Windows-Vista-AIO-Excerpt (new window)
Contents
1. File Action View Favorites Window Help e 2G gt eG 1 Console Root Name Group Enabled Action 4 Windows Firewall p e Ej Inbound Rule core Networking Destination Unreacha Core Networking Yes Allow FT nd Rul B Core Networking Destination Unreacha Core Networking Yes Allow Su Connection S B Core Networking DNS UDP Out Core Networking Yes Allow B Monitoring 0 Core Networking Dynamic Host Configu Core Networking Yes Allow B Core Networking Group Policy LSASS 0 Core Networking Yes Allow core Networking Group Policy NP Out Core Networking Yes Allow core Networking Group Policy TCP Out Core Networking Yes Allow B core Networking Internet Group Manag Core Networking Yes Allow B core Networking IPv6 Pv6 Out Core Networking Yes Allow B core Networking Multicast Listener Don Core Networking Yes Allow B core Networking Multicast Listener Que Core Networking Yes Allow Core Networking Multicast Listener Rep Core Networking Yes Allow og riley lil Program Svstem System System System System System System System System System System System Local Ad Any Any Any Any Any Any Any Any Any Any Any aw G Actions Outbound a New Y Filter gt Y Filter gt Y Filter E View gt a B J Book III Chapter 3 SPJEMIO4 pue spiemyoeg JJEM9114 SM2. stealthy because if it sends back a packet that says Hey I got your packet but I can t let it through the bad guys get an acknowledgment that your computer exists they probably can figure out which firewall you re using and they may be able to combine these two pieces of information to give you a headache It s far better for Windows Firewall to act like a black hole How do you know when you need a port Most first time firewallers are overwhelmed by the idea of opening a port Although you need to treat ports with care an open portis a security threat no matter how you look at it sometimes you really need to open one How do you know when you absolutely have to open a port Usually you get a phone call like this Dude My game won t hook up with your game You got a firewall or somethin 77 Uh yeah I m running Windows Firewall Pshaw man You want to play Frumious Bandersnatch you gotta open ports 418 419 420 an 421 Does Frumious use UDP or TCP What s TeeCeePee some kinda disease dunno man just read in the instruction book that ya gotta have 418 419 420 an 421 open Doncha ever read the manual dude At that point you guess that Frumious Bandersnatch uses TCP that s the most common choice you run through the Security Center to liberate the four ports and you have the game working in 30 seconds flat Making Inbound Exceptions 239
3. You can tell WF to let packets through according to three separate criteria see Figure 3 8 Windows Firewall Settings ex General Exceptions Advanced Windows Firewall is currently using settings for the private network category Programs that you unblock will be unblocked for all networks in this category What are the risks of unblocking a program To unblock a program or port select its check box Program or port OBITS Peer Caching Service Figure 3 8 toa Networks Projector Tell Distributed Transaction Coordinator 7 7 MFile and Printer Sharing Win d ows Media Center Extenders Firewall to IM Network Discovery II Opc to Pc Sync allow spe Remote Assistance cific kinds of C Remote Event Log Management P O Remote Service Management p ac kets into Routing and Remote Access pe your PC by M indana Pall harstinan Came har pul Nanintentinn Carina using the Add program Add port Properties Ex ce ptio ns V Tell me when Windows Firewall blocks a program tab Book lill Chapter 3 You ll find a list of more than a dozen predefined services that you can s allow or disallow for example File and Printer Sharing Remote 2 A n Assistance Remote Desktop and the UPnP Framework Many of these e g check boxes are selected automaticallv when vou need them for exam 24 TEm ple Vista selects the Remot
4. other computers on the network to see your computer You take your laptop to the Sandwich Shoppe and connect to the wireless network there Vista asks whether this is a private or public network and you respond by saying Public Similarly you take the laptop to Patong Airport and connect to the net work there Vista asks whether this is a private or public network and you respond by saying Public Then you take your laptop to work and connect to your company s Big Corporate Network This time you may not have to tell Vista anything it knows that you re on a domain and all the security settings that the network admin has established get pushed onto the PC If there s any doubt Vista asks and you tell it you re at Work X G amp Set Network Location Select a location for the Patong Airport network Windows will automatically apply the correct network settings for the location Figure 3 2 ce ibku i e Choose this for a home or similar location Vour computer is discoverable and Everv time you can see other computers and devices you connect Work toanew i Choose this for a workplace or similar location Vour computer is discoverable network and vou can see other computers and devices r Vista asks whether it s Public location 4 Choose this for airports coffee shops and other public places or if you are a private directly connected to the Inte
5. Rear pair Click any speaker above to test it Next JI Cancel Book VIII Chapter 1 Jd 19 U9 eipayy e Guredoiq 63 0 Getting Windows in Gear Or you can click Cancel to exit the Sound dialog box then click the red X to exit the Control Panel You re now ready to faithfully reproduce the sound of point one hand clapping in full 5 1 or 7 1 or heck 149 1 surround sound
6. and protocol consult the documentation for the program or service you want to use Name Frumious Bandersnatch Port number 418 Protocol TCP UDP What are the risks of opening a port l Change scope OK l Cancel Book Ill Chapter 3 SPJEMIO4 pue spjemjoeg JJEM9114 SMOPUIM 242 Making Inbound Exceptions 3 Type the port number that you want to open Select TCP or UDP as the protocol if in doubt stick with TCP give the exception a name and click OK See the section Speaking Your Firewall s Lingo earlier in this chapter for a description of TCP and UDP The Windows Firewall dialog box gets a new exception entry for the port you just entered see Figure 3 11 Windows Firewall Settings General Exceptions Advanced Windows Firewall is currently using settings for the private network category Programs that you unblock will be unblocked for all networks in this category What are the risks of unblocking a program To unblock a program or port select its check box Program or port gt IBIS Peer Caching Service ns C Connect to a Network Projector l Core Networking CI Figure 3 1 1 Distributed Transaction Coordinator HA M File and Printer Sharing Individua Amos ea ports th at C Media Center Extenders V Network Discovery you add Opc to Pc Sync manua ly IMI Problem Reports and Solutions DI R
7. but in conjunction with the firewall running on your PC Understanding Vista Firewall s Basic Features 227 If you find yourself spending too much time fighting Vista s firewall consider shelling out the bucks for a top notch firewall such as ZoneAlarm www zonelabs com Norton Personal Firewall www svmantec com Trend Micro s PC cillin Internet Security www trendmicro com and so on Run a Google search on firewall reviews for the latest features and price comparisons Understanding Vista Firewall s Basic Features All versions of Vista ship with a decent capable but not foolproof stateful firewall called Windows Firewall WF see the nearby sidebar What s a stateful firewall WF s basic characteristics are as follows ov Y 04 4 WF s inbound firewall is on by default Unless you change something Windows Firewall is turned on for all the connections on your PC So for example if you have a LAN network cable a wireless networking card and a modem on a specific PC WF is turned on for all of them The only way Windows Firewall gets turned off is if you deliberately turn it off or if the network administrator on your Big Corporate Network decides to disable it by remote control or install Windows service packs with Windows Firewall turned off which may be a good choice in some cases WF settings for inbound protection can be changed relatively easily When you make chang
8. center of all your audio and visual equipment and the ability to control all that and more with a remote from across the room With the Xbox Media Center extender your game machine can tap into the full Vista Media Center as well And do it uh well Here s what Media Center offers that most people want The ability to record TV shows with instant action replay yes it keeps recording the halftime show while you watch Justin Timberlake again easy recording setup via a program guide and a tiny TV mini screen that appears just about everywhere you might want it Best of all you can copy the recorded TV shows at least the ones that aren t protected like HBO broadcasts to DVD The full spectrum of Windows Media Player capabilities they re extensive see Book VII Chapter 1 with a gorgeous user interface all wide screen friendly all accessible via remote A window into Vista s Photo Gallery see Book VII Chapter 4 one cen tral location for all your photo stuff transferring pics and videos from a camera playing videos ripping and burning CDs and DVDs leafing through photos running slide shows and making prints Internet Explorer sorta on a big screen controlled by remote All the bells and whistles you would expect from a souped up PC that s wired for sound And video If you have good audio or video equipment you ll want to control it through Media Center That said Media Center isn
