Security UPDATE--Vista's Windows Firewall Equals Peers--February 1, 2006

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

St. Bernard Software



1. In Focus: Vista's Windows Firewall Equals Peers

2. Security News and Features

- Recent Security Vulnerabilities

- Oracle's Massive Security Update Missed One Critical Flaw

- Aims to Put a Damper on Unwanted Software

- Sed

3. Security Toolkit

- Security Matters Blog


- Security Forum Featured Thread

- Share Your Security Tips

4. New and Improved

- Keep Unwanted Programs Off Your Systems


==== Sponsor: St. Bernard Software ====

Free Instant Risk Analysis Report

The risks from unprotected Internet access can include more than just HTTP traffic. You have to worry about IM and P2P applications and a host of Internet-based threats such as spyware, malware, viruses and worms. Our exclusive Risk Calculator takes your input and generates a customized Risk Analysis Report immediately.

Get your Free Customized Risk Analysis Report today!


==== 1. In Focus: Vista's Windows Firewall Equals Peers ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Microsoft is scheduled to release a Community Technology Preview (CTP) version of Windows Vista sometime in February, and although there won't be a formal Beta 2, we can expect at least two more previews (both of which, according to Microsoft's Jim Allchin, co-president, Platform Products & Services Division, can be considered as Beta 2 releases) in the first half of this year.

When the next preview does become available, it will have some new security features, in particular a greatly improved firewall. Windows Firewall will finally gain some features that have long been on people's wish lists. The new features will bring Windows Firewall into relative equality with a sea of mature desktop- and server-based firewall solutions.

First and foremost, Windows Firewall will finally support control over both inbound and outbound traffic. The new support for outbound control could put a serious damper on information leakage and will undoubtedly reduce the number of systems that become assimilated into botnets. Why outbound control wasn't part of the original Windows Firewall I don't know for sure. Maybe Microsoft thought that not placing restrictions on outbound traffic might result in fewer Help desk calls for its customers. But the potential for increased support calls over some period of time didn't put much of a damper on third-party firewall sales over the years, so the "half-baked" firewall in Windows Server 2003 and Windows XP makes little sense to me.

Adding to better traffic control in the improved Windows Firewall is the ability to create a number of new exceptions (rules), including ones based on traffic source and destination as well as protocol numbers. The new firewall also offers increased control over port-based rules, so for example, you'll be able to define a rule for a group of ports instead of just one port. For even greater flexibility, the firewall will offer control at the interface level. If you have multiple network interfaces in a system, you can applies rules to a specific interface. Yet another new feature of the firewall is integration of IPsec settings, which previously had to be configured separately and sometimes created situations in which policies conflicted.

A new Microsoft Management Console (MMC) snap-in will provide an interface for configuring Windows Firewall's new "advanced features" and configuring the firewall on remote systems. You won't be able to perform either of those tasks by using the standard Control Panel Windows Firewall configuration applet. Configuration of the new features will also be possible by using the Netsh command-line tool, and of course through Active Directory (AD). As you probably suspect, all the new tools and features will also be available in the upcoming version of Windows Server, code-named "Longhorn."

It's clear that the improved firewall will reduce the overall number of threats to your systems. The enhancements bring Windows Firewall much more in line with our experience over the years in using third-party firewalls. Of course there is still plenty of room for improvement. For example, third-party firewalls can block ActiveX, JavaScript, and Java scripts and components before they ever reach our browsers. They can also filter access to specific URLs, block pop-up windows and cookies, quarantine message attachments, cache DNS requests, and more.

For a more detailed perspective on the new features and a peek at the new MMC GUI, be sure to read "The New Windows Firewall in Windows Vista and Windows Server 'Longhorn,'" at the Microsoft TechNet Web site.

Editor's note: Last week's In Focus mentioned Mark Loveless and incorrectly spelled his name. We apologize for the mistake.


==== Sponsor: Symantec ====

Breaking Through the Dissimilar Hardware Restore Challenge

Failure of a computer's hardware is inevitable. When the hardware must be replaced, the need for a rapid system recovery solution exists. In this free white paper, you will learn about recovery to virtual computer environments, hardware migration strategies, hardware repurposing for optimal resource utilization, meeting recovery time objectives, increasing disaster tolerance, and more.


==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

Oracle's Massive Security Update Missed One Critical Flaw

Oracle's recently released quarterly security update package contains a huge number of security fixes. The sheer volume of flaws has caused at least some experts to reconsider Oracle's status as a bastion of security. And at least one critical vulnerability went unpatched. Aims to Put a Damper on Unwanted Software

The newly launched initiative will shine a bright spotlight on entities that slip undisclosed extras into their software packages. uses the term "badware" in reference to spyware, adware, and other forms of malware that are delivered to unsuspecting computer users. The initiative intends to publish the names of companies that spread malware and to offer related reports about such companies.


You know you should regularly scan your Security and other logs for threats, but who has time? Automated text file manipulation dramatically simplifies log file analysis and lets you easily analyze huge amounts of data from network devices, firewalls, and servers. Jeff Fellinge shows how to use the sed tool to help parse and process output files from these devices in this article on our Web site.


==== Resources and Events ====

SQL Server 2005 Up & Running Roadshows Coming to Europe!

SQL Server experts will present real-world information about administration, development, and business intelligence to help you put SQL Server 2005 into practice and learn how to use its new capabilities. Includes a one-year PASS membership and subscription to SQL Server Magazine. Register now for London, UK, and Stockholm, Sweden.

20% off for All Windows IT Pro subscribers!

Learn how SOA doesn't require investments in new technology to deliver immediate and lasting bottom-line results. Attend Developing Service Oriented Architecture, February 20-22 in Orlando.

Learn what impact fragmentation has on users and system activities and discover how quickly fragmentation accumulates as a result of these activities. Plus get the recommendations you need to manage the frequency of defragmentation across your infrastructure.

Leverage your current VoIP infrastructure to integrate boardless FoIP. Live Web Seminar Tuesday, February 21, 2006, at 12:00 P.M. EST.

Align compliance with business efficiency and learn how fax-document management plays a role in your strategy.


==== Featured White Paper ====

Use server and storage consolidation to optimize your existing Windows server infrastructure. Find out how!


==== Hot Spot ====

Understand and Leverage SSL-TLS for Secure Communications

Get all you need to know about today's most popular security protocols for secure Web-based communications


==== 3. Security Toolkit ====

Security Matters Blog: Graphical Passwords--What a Concept!

by Mark Joseph Edwards,

Have you heard of graphical passwords? The concept is simple: You pick several icons to represent your password. Then when you want to authenticate, a screen is drawn as a challenge to which you must respond. The screen has numerous icons; you must locate your icons on the screen and click somewhere directly inside the perimeter they create, but not on the icons themselves. Check out a demo in this blog article.


by John Savill,

Q: How do I install the Microsoft Operations Manager (MOM) 2005 agent on discovered computers that don't have the agent?

Find the answer at

Security Forum Featured Thread

Marty needs to strengthen the security of the systems on the production floor of his pharmaceutical company. The computers display the status of various processes. Marty wants this information to remain visible to everyone, but he wants to control who can actually use the system and audit logons. What are his options? Join the discussion at

Share Your Security Tips and Get $100

Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.


==== Announcements ====

(from Windows IT Pro and its partners)

VIP Subscribers have it all!

Become a VIP subscriber and get continuous, inside access to ALL of the online resources published in Windows IT Pro magazine, SQL Server Magazine, and the Exchange and Outlook Administrator, Windows Scripting Solutions, and Windows IT Security newsletters--that's more than 26,000 articles at your fingertips. You'll also get a valuable one-year print subscription to Windows IT Pro and two VIP CD-ROMs that include the entire article database and are delivered twice per year. Don't miss out--sign up now:

Get two FREE sample issues of SQL Server Magazine

SQL Server Magazine is a must-have in 2006! Order your two free issues today and discover the #1 SQL Server resource for building world-class applications. Along with loads of how-to articles, time-saving advice, and expert tips and solutions, you'll get subscriber-only access to exclusive SQL Server content not available any place else. Order now:


==== 5. New and Improved ====

by Renee Munshi, [email protected]

Keep Unwanted Programs Off Your Systems

Faronics Anti-Executable 2.1, available in both Standard and Enterprise versions, prevents unwanted programs from being installed on or from running on a computer. At the time of its installation, Anti-Executable scans the computer and creates a white list of the executables on the system. From that point on, Anti-Executable prevents any executable programs not on the list from being installed or run on the system. Version 2.1 adds Windows Server Update Services (WSUS) support, a Japanese language version, and improved reliability and performance. More information about and trial versions of Anti-Executable are available at

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]


==== Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.