windows 7 firewall

JeffBeall
JeffBeall used Ask the Experts™
on
is there a way in win7 firewall to block all connections, then open things as needed?
I was looking at my current setup, and there are a lot of things being allowed
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Here is a youtube video on how to do this

http://www.youtube.com/watch?v=tOl5xGA_gdc

Author

Commented:
actually never mind, I highlighted everything and chose disable rule. I did this for inbound and outbound rules.
but this spawned another firewall question,
with all the inbound and outbound rules disabled, I can still get out to webpages. I thought that if everything is disabled, i shouldn't be able to do anything.
also, is there a service I can restart to make the changes take effect without rebooting the pc?
Natty GregIn Theory (IT)
Commented:
comodo firewall will do what you ask with less headache
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

Author

Commented:
I can only use approved software at work. so windows firewall is it, no third party stuff.
Distinguished Expert 2018

Commented:
Be aware that Microsoft themselves call the concept of blocking outgoing traffic "security theater", read http://technet.microsoft.com/en-us/magazine/2007.06.vistafirewall.aspx

Author

Commented:
so i read the article McKnife and it's interesting to think that blocking outbound connections through the firewall is just "security theater"
if I understand this correctly, it means that all outbound connection are allowed, unless it is specifically denied. But even if the out bound connection is denied, the guy who wrote the article said that a virus, or malware would just take over an existing out bound connection and use it instead.
is that how windows connections are setup?
Distinguished Expert 2018
Commented:
"is that how windows connections are setup?" - the technical details can hardly be put in one or two sentences. If there is a virus, it may be so smart not to "phone home" by itself but to instruct a browser to do it for him (as browsers are normally present and allowed to do outgoing connections). How easy that is, I don't know myself, I saw it demonstrated in a video of some hacker congress as proof of concept.

Author

Commented:
thank you

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial