Over at Gamespot you can see some roll over screenshots that shows you the grapical difference between a Windows Vista installation and a Microsoft Xbox (including one Xbox 360 shot). This isn’t groundbreaking information as the Vista version runs on a much more powerful machine, but it’s still interesting to see the actual side by side (well, roll over) comparison.
According to the FILENetworks Blog, this Vista activation crack represents a giant leap forward from previous Vista activation “workarounds”. Using an installable software driver, the Vista BIOS emulation crack fools Vista into the belief that it is running on top of an approved vendor’s BIOS, apparently opening up validation free licensing similar to what an OEM would receive.
I don’t support the distribution of pirated software but, I do marvel at the lengths some bedroom software crackers will go to have the latest and greatest scot free.
This is a brute force hack, meaning it basically keeps throwing random keys at Vista until one seems to work. This can take hours. And then you have to manually check the key.
The KezNews main page includes a disclaimer suggesting that the program was an experiment, and that users should go out and buy a copy of Vista if they really want one. That said, it’s just a matter of time before product keys start floating around the dark corners of the internet.
If you want to test out Vista for longer than the 30-day trial period and don’t want to break the law, you can always extend your trial period by up to 90 days.
[via The Inquirer]
In a story for the Associated Press carried on many online news services this afternoon, one of the directors of Microsoft’s Windows Client Product Planning team appears to make a curious and perhaps astounding statement. Scott Woodgate is quoted as saying that a Black Hat security conference demonstration last August, where virtualization functions were exploited to plant an active rootkit onto a beta of the Windows Vista kernel, scared Microsoft to the point where the company seriously considered removing virtualization capability from Vista entirely.
Ostensibly, the AP article was about Microsoft’s decision to ban Home Basic and Home Premium editions of Vista from serving as guest operating systems in virtualization engines. This was a recent discovery for Macintosh users, though it was public knowledge for Vista users since last July, when Woodgate himself made the announcement.
“We also announced the first of our licensing changes to internalize virtualization into Windows Vista,” read an announcement on his personal blog. “Specifically customers who buy first software assurance and then deploy either Vista Enterprise or Ultimate can install 4 copies of the OS in a VM in addition to the copy on the physical machine for the cost of one license…Download VPC, create up to 4 VMs for various previously incompatible applications and get going.”
By implication, only the business editions of Vista were engineered to include virtualization, and among Vista testers, this was generally understood. However, it became a new discovery to Mac OS X users who attempted to load home editions of Vista into Boot Camp and other virtual environments. The story was run by many services with the subheading, “The puzzling story of why Microsoft prevents some users from upgrading to Vista.”
Virtualizing an OS as a guest, as many software architects will tell you, is not an upgrade of the host system; and many Macintosh users will certainly agree that the ability to virtualize or host Vista does not constitute an upgrade to OS X.
That fact aside, the curious puzzle remains as to whether Microsoft actively considered cancelling Vista virtualization so close to the operating system’s release, and with the Virtual PC 2007 project – an upgrade to Virtual PC 2004 specifically to enable hosting Vista – already well underway. BetaNews has approached Microsoft for further comment, and we’re told it may be forthcoming.
Last June, security researcher Joanna Rutkowska announced she was working on a personal project to create undetectable malware that exploited only publicly known computer functions rather than stealth. She called this project “Blue Pill.”
“The idea behind Blue Pill is simple” Rutkowska wrote for her blog last June. “Your operating system swallows the Blue Pill and it awakes inside the Matrix controlled by the ultra thin Blue Pill hypervisor. This all happens on-the-fly (i.e. without restarting the system) and there is no performance penalty and all the devices, like graphics card, are fully accessible to the operating system, which is now executing inside virtual machine.”
Reports from the conference the following August state that Microsoft’s then-general manager for security Ben Fathi was present for Rutkowska’s presentation, which he watched intently. Fathi later told eWeek that her demonstration was successful merely because she was using a beta kernel, and that the exploit vector she chose had already been fixed in a later build. Indeed, as testers will recall, Vista virtualization was addressed in several builds between the public Vista Beta 2 and the final release candidate.