9. s on but it doesn t block a thing unless vou tell it to Whereas the inbound firewall offers the different levels of settings and enables vou to further tweak those settings the outbound firewall has onlv two basic functions blocking a program or port or some thing else you select and unblocking a program vou ve previously blocked To show you how the outbound firewall works permit me to step you through an example Consider that yet another security hole has been dis covered in Internet Explorer IE and that you want to ensure that IE isn t allowed to connect to the Internet Perhaps you use Firefox and you want to make sure that Vista or Windows Media Player or Outlook or Windows Update doesn t surreptitiously crank up IE and turn it loose on the Web In firewall terminology I want to block IE from making any outbound connec tion Here s how to do it 1 Click the Start button Immediately type mmc and press Enter After you click through a security dialog box the Microsoft Management Console appears see Figure 3 12 Consolet Console Root q fu File Action View Favorites Window Help eI Ee em I Console Root Name Actions Console R 4 There are no items to show in this view More gt Book Ill Chapter 3 SPJEMIO4 pue spremyoeg JJEM9114 SMOPUIM 2 44 Coping with Vista s Outbound Firewall Figure 3 13 Add the Windows Firewall with Advanced Secur
10. t for everybody In particular it has these drawbacks Bugs Media Center has gone through more than its fair share of bugs over the years With deep hooks into Vista Windows Media Player Photo Gallery Internet Explorer and a half dozen lesser luminaries in the Windows pantheon Media Center falls prey to bugs in many of the major Windows applications and it adds another layer all by itself If swatting bugs and rebooting your computer gives you the willies give Media Center a pass Limitations Limitations are legion As of this writing you can drive a TV screen from your Media Center system but you can t control another PC An hour of recorded TV takes up more than a DVD s worth of space unless you use the Fair quality setting Do Vou Need Media Center 62 1 Of course the biggest limitations center around Digital Rights Management and thev aren t all exclusive to Media Center If vou record vour favorite TV show on vour Media Center svstem in Fair qualitv of course can you burn it to DVD and then watch the DVD on a neighbor s DVD player On another PC The answers aren t cut and dried If you rip a CD that you bought on your Media Center computer can you play the tracks on your iPod Can you play them on the computer in the bedroom Can your son take them to school on his portable Sure you can use Media Center with its direct link to Media Player to buy music from URGE and other companies that give
11. they aren t par ticularly if vou re connecting a TV When you go out shopping make sure that you get the right kind of cables You can try to figure out whether you need a composite RCA cable an S VHS cable a DVI cable or a reversible 3 plug mini DIN with imploded wombat RJ 945 cable but why sweat the hard stuff If you have any doubt about what kind of cable you need haul out your digital camera and take close up shots of the connectors on the back of your computer and on the back of your TV Then schlep the camera to the shop and ask the salesperson to figure it out Hey that s what he s paid to do Speaker cables that are long enough to go well you get the idea swear the speaker cables that ship with Media Center PCs are never long enough Make sure that you get the right kind of connectors on the ends No I never pay extra for ultra fancy cables but you might want to Remote hardware Some Media Center PC systems don t have key boards or mice I think that s a huge mistake At least until Microsoft brings more functions into the Media Center umbrella occasional trips out to Windows itself are inevitable and for those you re going to want a keyboard and mouse If your Media Center PC sits in a cramped dorm room running for the keyboard is no big deal but if you have to get up off the couch and find a chair to put in front of the computer it s a pain in the neck A nice bottle of wine Need I e
12. video card Your graphics card may the problems and their solutions are roughly the same 29 be a little different Each video card manufacturer does things differentiv but Here s the core of the problem Vour video card probablv has three connec tors on the back In the normal course of events onlv two of the connectors work at the same time One handles computer stuff which appears on vour computer monitor and the other handles video stuff which appears on your TV You have to tell your video card which connector has the com puter monitor and which has the TV Here s how 1 ov ri 04 Connect the cables Each board is a little different and each TV is a little different But vou need to attach vour computer monitor to the video card probablv with a VGA cable or a DVI cable if vou have a newer monitor and vour TV to the video card probablv with an SVHS cable or the three cable red green blue made for DVD connectors but possiblv with a DVI cable or some other combination Identifv vour video card Video companies change drivers like Paris Hilton changes traveling com panions To make things worse Microsoft Update mav not even advise you when a new video driver becomes available To make sure that you get the latest click the Start button right click Computer and choose Properties Device Manager from the context menu that appears Click the Continue button to get through the User Account Control dialo
13. you through the assembly process Go ahead and benefit from others experience Gathering the tools for an easier setup The folks at the computer store sold you everything that you need But I can guarantee they forgot a couple of items that you will surely want Before you assemble the beast you need to run out and pick up what they forgot In particular you need the following items A UPS uninterruptible power supply If the sales droid let you walk out of the shop without a UPS he should be lashed No a surge protec tor isn t good enough You need a UPS big enough to handle your com puter and any other sensitive hardware that s hanging around TV network hub DSL or cable modem scanner external drives or USB hubs the whole nine yards No you don t need to plug your printer into a UPS and you should never plug a laser printer into a UPS Laser printers draw a tremendous amount of power a laser printer will probably blow out your UPS when it starts and even if your UPS doesn t end up a heap of smoldering goo if the power goes out the UPS will die in seconds from the laser printer s power drain Lots of power strips The ones that plug into the UPS don t need surge protection but any that plug straight into the wall should have surge protectors Anything with a brick that converts AC current to DC which you com monly find with laptop computers telephones modems and so on does n t r
14. Cor BB Security Templates Microsoft Cor adhe Services Microsoft Cor f Shared Folders Microsoft Cor Task Scheduler Microsoft Cor _ Select Computer l TPM Management Microsoft Cor 17 i View and update yo Microsoft Cor Select the computer you want this snap in to manage Microsoft Cor sf WMI Control Microsoft Cor S B Local computer the computer this console is running on 5 Another computer Description Configure policies that provide enhanced network se j Figure 3 14 The WFWAS snap in allows you to set inbound and outbound firewall rules Figure 3 15 WFWAS lists all the available firewall rules Coping with Vista s Outbound Firewall 245 i Consolel Console RootiWindows Firewall with Advanced Security on Local Computer iti fi File Action View Favorites e a 0 Console Root a fi Windows E3 Inbour Outbo jg Conne Window Help a Windows Firewall with Advanced Securty provides enhanced network security for Windows computers Private Profile is Active M Monit _ Inbound connections are blocked by default Outbound connections are allowed by default Windows Firewall is on Public Profile Windows Firewall is on _ Inbound connections are blocked by default Outbound connections are allowed by default E Windows Firewall Pr
