Just been setting up another computer, one which will be using the windows firewall. I manually disabled the firewall and then permanently blocked the attempt when regdefend alerted me. Is this sufficient to protect the windows firewall from termination by malware?

Unfortunately I've never looked at how exactly the windows firewall "works" but the "Application Layer Gateway" service or alg.exe seems to be involved (going by the description of it). So you'd want to protect that EXE from expiring, although I have a suspicion the firewall would still work without it. Either way the windows firewall is rather easy to "circumvent" so I wouldn't be using it in a way you are discussing.

All you really need in these days of routers being the standard is some kind of application network firewall (like AppDefend has). The rest just complicates matters if you have a router. You only really need to block a port once. :)

I just took a quick look and found this which might interest you. Some registy stuff to protect with RegDefend if you still want to go down that path. :)

http://www.governmentsecurity.org/archive/t13830.html

This particular setup is only using a usb adsl modem which has no firewall built in so for ease of use i was going to use the windows firewall. Appdefend is taking care of the outbound connections. I am wondering if it might be worthwhile using ghostwall, can this be protected from termination with gss?

-{ Quote: "This particular setup is only using a usb adsl modem which has no firewall built in so for ease of use i was going to use the windows firewall. Appdefend is taking care of the outbound connections. I am wondering if it might be worthwhile using ghostwall, can this be protected from termination with gss?" }-

GhostWall would work great, as long as that computer isn't used as a gateway (there exists a problem with the documented firewall method GW uses due to Microsoft). GhostWall doesn't need the .EXE running to actively protect your computer either, just the .SYS driver. So it's rather safe from "termination".

Cool, thanks for the helpful advice.
I had been using ssm and ps for the last few weeks but i have switched back to gss, its ease of use, lightness and stability are amazing.

-{ Quote: "I just took a quick look and found this which might interest you. Some registy stuff to protect with RegDefend if you still want to go down that path. :)

http://www.governmentsecurity.org/archive/t13830.html" }-

Hi Jason, interesting link you have found.
You migth be interested to know that regdefend already cover that part of the registry using the tony ruleset.

I beleive it fall under that rule
HKEY_LOCAL_MACHINE\System\*controlset*\Services\Sharedaccess\Parameters\Firewallpolicy**

-{ Quote: "Hi Jason, interesting link you have found.
You migth be interested to know that regdefend already cover that part of the registry using the tony ruleset.

I beleive it fall under that rule
HKEY_LOCAL_MACHINE\System\*controlset*\Services\Sharedaccess\Parameters\Firewallpolicy**" }-

Yeah I should have checked if the custom rulesets already covered that, good find f3x. There is some good info on that page though for curious people. :)