Fathi discussed Vista beta kernel patching for security holes in an interview with InfoWorld last September. “Creating guest operating systems that sit on top of hypervisors allow us to create better isolation mechanisms,” Fathi stated then, “so that even if malware comes in, it only affects one subset of the machine and not everything else.”
Last October, Fathi was moved to a leadership position within Microsoft’s Core Operating Systems division, but by that time, the finalization of Vista’s business editions was already, and release to manufacturing was but a few weeks away.
If management teams and executives at Microsoft had actually considered removing virtualization from Vista altogether, sometime within the 12-week period between having witnessed Rutkowska’s demonstration in August and releasing Vista’s business editions to manufacturing, it’s difficult at present to pinpoint when that consideration was made, or for how long.
7:45 pm ET February 23, 2007 – Late Friday, a Microsoft spokesperson provided to BetaNews an extensive defense of why virtualization functionality was omitted from home editions of Vista, although the company would not address the question of whether Microsoft – as Scott Woodgate told the AP – considered tossing out all virtualization from Vista after having seen a rootkit demonstration in August. Here is Microsoft’s statement in full:
For production machines and everyday usage, virtualization is a fairly new technology, and one that we think is not yet mature enough from a security perspective for broad consumer adoption. Today, customers using virtualization technology with Windows are primarily business customers addressing application compatibility needs or technology enthusiasts.
For that reason, Windows Vista Home Basic and Windows Vista Home Premium cannot be installed in any virtual machine technology, but Windows Vista Business and Windows Vista Ultimate can. This is regardless of the virtualization stack, applying equally to use with Microsoft’s virtualization technology, Virtual PC, and third-party virtualization technology.
Each virtual installation of Windows requires a new license just as it did for Windows XP except for Windows Vista Enterprise Edition which includes four installations in a virtual machine as part of a single license. Microsoft is committed to working with the hardware and software industry to improve the security of virtualization technologies moving forward with new hardware and software innovations.
Microsoft made statements indicating it would refrain from adopting virtualization functionality with the next version of its operating system as early as Spring 2005.
Windows Vista Home Basic
Think of Windows Vista Home Basic as Vista “Lite.” You’ll get the DX10 support, instant search, Windows Sidebar, and all the security updates; you won’t get the Aero 3D desktop theme, Windows Media Center support, or several other new features and applications that make Vista, well, Vista. The Home Basic version retails for $199 as a stand-alone installation or $99 as an XP upgrade.
Windows Vista Home Premium
Microsoft is positioning Windows Vista Home Premium as the upgrade of choice for most users. The Premium version has the complete user-interface upgrade, including Aero, Flip3D, and live thumbnail icons. The Premium version also has new media applications, including Windows DVD Maker and Windows Movie Maker. Microsoft has rolled Windows Media Center functionality into Vista Home Premium, which will let people use their Xbox 360 systems as media extenders. You should expect to pay $239 for the retail box or $159 for the upgrade version.
Windows Vista Ultimate
The Windows Vista Ultimate edition is for big spenders who want the entire Vista experience. The Ultimate version has all the Home Premium features with a few data and network management features from the Business and Enterprise editions. The main reason to opt for the big package will be to get special access to Windows Ultimate Extras, which are downloadable upgrades that are available only to Ultimate users. Do you remember that full-motion desktop background from the Bill Gates CES 2007 keynote address? That will be an Ultimate Extra. Windows Vista Ultimate will cost $399 for the full installation or $259 for the upgrade.
Windows Vista Business
The Business edition has a lot of the same features as Home Premium. However, the Windows Media Center, DVD Maker, and Movie Maker media applications have been swapped out for extra data backup, remote desktop, and security features. The stand-alone installation costs $299, and upgrades run for $199. Microsoft also offers an Enterprise edition for large-scale IT rollouts that is similar to the Business edition.