15. GO Network and Internet x Network and Sharing Center 4 Search p ms Network and Sharing Center View computers and devices View full map Connect to a network i Set up a connection or network 4 Mu e _ Manage network connections SANUK SeaBreeze Internet Diagnose and repair This computer L SeaBreeze Private network Customize Access Local and Internet Connection Local Area Connection View status R Sharing and Discovery Network discovery e On File sharing e On 1 Public folder sharing On v Printer sharing e On vy Password protected sharing e Off Seealso Media sharing e On j Internet Options Windows Firewall Show me all the files and folders I am sharing Show me all the shared network folders on this computer Book Ill Chapter 3 SPJEMIO4 pue spiemyoeg pema SMOPLIM 23 4 Using Public and Private Networks 3 If you want to change a private network to a public network in other words if you want to apply the more stringent public firewall set tings to this connection click the Customize link to the right of the Private Network line Vista opens the Personalize Settings for Network dialog box shown in Figure 3 4 min Ww amp Set Network Location Customize network settings Network name SeaBreeze Location type W Public Discovery of other computers and devices will be limited and the use of
16. Microsoft a cut but if you buy a song from iTunes can you play it on your Media Center PC Tough questions If they concern you ask people who own and use Media Center at for example http channels lockergnome com media before you buy Windows Media Center remains the 800 pound gorilla of the genre When Comedy Central thinks online it thinks Media Center with content that s specifically WMC friendly and adapted to Media Center through and through see Figure 1 1 The same with NBC and ESPN Time Warner may be another story but if you want to stay near the bleeding edge of computerized home entertainment content Media Center s the product of choice MediaCenter Fg eoverorive Media showcase cay Men TV amp Movies ae 4 Remote Resor DS MOMMA J Games Music amp Radio News amp Sports Figure 1 1 P Comedy Games a aa a Central Fi K Book VIII thinks Lifestyle Toe ry titan TV peek yi Movielink MY CHANNEL apter Center appearing E front and 2 center on ae the Media Watch your favorite D Center shows original series amp g Showcase more 622 Organizing the Normandy Invasion Organizing the Normandy Invasion AW So vou have eight big boxes sitting on vour living room or dorm room or office floor and the first debilitating pangs of buyer s remorse have set in That s normal Not to worry The following sections offer a handful of tips that can help
17. Ne Private No Allow System Any al connect to a Network Projector WSD Eve Connect to a Ne Private No Allow System Any View gt connect to a Network Projector WSD Eve Connect to a Ne Domain No Allow System Any iw connect to a Network Projector WSD Out Connect to a Ne Domai No Allow System Any Mi B core Networking Destination Unreacha Core Networking Domai Yes Allow System Any 8 Refre B core Networking Destination Unreacha Core Networking Domai Yes Allow System Any Expor i r 4 i 14 Go ahead and try it Try to get Internet Explorer to work I dare ya No way IE gives you the notice Internet Explorer cannot display the webpage Heh heh heh 15 To get rid of the rule right click it and choose Delete When WFWAS asks whether you are sure that you want to delete the rule click Yes Try Internet Explorer again and it works like a champ Imagine setting up rules like that manually for every program that you want to block from going out on the Internet Now you know why I say that Vista s outbound firewall is an ornery snarly piece of software Individual program blocking s only part of the story of course If you set the outbound firewall to trap everything headed out of your machine you d probably spend most of your waking hours for the next ten years writing exceptions similar to this one to allow good programs to get out Decen
18. OPUIM 2 46 Coping with Vista s Outbound Firewall Figure 3 16 A wizard helps guide you through the creation of an out bound firewall rule 6 On the right under Actions Outbound choose New WFWAS responds with the first pane of the New Outbound Rule Wizard see Figure 3 16 if New Outbound Rule Wizard EX Rule Tvpe Select the tvpe of firewall rule to create Steps Rule Type What type of rule would you like to create Program Action Program e Profile Rule that controls connections for a program Name Port Rule that controls connections for a TCP or UDP port Predefined Rule that controls connections for a Windows experience Custom Custom rule Leam more about rule types Net gt Cancel 7 For this example I want to block a program Internet Explorer so I make sure that the Program option is selected and then click Next The wizard asks whether you want the rule to apply to all programs or to a specific program Select the This Program Patch line and click the Browse button The wizard wants you to pick the program that s going to be blocked by this rule In the Look In box navigate to c Program Files Internet Explorer Then in the Name column click iexplorer exe and click the Open button That tells the wizard that you want to block Internet Explorer which is really the program iexplore exe Your wizard should look like Figur
19. Windows Vista ALL IN ONE DESK REFERENC BOOKS 139 By Chapter 3 Windows Firewall Backward and Forward In This Chapter Discovering what Windows Firewall can and can t do Knowing when Windows Firewall causes problems and how to get around them Struggling with the bare bones outbound Windows Firewall 1 Making Windows Firewall work the way you want A firewall is a program that sits between your computer and the Internet protecting you from the big mean nasty gorillas riding around on the Information Highway An inbound firewall acts like a traffic cop that in the best of all possible worlds only allows good stuff into your computer and keeps all the bad stuff out on the Internet where it belongs An outbound firewall prevents your computer from sending bad stuff to the Internet like when your computer gets infected with a virus or has another security problem Vista includes a usable if not fancy inbound firewall It also includes a snarly hard to configure rudimentary outbound firewall which has all the social graces of a junkyard dog Unless you know the magic incantations you ll never even see the outbound firewall it s completely muzzled until you dig into the Vista doghouse and teach it some tricks Everybody needs an inbound firewall without any doubt Outbound firewalls are useful but they can be very hard to understand and maintain If you figure that you need an outboun
20. al network from getting at your shared folders and shared hardware devices But you also keep your computer from getting at shared folders and devices on the network Adding a program Some programs need to listen to incoming traffic from the Internet they wait until they re contacted and then respond Usually you ll know whether you have such a program because the installer tells you that you need to tell your firewall to back off If you want to tell Windows Firewall that it should let packets through if they re destined for a specific program follow these steps 1 Choose Start gt Control Panel Securitv and under the Windows Firewall icon click the Allow a Program through Windows Firewall link Click through a security box and you see the Windows Firewall Settings Exceptions tab refer to Figure 3 8 2 Click the Add Program button Windows Firewall displays the Add a Program dialog box as shown in Figure 3 9 Add a Program Select the program you want to add or dick Browse to find one that is not listed and then dick OK Programs inkeall a internet Explorer BE internet Explorer 64 bit i Mahjong Titans Minesweeper tii Purble Place e SnagIt 8 Solitaire B Spider Solitaire windows Anytime Upgrade Path wi ING SS Figure 3 10 Toopena port for anv packet that tries to use it type ina port number and specify whether it s TCP or UDP Mak
21. c and Private Networks Figure 3 6 Allow read only access to the Public folder with this setting Figure 3 7 You should probably choose No B Sharing and Discoverv Network discoverv e Off v File sharing e Off v Public folder sharing e Off A When Public folder sharing is on people on the network can access files in the Public folder at is the Public folder Turn on sharing so anyone with network access can open files Turn on sharing so anyone with network access can open change and create files Turn off sharing people logged on to this computer can still access this folder Apply Printer sharing e Off v Password protected sharing On v 4 Click the Turn On Sharing so Anyone with Network Access Can Open Files option Then click the Apply button Vista makes you click through a security dialog box and then presents you with a difficult choice see Figure 3 7 Sharing the Public folder requires Vista to make the computer available on the network so Network Discovery has to be turned on But in this case you re working with a public connection and public connections don t do Discovery So you have to decide whether you want to change the Public firewall settings so that every public connection allows Discovery and Sharing or whether you want to change this particular connection into a private connection which would automatically enable Discovery and Sharing on this conne
