move Microsoft effectively defangs its Vista Firewall to make it identical with Windows XP.

Selective outbound blocking is offered by other firewall providers, like ZoneLabs, Agnitum of Symantec for several years. It is required to protect naive (wrt. internet security) users from themselves. It provides a second layer of defense which prevents infection from spreading even from compromised computers. This is particularly effective in preventing creation of zombie computers (windows machines are easiest to compromise for this purpose) which are used for DDOS (Distributed Denial of Service) and spam attacks.

However it comes with a cost. It forces the user to make decisions on allowing certain protocols / applications of which the user may not be aware of, nor it should have to know in a corporate environment. With that under consideration I think the best policy would have been to keep outbound filtering while enabling selective access through configuration by enterprise administrators.