Aero is the 3D desktop theme available in the Home Premium, Business, and Ultimate editions. The Vista desktop now uses the video card’s 3D processing power to create translucent windows. You will need a DirectX 9-level GPU to run Aero. For those who are wondering, the Aero desktop won’t hurt game performance.
Remember that Windows start key you tore off your keyboard because you kept on pressing it at the most inopportune times? You might want to find it again because the key actually has a use in Vista. If you press start and tab to switch into a Flip3D mode, you can cycle through your open windows like a rolodex. However, despite Flip3D’s pretty interface, we have to admit that we still use the basic alt-tab function to switch applications.
Vista uses live thumbnail preview images to help speed up multitasking by making it easier to find what you need. You’ll see these file and application preview images when you switch between programs using alt-tab or when you mouse over them in the taskbar. You can also set the view option in your explorer window to display files as thumbnail icons.
Browsing for a file when you’re already in a running application in Windows XP, when attempting to attach a file to an email for example, can be painful. That’s where Vista’s instant search box shines. It helps eliminate the clicks between you and what you want to do. You’ll find the search box built into the start menu, as well as into just about every window. You can also save predefined searches to search folders that will return results with a double-click.
Customized Explorer Windows
Vista has customized command-bar and file-detail organization options for several popular explorer views. The regular explorer command bar lets you organize your files and adjust the view display. There’s also a new “Burn” option that gives you one-click burn-to-disc access. The pictures explorer offers a slide show option, and the music explorer has a “play all” button in addition to the burn-to-disc option.
Vista’s SuperFetch builds upon Prefetch found in Windows XP. Prefetch helped reduce load times in XP because the OS actively tried to arrange the programs you use efficiently in RAM and on the hard drive through a combination of precaching and intelligent defragmentation of your hard drive. Microsoft has improved it in SuperFetch by adding a frequency element to the programs you use to intelligently cache your favorite programs back into memory once you finish using an infrequently loaded program.
Next. Next. Next. When you installed any of the previous versions of Windows, you’d have to babysit the computer because the installer would remember to ask you for yet another trivial bit of information throughout the installation process. With Vista, you’ll be done with clicking within the first minute. Sit back, relax, and go somewhere while Vista installs.
Updating your Windows XP installation means navigating through a myriad of Web pages and praying that the operating system didn’t make you restart your computer too many times before allowing you download real updates. Microsoft left out the Web pages altogether in Vista and simply gives you a list right inside the Windows Update menu within the OS. Like before, you can also turn on automatic updates to have Vista take care of all the maintenance for you.
Quick Boot, Sleep, and Shutdown
Windows Vista sends your computer off to a deep sleep when you hit the power icon instead of shutting the system down completely. The hibernation process is much faster, and the system comes back to life almost instantly when you need to use it. You can still opt for the full power shutdown, but Vista makes turning your computer on and off seem archaic in comparison.
Vista’s ReadyBoost technology will let you use 256MB to 4GB of flash memory as a RAM extender of sorts. Your computer will benefit from ReadyBoost even if you have a large amount of RAM by avoiding using the slow hard drive as a scratch space. Our tests show that systems with 512MB of system memory benefit the most from ReadyBoost, but systems with 1GB or even 2GB of RAM still see some performance improvements.
(Longer bars indicate better performance)
Company of Heroes, 1600×1200, High Quality
System Setup: Intel Core 2 X6800, Intel 975XBX2, 2GB Corsair XMS Memory (1GB x 2), Corsair XMS Memory 1GB, Corsair XMS Memory 512MB, 160GB Seagate 7200.7 SATA Hard Disk Drive, Windows Vista Ultimate Edition. Graphics Cards: GeForce 8800 GTX. Graphics Driver: Forceware 100.54.
Windows Reliability and Performance Monitor
Previous versions of Windows had diagnostic tools, but you had to be rather computer savvy to make heads or tails of them. Vista’s new reliability and performance monitoring tools make it a snap to identify problems and they’ll even provide solutions if available. The daily charts separate errors into clearly defined categories, such as hardware, software, and Windows failures.
With Vista’s new performance diagnostics, you can even test your computer to figure out what parts need upgrading. Vista scores your system in a variety of tests and determines what upgrades you need to improve your computing experience. We’re not convinced that you can abstract PC performance down to a single score, but at least it’s a starting point for novice PC users.
Windows Vista comes with a completely reworked networking stack. The new TCP/IP stack works with IPv4 and IPv6 and supports autotuning and quality-of-service features. Wireless traffic technology receives numerous boosts to better accommodate for lost packets, bad signals, and large amounts of electromagnetic interference. All these features boil down to better, more consistent transfer rates for your existing Internet connection.
Windows Vista includes several new and updated applications. A couple of the programs, such as Windows Media Player 11 and Internet Explorer 7, are available free for Windows XP users. Some programs, such as Windows Sidebar and Windows Mail, are available in all Vista editions, but Home Premium and Ultimate users get access to Windows Movie Maker and Windows DVD Maker. Windows Media Center had its own special Windows XP edition, but the application is now built into Windows Home Premium and Windows Vista Ultimate. Windows Media Center will let you use your Xbox 360 to stream digital media stored on your PC over the network.
The Windows Sidebar is a docking station for small gadget applications on the desktop. Vista ships with basic Sidebar gadgets, such as a clock, weather monitor, RSS feed reader, and stock ticker. Users will also be able to download a variety of third-party gadgets. We downloaded a Sudoku game and a Digg feed reader. Unfortunately, the only local traffic monitors available so far appear to be dedicated to Microsoft’s home turf in the greater Seattle, Washington, area.
Windows Photo Gallery
Windows Photo Gallery looks to be a great photo management tool. The organization features make photos easy to find. The command bar gives you quick access to several useful actions, including a “Fix” selection that lets you adjust the image color and exposure. There’s also a red-eye correction.
Windows Movie Maker
Windows Movie Maker looks like the Windows Movie Maker from XP, but it has a graphics upgrade.
Windows DVD Maker
Windows DVD Maker lets you make a DVD with your photos and movies. The program makes the DVD-authoring process incredibly easy, maybe too easy. You can expect to see a rise in the number of video Christmas cards this year.
DirectX 10 brings more than a few things to the table: smarter resource management, improved API and driver efficiencies, and modifications that shift work from the CPU to the GPU. Giving the GPU more efficient ways to write and access data will reduce CPU overhead costs by keeping more of the work on the video card. The end effect of all of this is to improve performance and increase graphical complexity.
Live for Windows
If you own an Xbox or an Xbox 360, you’re probably already familiar with Xbox Live. Now it’s coming to the PC, as well as mobile devices. Live for Windows will let you interact with your buddies using the same gamertag you’ve been using on your Xbox 360. You can monitor your friends, send messages, and even challenge each other to online matches. However, not all Live for Windows enabled games will have cross-platform online play. Shadowrun and Uno will let Vista owners and 360 owners play against each other, but Halo 2 won’t. Many of us will still end up buying Halo 2 for Windows just to earn achievement points. (Yep, they’re in there.)
In older versions of Windows, each game you installed would make a few folders in the start menu, add probably a half-dozen icons, and then drop off an icon or two onto the desktop for good measure. With the new Games Explorer, new games, under the Games for Windows banner, will install one icon into the Games Explorer. You can also find the games included with Vista in the Games Explorer. Folks who get the premium versions of Vista will get Chess Titans, Mahjong Titans, and InkBall in addition to the playing card games.
Bad for kids but good for parents, Vista’s new parental controls let mom and dad monitor their children’s Internet usage, limit the amount of time they get to spend on the computer, and even block access to games and programs deemed too mature for the adolescent consumption.