22. c network Customize Access Local and Internet Connection Local Area Connection View status R Sharing and Discovery Network discovery e Off v File sharing e Off vy Public folder sharing e Off x Printer sharing e Off Password protected sharing On Media sharing 8 On See also Internet Options Windows Firewall Show me all the files and folders I am sharing Show me all the shared network folders on this computer Changing individual network settings You can modify Windows Firewall settings for each connection by using the Network and Sharing Center I step through my recommended settings in Book II Chapter 1 but you can modify how much you want to share at any point Say for example that you want to allow people on your network to open files in your Public folder providing that they can supply a user ID and password on your PC Follow these steps to do that 1 Connect to the network that you want to change 2 Choose Start Control Panel Under the Network and Internet head ing click the View Network Status and Tasks link Vista shows you the Network and Sharing Center refer to Figure 3 5 3 To the right of the Public Folder Sharing line click the down arrow Vista expands the Sharing and Discovery pane to show you the Public Folder options see Figure 3 6 Book Ill Chapter 3 SPJEMIO4 pue spjemjoeg pema SMOPUIM 2 36 Using Publi
23. ction You probably want the latter 2 Network discovery and file sharing x 22 Do you want to turn on network discovery and file sharing for all public networks What is network discovery gt No make the network that I am connected to a private network Network discovery and file sharing will be turned on for private networks such as those in homes and workplaces gt Yes turn on network discovery and file sharing for all public networks Cancel 5 Click the No Change This Network to the Network Category Private Network and Allow Discovery and Sharing link Then click the red X to exit the Network Discovery and Sharing dialog box The changes take place immediately Starting Stopping and Goosing Inbound WF 237 Starting Stopping and Goosing Inbound WF MBER You may want to twiddle Windows Firewall on off or otherwise for any number of reasons The inbound Windows Firewall is on by default but if it gets turned off the little Windows Security Alert icon in the System Notification area next to the clock in the lower right corner of your screen should start pestering you relentlessly with Windows Firewall is turned off warnings It doesn t hurt to periodically check and be sure that your firewall is working by following these steps 1 Choose Start gt Control Panel Securitv and under the Security Center icon click the Check Firewall Status link You have to click throug
24. d firewall try to use Vista s and when you inevitably throw your hands up in disgust take a look at Microsoft s com petitors This chapter should help you through the minefield Comparing Firewalls Vista s inbound firewall works reasonably well It lacks many of the fancy features that you can find in competing firewalls but for most folks it s good enough 226 Comparing Firewalls WING RY On the other hand Vista s outbound firewall doesn t hold a candle to any of the commercially available firewalls These points explain why Competitive firewalls come with a built in passel of outbound default settings that help you get started without being tripped up by the most common outbound traffic By contrast Vista s outbound firewall has exactly zero built in settings You can train competitive firewalls by having them watch outbound traffic and then ask you to block or allow specific programs The firewall remembers your responses and over time reduces its level of intrusive ness Vista s outbound firewall on the other hand doesn t ask doesn t learn and doesn t care If you ve told Vista to block something in par ticular it won t get out of your PC if you haven t told Vista to block something it goes through Competitors attempt to put a decent interface on their firewalls The but tons and menus may be overly cute or convoluted but at least they try to organize the ou
25. e 3 17 Figure 3 17 You must choose the specific program that you want to block Coping with Vista s Outbound Firewall 2 4 7 New Outbound Rule Wizard Program Specify the full program path and executable name of the program that this rule matches Steps Rule Type Does this rule apply to all programs or a specific program Program Action All programs Profile Rule applies to all connections on the computer that match other rule properties Name This program path ProgramFiles intemet Explorer iexplore exe L Browse Example c path program exe ProgramFiles intemet Explorer iexplore exe Leam more about specifying programs lt Back Net gt Cancel 10 Click Next 11 12 13 The wizard asks whether vou want to allow the program to go through the firewall whether you want to allow it if it obeys something called an IPsec rule or whether you want to prohibit the program from getting out Click the Block the Connection button and click Next The wizard wants to know whether this rule applies to private networks public networks and or domain networks see the section Establishing a network type earlier in this chapter If you want to block IE from going out over a private connection select the appropriate check box Similarly to keep IE from going out over a public network connection select that check box Then click Nex
26. e Assistance check box when vou create an gas Assistance request see Book II Chapter 5 You can manually select the corresponding check box on the Exceptions tab to allow a service You can tell WF to let through any TCP or UDP packets on a specific port by clicking the Add Port button see the Adding a port section later in this chapter You type the port number tell WF whether you want to allow TCP or UDP and click OK and Windows Firewall adds the port to the exceptions list You can tell WF to let through any packet that s destined to a specific program by clicking the Add Program button see the next section in this chapter You pick the program and tell WF whether you want to allow communication from any address on the Internet from specific addresses on the Internet or only from your local network Click OK and the firewall allows packets destined for that specific program 240 Making Inbound Exceptions SA S U A Figure 3 9 Choose the program that s the designated receiver for inbound packets File and printer sharing works bv opening ports 139 and 445 for TCP over the local network and bv opening ports 137 and 138 for UDP on the local network See the section Speaking Your Firewall s Lingo earlier in this chapter for an explanation of TCP and UDP If you deselect the File and Printer Sharing check box on the Exceptions tab refer to Figure 3 8 you keep other computers on your loc
27. e and other pointing devices E Monitors amp Network adapters Other devices un Unknown device ln Unknown device a Ports COM amp LPT Bl El E c e E B El E E Processors lt gt Storage controllers J amp E System devices Universal Serial Bus controllers H Sound video and game controllers Bring up the video driver manufacturer s control panel Unfortunately this can be a bit tricky you may need to consult your video card or PC user s manual to see how to do this To bring up the NVIDIA control panel choose Start Control Panel click the Classic View link and then double click the NVIDIA Control Panel icon Ultimately you see a dialog box like the one shown in Figure 1 3 Click through to the dialog box that lets you choose which connectors to use The NVIDIA Control Panel requires you to click the Display icon and then another button to set preferences finally arriving at the dialog box shown in Figure 1 4 Set your display adapter to use the two displays independently NVIDIA calls it Dualview but regardless of the terminology the idea is that you have two independent pictures on the two monitors One may be an extended desktop for the other But you have to use the two sep arately so that computer stuff shows up on the monitor and video stuff shows up on the TV Figure 1 3 The NVIDIA Control Panel Figure 1 4 Tell the display adapter
28. ections check box long enough to print on a shared printer or to get at some data on your net work but you ll be essentially impenetrable whenever the Block All Incoming Connections check box is selected If you re connecting to a strange network say using a wireless connection at a coffee shop or in a hotel you can lock down while logged on and sip your latte with confidence Speaking Vour Firewall s Lingo 229 What s a stateful firewall At the risk of oversimplifying a bit a stateful packet allowed through the firewall comes firewall refers to an inbound firewall that from an expected location remembers A stateful firewall keeps track of packets of information coming out of your com puter and where they re headed When a packet arrives and tries to get in the inbound firewall matches the originating address of the incoming packet against the log of addresses of the outgoing packets to make sure that any Stateful packet filtering isn t 100 percent fool proof And you must have some exceptions so that unexpected packets can come through for reasons discussed elsewhere in this chapter But it s a very fast reliable way to minimize your exposure to potentially destructive packets Speaking Vour Firewall s Lingo At this point I need to inundate you with a bunch of jargon so that you can take control of Windows Firewall Hold your nose and dive in The concepts aren t that difficult although the lousy terminolo
