Hi I am really looking into the windows firewall because it is simple, light and does what I want... The only problems I have with it are these 2: 1: There is an API to control the firewall settings... So even if you block everything but exception in the outgoing rules, an app could use the API to make a rule and allow itself... Doesn't it just break any security aspects of the outgoing firewall?? Also, I can't find a way to log blocked outgoing connections... is there a way?? What do you think about this? Thanks Alex
WFP is only one part of several to protect windows against intrusion. And there is more than one interface for WFP: https://www.wilderssecurity.com/showthread.php?t=255224 My favorite these times is malware defender - its a HIPS based programm which also allow/controls access to important system parts. To set the WFP for intrusion it hast to pass the MD hips - however.
Well, I only want to think about the firewall... I will think about the other components later... Thanks Alex
Well, I just don't like HIPS and my question was about the windows firewall... This is not the only way I protect my computers. On my computer I will do the following: -Do all the updates (of course) -Microsoft Security Essentials -M0n0wall-based firewall -Disable any windows feature I don't use -Disable autorun -Look 'n Stop as my firewall -Firefox with Noscript, adblock and no plugins or ad-ons like flash. But I only use scripting on my banking website. -Only use a standard user account, never admin -NX bit support set to AlwaysON -Use of 64 bit vista or seven (so, patchguard and signed-only drivers) I probably forgot something there... But, the only way something could get on my machine is by using firefox... And since I am always updated, I only go to legitimate and legal websites, and most of all, I don't use any plugin or extension and browse without javascript, I guess the risks are sort of small On my friends machines I do the same, but I use Nod32 instead if they want to pay for an AV. But since I have no control of what they will install and do on the web, they sometimes can get infected... But it dosen't happend very often since I also explain the risks and what not to do... Alex
On top of that, there are APIs that will disable (or enable) Windows firewall altogether. It does, but Windows firewall is implemented as NDIS. In order to do use APIs, an app must run with admin privileges, which in itself breaks the whole security aspect. That's what I'm saying. Cheers,
the windows firewall is using a NDIS driver I thought it was only using the new WFP... Of course I think about the new vista and 7 firewall... not the xp one...
