Windows 7 64 bit; Windows firewall or third party firewall ?

Soon I'll have my new Windows 7 64 bit system.

What's the best choice: Windows' native firewall or a third party firewall ?

Pros and cons ?

I don't like applications phoning home, and I don't like Windows phoning home either. Is it possible to control the latter effectively with a third party firewall ?

What about Proxomitron or something similar ? I'm not a techie and I can't create my own rulesets !

 

Because you are specific in what you want to achieve, blocking apps (including Windows own) I would say you are better served with a 3rd party firewall. Built-in firewall is just as good but not so easy to configure. Be careful when you block Windows communication as you can easily end up crippling your system communication wise. You will need to learn how and what to block though, pre build rules are only good to certain extent. Proxomitron is not used to block apps but rather to cleanup/scrub http traffic of scripts, adverts etc etc.

 

If you disable Windows Update, there shouldn't be anything else phoning home to MS. Except for WMP probably.

I use the Win7 firewall and Win7 Firewall Control Plus (from sphinx-soft) and i can say that all my internet related activities feel much lighter than with 3rd party firewalls i 've tried (yesterday i installed Outpost). CPU usage is very low.

You can try Win7 Firewall + Win7 Firewall Control FREE. The main limitation of the free, is that it doesn't filter outbound connections started in the C:Windows directory. But you can have the Win7 native firewall running too at the same time.

Maybe PC Tools Firewall can be light too, i don't know though, haven't tried it on Win7.

From what i see, if you disable WinUpdate automatic service (you can activate it manually anytime you like), you 're safe about phoning home. WMP i believe can be blocked with Win7 Firewall Control Free.

In case you don't mind the rather steep price, you can purchase a Plus license. You will forget about need for 3rd party firewalls and ensure 100% compatibility (it uses the native windows filtering engine). It has preset rules for many occasions and gives a hint , which is usually pretty good for common applications. You may want to give it a try.

 

You said you can''t make your own rules, but there is an excellent guide on Wilders. What you could do is read this thread of Stem https://www.wilderssecurity.com/showthread.php?t=239750 and see whether you understand it.

The issue with Windows (excellent) native firewall is that it won't pop-up when a new program initiates an outbound connection.

To overcome this, you can install the freebie Windows 7 firewall control before enabling outbound control in the native Win7Fw. Next start all your internet facing aps and programs needing updates, decide for yourself which you want to grant outbound (or in and outbound).

Open Win7FEControl monotor and write down all the applications you have allowed outbound or all (in + out). De-install Win7FWControl free.

Add all the programs you wrote down to the Win7 FW native one by one using Stem's guide (explained at part where you recognise picture below).

You can check windows services with (also Post of Stem) this info https://www.wilderssecurity.com/showpost.php?p=811957&postcount=2

Regards Kees

 

I also like the idea to use windows firewall only on Win 64. This is really a very good firewall but unfortunately not as user friendly. It's much easier to control the traffic through third party firewall than with WF especially considering that windows' "calls home" frequently use "multy-purpose" windows net interfaces like "svchost". It's more likely you should use IP control than app blocking to block windows from calling home. The problem is Windows have "many homes" around and you should figure all of them out. For that purpose, as I said, it's more convinient to use a third party firewall considering you want to block not windows only. You could disable some windows services but you should know wich ones plus other programs...
Just thought you could block everything through WF and allow only thouse you want, but some services like windows time synchronisation needs internet too and if you have a local home network, things become more complicated.