29. emote Assistance appear as DIRemote Event Log Management MInamata Carina Mme ern men check boxes et on the Exceptions tab 4 Click OK to go back to the Security Center window Every port that you open to the outside world is a potential location for an attack Open ports sparingly and when you re done close them by deselect ing the appropriate check box in the Program or Port list go Co You can add only one port at a time If you need to add ports 418 419 420 FI and 421 vou have to click the Add Port button four separate times tvpe the lt 9 pertinent information four separate times and select four separate check boxes in the Program and Port list everv time vou want to block or unblock the ports Dude MBER KV Coping with Vista s Outbound Firewall 243 If you have a hardware firewall and if you use a router of almost any description you no doubt have one going full time you probably need to open the same port on the hardware firewall too You can find an enormous amount of detailed information for poking through every imaginable router at www portforward com routers htm Coping with Vista s Outbound Firewall ov l 04 Figure 3 12 Vou have to use the Microsoft Manageme nt Console to make changes to Vista s outbound firewall Vista s outbound firewall doesn t work look or behave anvthing like the inbound firewall Basicallv it s there and it
30. equire a surge protector But any brick located at the end of a power cord will invariably take up two or even three slots on a power strip A roll of masking tape and a fine point permanent ink marker You should mark the end of every cable as you connect it Wrap a piece of tape around the wire and write down where it s going That way when you look at a power strip with five plugs in it you can tell which one goes to your PC and which one goes to your TV You ll also be able to tell your left front speaker from the right side and center rear without pulling the speaker cable out from under the rug Rye COn Organizing the Normandy Invasion 62 3 If you save a snapshot of the final array of cables even if you only use your Webcam you ll have a good record of which cable went where in case your three year old nephew decides to pull a few cables off the back of the TV Those little plastic gizmos that bundle cables together They re cheap and they ll keep you from going nuts By the time you re done the back of your PC is going to look like a wiring bundle down the fuselage of a 747 Video cables that are long enough to go where they need to go Before you assemble the beast block out precisely where the PC will go where the monitor will go and where the TV if you have one will go Then figure out how long the video cables must be Then dig into the box and see whether the cables you have are long enough I bet
31. es they apply to all the connections on your PC On the other hand WF settings for outbound protection make the rules of cricket look like child s play WF kicks in before the computer is connected to the network Back in the not so good old days a lot of PCs got infected between the time they were connected and when the firewall came up WF has an inbound lockdown mode By selecting one fairly easy to find Block All Incoming Connections check box see Figure 3 1 you can lock down your computer so that it only accepts incoming data that has been explicitly requested by programs running on your computer Any attempt by outside programs to communicate with your computer gets rebuffed I show you how to find this check box in the section Starting Stopping and Goosing Inbound WF later in this chapter In practice that means you can use Internet Explorer to look at Web sites and you can send and receive e mail and use instant messengers as well as using printers and folders on your local network if you have one but most other online functions are locked out For example if you use the Internet to play games with other folks who are online or if you Book Ill Chapter 3 SPJEMIO4 pue spremyoeg JJEM9114 SMOPLIM 228 Understanding Vista Firewall s Basic Features Figure 3 1 The Block All Incoming Connections check box allows you to close all incoming traffic with a few clicks MBER KO amp c
32. ey where you might find some good tips that pertain to Windows Vista as well Good book that Don t hesitate to use your current sound system If you have a better sound system than the one that ships with your Media Center PC your old sound system accepts digital optical cable input and your Media Center PC has a digital optical output on the sound card or the mother board go right ahead and hook it up Also remember that you re under no obligation to attach everything If you don t want to run your television through the Media Center PC you don t have to Getting Windows in Gear The first time you start your new Media Center computer almost anything could happen Why Each manufacturer seems to have a different way of introducing you to the experience Making your video card acquiesce If your Media Center PC came with its own TV set if you re running videos on your computer monitor or if you already have things set up so that video stuff shows up on your TV and computer stuff shows up on your monitor breathe a sigh of relief and move on to the next section in this chapter to verify that your sound card is working right But if you want to connect both a TV and a computer monitor to your PC and haven t yet figured out how to get movies to play on the TV instead of in a window on your PC s monitor you have a bit of work to do Rye 04 Getting Windows in Gear 625 Here s how things work with an NVIDIA
33. g box and then double click Display Adapters You should see your display adapter listed as shown in Figure 1 2 Update your video driver To do so double click your display adapter click Continue to get through the User Access Control box click the Driver tab and then click the Update Driver button When Vista asks click the Search Automatically for Updated Software link Vista goes out to the Microsoft Web site to see whether a new video driver is available If it is the driver may be updated automatically and your screen may go black for a moment don t panic You may have to follow some other instructions to install the new driver Click OK to exit the Driver dialog box and then click the red X to exit Device Manager Reboot the computer Make sure that the TV is turned on and tuned to the correct input so that it can receive signals from your computer Rebooting probably isn t necessary in all cases technically but it s a good idea Book VIII Chapter 1 Jd 19 U9 eipa e Bunedaid 626 Getting Windows in Gear Figure 1 2 Device Manager tells you which video card you re using ay Device Manager rea File Action View Help e 9 mHE H m eRe SABAI Computer Disk drives 7 1 Display adapters ka lt 4 DVD CD ROM drives Floppy disk drives Floppy drive controllers oS Human Interface Devices Ca IDE ATA ATAPI controllers lt gt Keyboards A Mic
34. gy sounds like it was invented by a first year advertising student Refer to this section if you get bewildered when wading through the WF dialog boxes Book Ill Chapter 3 As you no doubt realize the amount of data that can be sent from one com puter to another over a network can be tiny or it can be huge Computers communicate with each other by breaking the data into packets small chunks of data with a wrapper that identifies where the data came from and where it s going On the Internet packets can be sent two different ways SPJEMIO4 pue spremyoeg JJEM9114 SMOPUIM UDP User Datagram Protocol is fast and sloppy The computer sending the packets doesn t keep track of which packets were sent and the com puter receiving the packets doesn t make any attempt to get the sender to resend packets that vanish mysteriously into the bowels of the Internet UDP is the kind of protocol transmission method that can work with live broadcasts where short gaps wouldn t be nearly as disruptive as long pauses while the computers wait to resend a dropped packet TCP Transmission Control Protocol is methodical and complete The sending computer keeps track of which packets it s sent If the receiving computer doesn t get a packet it notifies the sending computer which resends the packet Almost all communication over the Internet these days goes via TCP 230 Peeking into Vour Firewall SA S U A Every computer o