Internet Explorer 7
It’s not a Vista exclusive, but Internet Explorer 7 has a number of security improvements designed to protect users from malware and phishing scams. The Vista version also operates in protected mode for extra safety. Many of us have already switched over to Firefox for security reasons. There aren’t enough improvements in IE7 to get us to switch back on current XP machines, but the new browser might be good enough on fresh Vista installations to save us from downloading and installing another browser.
Windows Defender is Microsoft’s spyware and pop-up protection program, which is now built into Windows Vista. It is free a download for Windows XP users, but it isn’t a part of the full installation.
User Account Control
Windows Vista’s User Account Control protects users by changing the level of access users have on the system. Many Windows XP users operate in administrator mode for convenience in hardware and software installations, but all that access means malware can do a lot more damage if it manages to get into the system. UAC in Windows Vista will prompt the user before performing any major system-level actions, such as software installations or when you try to access such restricted features as parental controls.
The good news is that you can still proceed with these actions from a standard user account by entering in the administrator password. The bad news is that UAC seems to be as hypersensitive as the Boston public safety officials. Expect to get hit by UAC prompts frequently as you set up your Vista system. UAC has the potential to be very annoying, but like the bumper sticker says, “freedom isn’t free.” We’ll let you know when the UAC oversteps its bounds with illegal wiretaps.
BitLocker Drive Encryption
Vista Ultimate and Vista Enterprise both have BitLocker drive encryption to protect your data in case of theft. BitLocker basically encrypts your entire Windows hard drive and should operate just like a normal Vista installation in day-to-day use. You will need at least two partitions on your hard drive to enable BitLocker. One partition will be encrypted; the second unencrypted drive will be used to start the system. You will also need a Trusted Platform Module-enabled motherboard or a USB thumb drive.
If you’re ready to the make the jump from Windows XP, you can also download upgrades for Windows Vista Home Basic, Windows Vista Home Premium, Windows Vista Business, or Windows Vista Ultimate. For more news, reviews, video, and galleries of Windows Vista, see CNET’s extended coverage.
This security download provides instructions and recommendations to strengthen the security of desktop and laptop computers running Windows Vista. It also includes tools, step-by-step procedures, recommendations, and processes that significantly streamline the deployment of Windows Vista for IT pros.
These guides from Microsoft provide detailed information about how to control device installation using Device Management and Installation (DMI), and how to manage ADMX files. They also provide instructions for protecting data using BitLocker Drive Encryption.
This instillation kit is designed to help Original Equipment Manufacturers (OEMs), system builders, and corporate IT professionals deploy Windows onto new hardware. The Windows AIK includes a new set of deployment tools supporting the latest release of Windows.
This Vista compatibility lab walks software developers through the specifics of the new OS. It focuses on solutions to help customers running third-party applications have a better experience on Microsoft Windows Vista.
Compiled by Microsoft employees who actually participated in the development of Windows Vista, this comprehensive feature-by-feature guide is the definitive resource for learning all the details about the OS.
Make sure your computer is ready for Windows Vista. This free download helps you determine whether your current hardware can run Vista, and it makes recommendations based on Vista’s requirements. You also can use it to check whether your Windows Vista machine is capable of upgrading to a more powerful edition.
This all-in-one app bundles 28 different utilities to optimize, tweak, and tune up your Windows Vista machine. Improve performance and security, clean Registry and junk files, optimize network connections, uninstall programs easily, and manage start-up items.
Customize hidden features of Windows Vista to optimize your machine and micromanage the operating system to fit your specific needs. TweakVI bundles a slew of utilities in this suite, which combines both tuning and performance features.
Whereas one job of a personal firewall is to block potentially malicious inbound connections to your machine, another is to block potentially malicious outbound connections. For example, if some malware does find its way onto your system and then it attempts to “phone home” with whatever sensitive data it may have found, a good personal firewall should stop most outbound communications dead in their tracks until the end-user explicitly allows it (one problem with such conditional blocking is that end-users are rarely presented with enough information on which to base a decision).
