Microsoft announced that Vista (whenever it becomes a real product) will ship with outbound firewalling turned off. The reason: it's too "tricky" for Windows users to understand ("But I just can't imagine individuals dealing with outbound protocols and ports on their own. The idea of an outbound firewall is pretty darn technically tricky for the average user.").
Well, what isn't?
Seriously. We all know that most users don't even begin to understand what is happening and why. Heck, there's plenty of Windows stuff that most tech folk don't grok: open up a random tree in the registry and tell me what each entry really does. Most of us wouldn't have a great advantage over Joe User.
But does that mean Joe is a hopeless air-head who can't understand anything? Sometimes, sure. But really stupid people are just as rare as really bright folks. Maybe the problem isn't Joe User but Joe Programmer?
Let's say Vista left its outbound firewall on and Joe is presented with this message:
Foobar.exe attempting TCP port 25 to 22.214.171.124. Allow?
I certainly agree that Joe probably isn't going to understand that. You and I would, but Joe wouldn't. So no firewall software is likey to present it like that. No, instead it will probably say something like:
Foobar is trying to access the internet. Allow?
The problem with that is that it's not enough information. How the heck would Joe or I know whether that's OK or not? I've seen that message when telneting inside a lan - it's pretty stupid because telnet was NOT trying to access the internet. A paranoid user who knew that might say "No" to the access and then wouldn't be able to do their job.
How about instead the messages went something like this:
A program named foobar.exe is attempting network activity.
Foobar.exe does not appear to be part of any application you installed on this computer. It is attempting to reach the Internet mail interface (port 25) of a machine outside of your network (hobo.xyz.com, 126.96.36.199).
Suggested action: Do not allow. This may be a virus or trojan program.
And for our telnet?
The telnet.exe program is attempting network activity.
Telnet is part of Windows and appears not to have been modified or corrupted. It is attempting to reach its normal interface (port 23) on a machine within your network (unixbox, 192.168.2.3).
Suggested action: Allow always.
Would Joe understand those? I think most Joes would. Informative and intelligent messages aren't all that hard to create, and would allow ordinary users to make intelligent decisions about their firewall rules.
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2009-11-07 Anthony Lawrence