35. h a security dialog box Then the Windows Firewall Settings dialog box appears with the General tab showing refer to Figure 3 1 2 Following the recommendations in Table 3 1 choose the setting you need 3 Click OK and then click the red X to exit the Security Center window When you change the type of network from public to private and back using the method in the preceding section Vista changes entries in the Exceptions table It does not in effect select the Block All Incoming Connections check box because even with a public network some firewalled communication usually takes place If you want to lock down your inbound firewall and cut off all traffic through the firewall you have to open the Windows Firewall Settings dialog box and select the Block All Incoming Connections check box Table 3 1 Windows Firewall General Settings Setting Means Recommendation On Recommended Allow incoming packets that Use this setting except when you re conform to the stateful very concerned about locking criteria plus any specified down your machine on the Exceptions tab Block All Incoming Only allow packets that Use this setting to lock down your Connections conform to the stateful connection Other people on the criteria network can t get into your machine but you can t use printers or shared files on the foreign network either Off Not Allow all incoming packets If you absolutely have to ge
36. hance exists that somebody else connected to the network could go snooping or may try to shove infected files into your Public folder When you connect to a new network if you tell Vista that it s a private network Vista knows that it shouldn t make your PC visible on the network Domain networks are Big Corporate Networks client server domains If you take your laptop to the office and plug it in to a Big Corporate Network Vista recognizes the fact and automatically puts in place all the security that comes along for the ride Unlike private and public networks you don t get to tell Vista which kind of network you re using when you connect into a domain 232 Using Public and Private Networks Establishing a network type Each connection that you make gets associated with one of the three kinds of network private public or domain Say you have a laptop with a wireless connection You follow the instructions in Book IX Chapter 3 to set up a net work at home called SeaBreeze You also schlep the laptop to your friendly local Sandwich Shoppe and the Microsoft Bob Memorial Airport and you take it to work Vista identifies each of those four connections as public private or a domain network Here s how When you first make a connection to your home network Vista asks you what kind of network SeaBreeze might be You tell Vista that SeaBreeze is a private network in your Home see Figure 3 2 That way Vista allows
37. he oomph Media Center can rock your Book VIII o 2 3 gt Jd 134039 eipa e Hunedaid 628 Getting Windows in Gear ov 04 Figure 1 5 The Sound dialog box for the Realtek AC 97 Audio chip house off its foundation Kinda adds a new dimension to the old adage if the 599 house is a rockin Setting up a sound svstem usuallv entails matching up the audio card s out puts pink blue lime green black orange tutti frutti to the audio amp s inputs and then snaking a lot of wires over under around and through the room When vou re done the 64 000 question arises Did vou get the speak ers hooked up right Easy to ask Not so easy to answer Every sound card works differently but most of them can help you verify that the right plug on the back of the card is connected to the left er right speaker For example the Realtek AC 97 Audio chip which ships on many AMD motherboards can be tested in this way 1 Choose Start gt Control Panel gt Hardware and Sound gt Sound Vista opens the Sound dialog box like the one shown in Figure 1 5 x Sound aa Playback Recording Sounds Select a playback device below to modify its settings Speakers Realtek AC 97 Audio Working Configure t t Properties OK Cancel 2 Click the Speakers icon and then click the Configure button The Speaker Setup wizard appears as shown in F
38. igure l 6 3 Choose the kind of speaker setup vou have The diagram changes based on vour selection For example 5 1 Surround uses two front speakers two back speakers a center speaker and a sub woofer If you click 5 1 Surround the diagram on the right shows five speakers plus a subwoofer Figure 1 6 Test your speakers to make sure that they re hooked up properly Figure 1 7 Vista gives you a great deal of control over your sound 4 Getting Windows in Gear 62 9 Click the Test button to test each speaker in turn or click an individ ual speaker to make sure that it s properly identified If the wrong speaker sounds off you probably messed up one of the color coded connections on the back of the audio card Rearrange the cables and try try again Q Speaker Setup Choose your configuration Select the speaker setup below that is most like the configuration on your computer a La La Audio channels Mono Stereo P Test Click anv speaker above to test it Next Cancel m When you re done with a sound check you can further customize the speaker layout by clicking Next and work with the speaker configura tion dialog shown in Figure 1 7 Q Speaker Setup Customize your configuration Check the boxes below to indicate which speakers are present in your surround configuration EW a P Optional speakers 7 Center V Subwoofer e pa v
39. ing Inbound Exceptions 241 3 Pick the program that s designated to receive unsolicited packets from the Internet Realize that vou re opening a potential albeit small securitv hole The program vou choose better be quite capable of handling packets from unknown sources 4 Click OK twice to go back to the Securitv window Adding a port Adding a port to the exceptions list is inherently less secure than adding a program Why Because the bad guys have a hard time guessing which programs vou ve left open thev have a whole lot of programs to choose from but probing all the ports on a machine to see whether anv of them let packets go through is comparativelv easv Still vou mav need to open a port to enable a specific application When vou select the check box to allow Remote Desktop for example vou re opening port 3389 That s the securitv price vou pav for enabling programs to talk to each other Follow these steps to open a port 1 Choose Start gt Control Panel Securitv and under the Windows Firewall icon click the Allow a Program through Windows Firewall link Vou get vet another securitv box Click the Continue button and vou see the Windows Firewall Settings Exceptions tab refer to Figure 3 8 2 Click the Add Port button Windows Firewall displavs the Add a Port dialog box as shown in Figure 3 10 Add a Port ex Use these settings to open a port through Windows Firewall To find the port number
40. irewall if they can be matched with an outgoing packet dn other words WF works as a stateful inbound firewall If your computer is attached to a private network Windows Firewall allows packets to come and go on ports 139 and 445 but only if they came from another computer on your local network and only if they re using TCP Windows Firewall needs to open those ports for file and printer sharing See the next section of this chapter for the details about different network types Similarly if you re attached to a private network Windows Firewall automatically opens ports 137 and 138 for UDP but only for packets that originate on your local network If you ve specifically told Windows Firewall that you want it to allow pack ets to come in on a specific port and the Block All Incoming Connections check box isn t selected WF follows your orders You might need to open a port in this way for online gaming for example Using Public and Private Networks 2 3 1 Windows Firewall allows packets to come into your computer if they re sent to the Remote Assistance program unless the Block All Incoming Connections check box is selected providing that you created a Remote Assistance request on this PC and told Vista to open your fire wall see Book II Chapter 5 Remote Assistance allows other users to take control of your PC but it has its own security settings and strong password protection Still it s a kno
41. ity snap in and enable it for the local computer 2 Choose File gt Add Remove Snap in Scroll way down to the bottom of the Available Snap ins list choose Windows Firewall with Advanced Security and click the Add button MMC responds with the Select Computer dialog box see Figure 3 13 3 Make sure that the Local Computer option button is selected and click the Finish button Then click OK in the Add or Remove Snap ins dialog box Windows Firewall with Advanced Security appears in the Microsoft Management Console dialog box D Double click either of the two Windows Firewall with Advanced Security lines The Windows Firewall with Advanced Security WFWAS dialog box appears see Figure 3 14 Note how the WFWAS snap in maintains three separate profiles one each for public networks private networks and domain networks see the section Establishing a network type earlier in this chapter Add or Remove Snap ins c You can select snap ins for this console from those available on your computer and configure the selected set of snap ins For extensible snap ins you can configure which extensions are enabled Available snap ins Selected snap ns Snap in Vendor a IB Console Root Edit Extensions NAP Client Configur Microsoft Cor a Performance Diagno Microsoft Cor BE Reliability Monitor Microsoft Cor Resultant Set of Policy Microsoft Cor ove Up B Securitv Configurati Microsoft