An old theme with the personal firewall that Microsoft offered for Windows XP (Service Pack 2) is how it was pretty useless given the way it only offered inbound blocking. In fact, back when that firewall first came out, I pointed out how it was worse than having no firewall at all. With no firewall, at least you know you have no firewall. But, with a firewall that doesn’t work, you’re led into having a false sense of security.
So, while Microsoft’s anemic firewalls are an old them, you’d think the problem would have been corrected in Microsoft’s Windows Vista. According to CNET’s Robert Vamosi, perhaps you should think again. Writes Vamosi:
In Windows Vista, Microsoft says its new Windows Firewall is now two-way, that it adds outbound protection, but a closer look reveals that this is more deceptive marketing spin. With Windows Vista what you get turns out to be a half-cocked firewall that’s hardly worth the upgrade.
Vamosi goes onto describe how Vista’s personal firewall has the blocking and tackling of outbound connections backwards.
With most personal firewalls (and network firewalls), an outbound connection is only allowed when the firewall wall has been programmed with a rule that allows it. That’s good. From the moment such a firewall is installed, nothing is allowed until a user (or network administrator) says it’s allowed. The first time after most personal firewalls are installed, those firewalls present users with a rules wizard each time an application on their PC tries to connect to the Internet. In most cases, the wizard makes it pretty easy for users to make one of four choices:
- Block the type of outbound communication (specific application accessing a specific network port) this time.
- Block the type of outbound communication permanently.
- Allow the type of outbound communication this time.
- Allow it permanently
But, with Windows Vista’s firewall, it works the other way around. All outbound communications are allowed permanently until a rule has been created to explicitly block it. Despite Vamosi having routinely voiced his concerns about Vista’s firewall before Vista shipped, Microsoft moved forward with what he believes to be a “half-cocked” design anyway. According to Vamosi, Microsoft’s explanation for its decision has been that having to walk through the many wizard-driven pop-ups that would occur shortly after the first time Vista gets installed would be a poor out-of-the-box experience and that users would become de-sensitized to the prompts. Vamosi disagrees and so do I. Offering an outbound-blocking that, out-of-the-box blocks nothing until an end-user or network administrator takes explicit and deliberate steps to block it.
But it gets worse.
Vamosi goes on to note the difficulty in taking those deliberate steps and to validate his findings, I tried it myself and created an image gallery so you can trace my steps. But first, here’s what Vamosi said:
Writing exceptions is fine, except if you are a solo home user with no idea what to block or even how to block it. Home users of Windows Vista are again paying the price for having a stripped-down operating system designed for a corporate enterprise running on their PC. Unless you are an IT administrator, unless you know where to look, you’re unlikely to tweak the advanced firewall settings.
And, as you will see from my image gallery, adding outbound blocking rules to Vista’s personal firewall couldn’t be more unintuitive. Even for experienced users. For starters, after I installed Firefox, nothing stopped it from accessing the Web (confirming that applications are, by default, allowed outbound access). Looking to disallow Firefox from accessing the Internet, I clicked on what, to me, was the most obvious thing to click on in order to engage the “block”: a link in Vista’s Control Panel that says “Allow a program through the Windows Firewall” that appears under some big bold text that says “Windows Firewall.” Seems obvious enough, right? But, as you will see from the the various firewall configuration dialogs I encountered, not only won’t intuition get you nowhere, the dialogs are actually counter-intuitive. For example, when one goes down this rather obvious path to configure the firewall, there is no context whatsoever when it comes to distinguishing between inbound and outbound blocking. Vista users can expect to encounter advanced terminology like “exceptions” and “ports” which is doubly confusing because of the following explanation:
Exceptions control how programs communicate through Windows Firewall. Add a program or port exception to allow communications through the firewall.
