Windows 7 Built in Firewall

I'm using the firewall that comes with Windows 7. I have it set to block all incoming programs including those on the allowed list. I've also disabled all inbound rules. I'm finding the firewall is working without any problems but is it secure enough?

 

First, the WIN 7 firewall is a "basic" firewall.

It does not include many of the 'bells and whistles" found on third party firewalls such as denial of service(Dos), packet protection, ARP protection, etc. If your behind a router with a good built-in firewall, some of these additional protections can be provided by the router such as DoS, handling of fragmented packets. etc.

It does offer "statefull inspection" and windows service hardening(WSH) that many third party firewalls do not have. In default configuation it passes all stealth ports tests.

It also offers excellent IPv6 protection especially pertaining to the various tunneling protocols.

It's primary weakness is outbound protection. By default it allows all outbound traffic. As long as your PC is malware free, allowing all outbound traffic is OK. Turning on outbound protection will block all outbound traffic except for the default rules provided by Microsoft. You will not receive any notifications for blocked outbound traffic and must refer to its log which by the way also has to be enabled to find out what was blocked. Also configuring outbound rules for all required system services that require outbound connections is difficult since many are hidden services that cannot be configured using WSH guidelines i.e. creating a firewall rule for a given svchost.exe service. The effects of allowing all outbound traffic can be mitigated somewhat by using a stand alone HIPS like AppGuard or AV/anti-malware software that has a good behavior blocker.

For what it is worth, I am using the WIN 7 firewall behind a commercial grade router using Emsisoft Anti-malware paid version and am pleased with the combination. Emsisoft's Manutu behavior blocker is quite good at detecting possible undesirable outbound connections. Of course, it fails the standard leak tests since it detects their behavior as benign.

 

You should at a minimum allow the "core" inbound rules for each profile. If your the paranoid type, select the WIN 7 public profile which only allows the core rules. The public profile should also be used for all wireless connections.

 

Speaking of blocking all inbounds, what's the benefits/risks of doing that? On Online Armor if I block all inbounds I can't connect to the internet. In Comodo I can block all inbounds with no problem. In Windows built-in FW I can't connect only when I was using LAN port, but wireless is just fine. Is it really worth it to do that?

 

Itman, thanks for your help on this. My pc is malware free and I'm using AppGuard and Exe Radar Pro so I've got the HIPS side of things covered. I'm also behind quite a solid router so by the sounds of it, I think I'm ok. I will have to look at allowing some of the core networking as incoming but as I've mentioned I've literally not had any problems. I'm getting all my updates etc.