42. n a network has an P address The IP address is a collection of four sets of numbers each between 0 and 255 For example 192 168 1 2 is a common IP address for computers connected to a local network the com puter that handles the Dummies com Web site is at 208 215 179 139 I tend to think of the IP address as analogous to a telephone number Peeking into Vour Firewall When vou add a firewall and vou should vou change the wav vour computer communicates with other computers on the Internet This section explains what Windows Firewall is doing behind the scenes so that when it gets in the way you understand how to tweak it You find the ins and outs of working around the firewall in the section Making Inbound Exceptions later in this chapter When two computers communicate they not only need each other s IP address but they also need a specific entry point called a port I think of it as a telephone extension number to talk to each other For example most Web sites respond to requests sent to port 80 There s nothing magical about the number 80 It s just the port number that people have agreed to use when trying to get onto a Web site s computer If your Web browser wants to look at the Dummies com Web site it ll send a packet to 208 215 179 139 port 80 Windows Firewall works by handling all these duties simultaneously It keeps track of outgoing packets and allows incoming packets to go through the f
43. onnect to your computer at work locking down your PC prevents you from connecting A lockdown even shuts down any connection to other computers or printers or other shared devices on the network That s great if you re connecting in an airport and don t want other travelers to get at your Shared Documents folder But it s a real pain in the neck in your home or office Windows Firewall Settings x General Exceptions Advanced LeoaTTTTTTTTTT Windows Firewall can help prevent hackers or malicious software from gaining access to your computer through the Internet or a network iV On recommended This setting blocks all outside sources from connecting to this computer except for those unblocked on the Exceptions tab 7 Block all incoming connections Select this option when you connect to less secure networks All exceptions will be ignored and you will not be notified when Windows Firewall blocks programs wy Off not recommended old using this setting Turning off Windows Firewall will make this cbmputer more vulnerable to hackers or malicious software Tell me moreja Check this box and click OK to shut down all incoming traffic If vou hear about a new worm making the rounds vou can easilv lock down vour computer for a dav or two and then go back to normal opera tion when the worm stops ping ponging over the Internet You might need to deselect the Block All Incoming Conn
44. operties Getting Started Authenticate communications between computers Specify how and when authentication occurs between computers A connection security rule alone does not allow connections To allow a connection you must create a firewall rule E Connection Security Rules View and create firewall rules Create rules to allow or block connections to specific programs or ports You can further restrict connections based on criteria such as whether the connection is authenticated or the users or groups who are initiating the connection ff a connection does not match a specified rule the default behavior applies E Inbound Rules E Outbound Rules Resources Getting started w FA Intrnduictinn tn sanrar and damain ienlatinn E Documentation overview PA Nizannetine and ti ihlashnntina Actions Windows 4 ep Impor Expor Resto View New B Refre Prop B Help 5 In the Getting Started box under View and Create Firewall Rules click the Outbound Rules link WFWAS responds with a list of all the predefined rules known to Vista and many of them exist see Figure 3 15 Don t mess with these rules One mistake can lead to Dante s Seventh Ring Trust me on this a Console1 Console Root Windows Firewall with Advanced Security on Local Computer Outbound Rules
45. reen somewhere in the middle you re going to find out a lot more than you ever wanted to know about Dolby 7 1 IR blasters and DVI connectors In fact one of the very best rea sons for buying an MC component system from a local store is that you can hire the company that sold you the unit to put it together for you Not long ago a friend of mine told me that he was getting out of the com puter business because it s just gotten too complicated He made that announcement you guessed it immediately after assembling a Windows Media Center PC Of course he built it from scratch Definitely a fool s task Media Center PCs combine all the frustrations of assembling a complicated PC with the joys of figuring out how to attach your satellite box where to hook up the speakers which stack of books to stick under the TV how to keep all the wires from pulling each other out and what to do with the subwoofer The only saving grace You don t have to worry about a VCR Probably Do Vou Need Media Center If you have to ask the question you don t Media Center ships in Windows Vista Home Premium and Ultimate editions If you have Home Basic or either of the Business editions you might wonder whether it s worth the bucks to upgrade 6 20 do Vou Need Media Center Media Center draws people in with its incredible interface its power its seductive immersive multimedia capabilities its position as the physical and logistical
46. rnet Discovery of other computers and devices is limited Home or Customize the name location type and icon for the network Work or Help me choose Public network l Cancel MBER KW Figure 3 3 Vista s Network and Sharing Center lets vou switch from private to public network settings and vice versa Using Public and Private Networks 233 Each connection has its own Windows Firewall settings By telling Vista whether a connection is private or public you re actually telling Vista which bunch of Firewall settings to use initially When you first tell Vista that a wireless network is private it applies the private firewall settings to the connection When you tell Vista that a net work is public it applies the public settings After those initial settings are in place you can modify specific Windows Firewall settings for that connection Changing network types You can change a network from public to private or vice versa To do so follow these steps 1 Connect to the network that you want to change For example if you want to change your laptop s connection on your home SeaBreeze network from private to public run back home and connect to the SeaBreeze network 2 Choose Start Control Panel Under the Network and Internet head ing click the View Network Status and Tasks link Vista opens the Network and Sharing Center shown in Figure 3 3 lela jees
47. t The last step of the wizard asks you for a name for the rule and gives you space to type a description In the Name box type something descriptive like Block IE Type a description if you like and then click Finish WFWAS puts your new rule at the top of the list see Figure 3 18 The new block takes effect immediately Book III Chapter 3 SPJEMIO4 pue spjemjoeg JJEM9114 SMOPLIM 2 48 Coping with Vista s Outbound Firewall Figure 3 18 The rule blocking IE appears at the top of the WFWAS list IBA Consolet Console Root Windows Firewall with Advanced Security on Local Computer Outbound Rules l 16 ima i File Action View Favorites Window Help OIE 20210 ii Console Root Name Group Profile Enabled Action Program Local Ad Actions a Windows Firewal a KG Inbound Rul O Block IE Any Yes Block Progra Anv Outbound a ound Rule Outbound Ru Qas Peercaching Content Out BITS Peercaching Domai No Allow System Any iy New u Connection s B BITS Peercaching WSD Out BITS Peercaching Domai No Allow System Any B Monitoring Connect to a Network Projector TCP Out Connect toaNe Domain No Allow System Any Y Filter gt connect to a Network Projector TCP Out Connect to a Ne Private No Allow System Any Y Fiter gt Connect to a Network Projector WSD Eve Connect to a Ne Domain No Allow System Any Tik k connect to a Network Projector WSD Eve Connect to a