First, as I just mentioned, it makes no reference to inbound or outbound blocking. But just the fact that it says “programs communicate through Windows Firewall” sounds “outbound” to me. It doesn’t say “how remote computers and sites communicate through Windows Firewall.”
So, in contrast to what Vamosi says, it sounds like in order for an application to communicate through Vista’s firewall, it has to be added to the list of programs and explicitly “allowed.” How else would you interpret the above language? But, as I already told you, within seconds of installing Firefox, it was given carte blanche access to the Internet thus disproving my interpretation. My first assumption was that maybe the text has it backwards; Perhaps this exceptions list works the other way around and anything that’s on it is blocked from communicating. But adding Firefox to the list had no impact. So then, what is this list for? Thinking I might be able to get my answer by studying a single entry on the exceptions list a little more closely, I went back to the exceptions list (which is pre-programmed with a bunch of stuff I don’t recognize), single-clicked on the only item that was checked (Core Networking), and clicked the “Properties” button which yielded the following graphic:
As you can see it has a link that says “How do I view and edit all properties?” Eureka! I thought. That’s where I’ll get to see how the Windows Firewall is configured to block either in or outbound communications with the Core Networking component.
Sadly, as you will see from my image gallery, I was taken to a list of Frequently Asked Questions and even worse, none of them were the question I clicked on. But, while I was there, one of the FAQ questions seemed to address the confounding language in the UI that I encountered earlier. It asked “What does allowing a program trough the firewall mean?” I clicked it and here’s what it said:
Allowing a program through the firewall, sometimes called unblocking, is when you create an exception to enable a particular program to send information back and forth through the firewall [DB’s note: There it is! Back and forth! So, is this both in and outbound?] You can also allow a program through the firewall by opening one or more ports.
Unfortunately, as my little test with Firefox revealed, this FAQ answer is pretty much useless.
As it turns out, there is a way to configure outbound blocking in Vista’s firewall. If you go to Control Panel > System and Maintenance > Administrative Tools > Windows Firewall with Advanced Security, you will see Vista’s current lists of inbound and outbound and outbound rules (see graphic below, sorry about the text pixelation.. this often happens when resizing graphics).
Added bonus for me: the Firefox rule that I created earlier appeared on the inbound list. So now we know what that’s for! But, there are still three major problems. First, the one Vamosi alluded to in the first place. Applications should be blocked by default. Second, when accessing the primary UI for Vista’s firewall, it is there that users should have very wizard-driven access to both in and outbound rules (or, at the very least, a fast link to get to the rule authoring tool over in Control Panel’s admin area). Third, the rule authoring interface is really for rocket scientists. For example, when I went to browse for an application to block, it started me in the System32 directory instead of just giving me a list of applications. Then, where I should have had the opportunity to block specific domains (something any firewall should be able to do in its sleep), I was only allowed to key in IP addresses.
So, the bottom line is that once again (actually, nothing has changed), the Windows Firewall is actually worse than having no firewall at all since (a) its presence leads you to believe that your computer is protected by a firewall when it really isn’t (a false sense of security), (b) the system offers nothing in the way of a suggestion that encourages users to establish outbound rules, and (c) is nearly impossible for mortals — the majority of Windows users — to configure.
It would behoove Microsoft to follow Vamosi’s advice on this by doing two things. First, engage outbound blocking by default. Second, when, through its “blocked by default” policy, a dialog box asks the user what Windows should do next, make sure it’s dirt simple. Third, as a part of that dirt simplicity, allow inbound blocking by not just IP address, but by domain or subdomain as well. For example, every time a Web page (including some of ZDNet’s) pulls content in from the amch.questionmarket.com subdomain (as opposed to just questionmarket.com), my browser has to think about it for well over a minute before the page finally loads, if it loads at all. The problem has me wishing that, by configuring my firewall to block certain domains, my browsers will simply overlook those domains when it hits Web pages that call upon them. Microsoft will get bonus points for adding right-click firewall rule programming from Internet Explorer.