One area where you can see a visible improvement is in the new Windows Firewall (Figure 6). The new firewall combines Vista with IPsec and provides management of both incoming and outgoing connections (in XP you could only manage incoming).
Figure 6: Windows Vista Firewall
Connection Security Status offers a wealth of connectivity functions, though, like everything else in Vista, they've all been given Disney names. This is probably the only place within Vista where you'll actually be able to see a real improvement instead of just a bunch of fancy new menus that are only going to slow you down.
I had been working with Vista for quite some time while preparing this article. So I decided to check out the firewall logs since I didn't see any kind of window where you could actually monitor firewall activity. The logs are located all the way at the bottom of the Windows Firewall main menu under "Monitoring."
Monitoring provides sort of an overview of your incoming and outgoing firewall connections. If you have a specific secure location (like a VPN tunnel or something.) then it can be displayed under "View active connection security rules".
The log file is right in the middle of the Monitoring window under "Logging Settings" and lists the file name C:\Windows\system32\firewall\pfirewall.log. But when I clicked it, I received a cheery C:\Windows\system32\firewall\pfirewall.log does not exist. Would you like to create this file?
Uh, yeah. And could you create the information that's supposed to be there from the past week or so of use while you're at it? I was (unpleasantly) surprised to find that the log does not keep track of dropped packets or successful connections by default, nor can you just turn them on from the Monitoring window. You have to return to the Windows Firewall main menu, select "Windows Firewall Properties" and turn them on from there. But when I did that... wonder oh wonders:
Why would turning on firewall logging actually turn the firewall off? Maybe it was just a fluke. But a hell of a fluke to run into if you're getting bombarded by unwanted connections and you want to turn on logging (which is the only way I see that you can find out where the hits are coming from).