48. t commercial firewalls have a long list of good programs If they detect the presence of a good program they poke a hole through the fire wall for you You re left with a brief but intense training period where you have to approve each new unidentified program that s trying to get out and where you have to track down every outbound request that looks suspi cious It isn t easy but it is tractable Vista s firewall doesn t work that way You get to do all of the heavy lifting And you get to perform that work with a user interface the Microsoft Management Console that has been known to bring accomplished system administrators to tears If you have a specific program that you want to block Windows Firewall can do the job But for anything other than blocking the outbound actions of a small number of targeted programs Vista s outbound firewall rates as a marketing point Yes Vista has an outbound firewall and little more Chapter 1 Preparing a Media Center PC In This Chapter 1 Figuring out where all those wires go Connecting your TV Surrounded by sounds B the time vou finish putting together vour first Windows Media Center MC system you may swear off assembling PCs ever again If you can get it all in one box you have it made But the minute you start mixing and matching adding home theater sound here slapping around a set top TV box there and wedging that 120 inch LCD sc
49. t your Recommended computer talking to another computer you may be forced to use this setting But if you do be very mindful of the fact that you ve let your guard down completely and turn Windows Firewall back on the moment you can Book Ill Chapter 3 SPJEMIO4 pue spaemyoeg JJEM9114 SMOPUIM 238 Making Inbound Exceptions goP Coy l 8 Making Inbound Exceptions Firewalls can be absolutely infuriating You may have a program that s worked for a hundred years on all sorts of computers but the minute you install it on a Vista machine with Windows Firewall in action it just stops working for absolutely no apparent reason When you install a third party firewall it usually asks for permission to dis able the Windows Firewall Running two firewalls at once is very tricky I sug gest you choose just one firewall and stick with it You can get mad at Microsoft and scream at Windows Firewall but when you do realize that at least part of the problem lies in the way the firewall has to work See the section Peeking into Your Firewall earlier in this chapter for an explanation of what your firewall does behind the scenes It has to block packets that are trying to get in unless you explicitly tell the firewall to allow them to get in And perhaps most infuriatingly WF has to block those packets by simply swallowing them not notifying the computer that sent the packet Windows Firewall has to remain
50. tbound settings in a reasonable fashion As you can see in the section Coping with Vista s Outbound Firewall later in this chapter Microsoft has done almost nothing to make Vista s outbound firewall easy to use Quite the contrary The inbound and outbound fire walls look like they came from two different planets Which they did Microsoft says it disabled Vista s outbound firewall because corporate customers demanded it That seems mighty disingenuous to me because companies running Active Directory pull all the strings on their users desk tops anyway I think Microsoft had many reasons for making the outbound firewall so infernally hard to use not the least of which is the fact that enforcing almost any kind of outbound firewall would ve driven Microsoft s support demands through the roof Hardware firewalls Most modern routers and wireless access points include significant firewalling capability If you have a choice between connecting your computer directly to a cable modem typi cally via a USB port and going through a router typically using a local area network LAN connection or a wireless connection choose the latter Routers and wireless access points add an extra step between your computer and the Internet That extra jump called Network Address Translation combined with innate intelligence on the router s part can provide an extra layer of protection that works independ ently from
51. the network by some programs may be restricted Private This allows you to see computers and devices while making your computer discoverable Help me choose Figure 3 4 Network Icon Mu l Change Make the Merge or delete network locations switch to public here Ned Cancel QGMBER 4 Choose either Public or Private Remember that Public is more restricted than Private The terminologv can be a bit confusing Click OK You may have to click through a User Access Control security dialog box but in the end Vista changes the categorv to Public Vista advises vou that it has successfullv set vour network settings Click Close You see the new Network and Sharing Center settings as shown in Figure 3 5 Note how Network Discoverv in particular has been turned off Click the red X to exit the Network and Sharing Center The new firewall settings take effect immediately Figure 3 5 The new more stringent Public firewall settings as seen through the Network and Sharing Center Using Public and Private Networks 235 GO Network and Internet gt Network and Sharing Center 4 Search p a Network and Sharing Center View computers and devices View full map Connect to a network Set up a connection or network f Aqli Manage network connections SANUK SeaBreeze Internet Diagnose and repair This computer ki SeaBreeze Publi
52. which connectors to use Getting Windows in Gear 627 S NVIDIA Control Panel File Edit View Help G A fid Advanced View v e Select a Category Help N Contents Index Search Contact NVIDIA Recent Tasks a Z mi Change displav configuration z ai 3D Settings Displav Configure 3D performance and Setup displav resolution multiple picture quality settings displays photos and video support For Help press F1 Change Display Configuration lii NVIDIA nView technology allows you to specify how you would like to use your multiple displays Clone is great for presentations and Dualview is perfect for a larger desktop 1 Choose the nView display mode to use Only use one display Single The same on both displays Clone Configured independently from each other Dualview i n a EJ 2 Select the displavs vou would like to use 1E analog Display 0 Tv 0 gt B Wy display is not shown in the list 3 Select the display you want Windows to use as primary AE Analog Display o z 8 Click OK as many times as necessary to exit the Control Panel and then reboot your computer Again a reboot may not be absolutely necessary but it wouldn t hurt Congratulations Your Media Center PC can now see double Setting sound straight Modern audio cards produce phenomenal sound If you have a home theater that is audio system to provide t
53. wn security hole that s enabled when you create a request You can tell Windows Firewall to accept packets that are directed at spe cific programs Usually any company that makes a program designed to listen for incoming Internet traffic Skype being a prime example as are any instant messaging programs adds its program to the list of desig nated exceptions when the program gets installed Unless an inbound packet meets one of the preceding criteria it s simply ignored Windows Firewall swallows it without a peep Conversely unless you ve changed something any and all outbound traffic goes through unobstructed Using Public and Private Networks Ae Vista helps simplify things a bit by providing three different collections of security settings actually inbound Windows Firewall settings each identified with a prototypical type of network Book III Chapter 3 Private networks include peer to peer workgroup networks that are under your control such as the kind you might set up following the instructions in Book IX Chapter 2 You can let your hair down a little bit when you re on a private network When you connect to a new network if you tell Vista that it s a private network Vista opens your computer so that others on the network can see it SPJEMIO4 pue spjemjoeg JJEM9114 SMOPUIM Public networks include networks that vou don t control airports Internet cafes hotels where a very real c
54. xplain what this is for Beer does in a pinch Working with Media Center s shortcomings Every Media Center PC goes together a bit differently and the instructions for most systems anyway cover the details pretty well In my School of Hard Knocks surveys several readers have offered a few key assembly tips that overcome several of Media Center s shortcomings Book VIII Chapter 1 Jd 19 U9 eipayy e Guredoiq 62 4 Getting Windows in Gear RLA Media Center as of this writing doesn t allow you to watch one TV show while recording another one If you ever find yourself in a posi tion where it d be worthwhile to watch one show while recording another consider using an old trick Split the input line Run one set of cables from the cable box to the Media Center PC But run a second set of cables from the cable box straight to the TV and attach the cables to the Video 1 or AUX input To watch live TV just switch the TV over to Video 1 ignoring the Media Center PC Media Center doesn t work with VCRs You can think of it as benign neglect I think of it as a failure to accept ubiquitous legacy hardware Potato potahtoe you know At any rate you can still hook up your VCR and Media Center can be uh coaxed into recording directly from your old videotapes The process is not for the timid but it s covered in depth in Windows XP Media Center Edition 2004 PC For Dummies by Danny Briere and Pat Hurley published by Wil
Download Pdf Manuals
Related Search