Windows Firewall.

Would just like to ask for some opinions on the windows 7 firewall please.
Is it a good firewall to use.I know it doesnt have any form of outbound control unless other software is used ,but if my system is clean then this should not be a concern i hope.
Many Thanks for any suggestions or opinions.

 

Thats all I use is windows Firewall and never an issue with security,conflicts or slow down and if your behind a router Firewall even better.However,You can use The advanced firewall control with no third party needed.See Here.http://www.howtogeek.com/112564/how-to-create-advanced-firewall-rules-in-the-windows-firewall/ More painstaking then third party firewalls but well worth the time and can be pretty powerful when done correctly.

 

I use Windows Firewall since Windows Vista came out and never had a problem with it. This is why I started to develop WFC, because I saw the potential of the native firewall. The rules that you can define can be very customized. If you are not heavily active on the warez websites and trying 20 cracks per day, then Windows Firewall is enough.

 

Thank you very much.

 

Your very welcome.

 

If you search in the Forum, you' ll find conflicting opinions. Hope that they won't confuse it and they can help.

 

There's "conflicting" opinions about most things.

Bottom line is that the Windows firewall is a very good firewall and when combined with a front end like WFN (Windows Firewall Notifier) there is no real reason to run a 3rd party firewall.

 

Actually, yes it does. I found the application rule setting actually very simple, and comprehensive for it when I played around with Win7, with no front end whatsoever. There were even some things I preferred over Comodo about it. I was expecting this nightmare going into it, and afterward was wondering to myself... "what was all the fuss about?"

It was actually one of the few things I liked about Win7. If I ever upgrade the FW will be the least of my concerns. Now the services you must grant access through the thing to to have an internet connection... another story entirely.

 

I would like to use avast antivirus but it doesnt seem to play well with most firewalls and windows firewall appears to be one of them.

 

It's the Web Shield in particular that doesn't play well with outbound FW's. Comodo supposedly fixed the problem with the 5.12 update, so I would assume v6 has the problem addressed as well. So that'd be what I'd use in concert with Avast.

If you don't use the Web Shield then any FW will suffice.

 

Im using the entire comodo suite and i really like this program.its presentation etc.
Unfortunately there appears to be a vulnerability in the virtual environment but im not too concerned as i hardly use it.
Maybe its time for me to stop swaying from one program to another and just stick with what actually works and doesnt screw things up.
Im getting too paranoid about security lately lol.

 

Absolutley.IMO I think a lot folks under estimate the power of windows 7 firewall.

 

Not just the Win7 FW, Windows FW period, ever since XP. I remember so many people telling me... you HAVE to use a 3'rd party FW and disable the built in XP one... it's so weak. Yet every port scan test I did showed me that the native XP FW was stealthing (all) my ports perfectly fine. Even some paid FW's didn't accomplish that feat. And it even passed the GRC echo reply portion, which I found several 3'rd party FW's failed. So I never quite understood the hate directed toward it.

Don't get me wrong, a closed port is just as good as a stealthed one. And the echo reply portion of Shields Up, one could almost call FUD, but I'm just saying... based on widely accepted criteria for what makes a good inbound FW, the XP one was top shelf. Not to mention as light as it gets.

 

Quick question, is WSA AV firewall enough as a outbound? I know that it acts like a program guard. That's one of the reasons I added OA.

 

I have just been reading a thread by stem a firewall expert on the windows firewall and i have to say it looks the most configurable firewall ever.
I never realised just how much control you can have over applications with this firewall and admittedly i have overlooked the true power of the windows firewall.

Upon looking in at the avast forum it would appear that in some future version of the program they are removing the web shield proxy and replacing it with other technologies so the issues people were having should hopefully be resolved in the near future.

 

I didn't see that post but I have to agree with the main gist re. Stem. I was really surprised by how granular the rule setting was for apps. after all the horror stories I'd heard in here.

And regarding network traffic, things like svchost and the difficulties fine tuning the filtering for them... I believe that's a dilemma inherent to the OS itself. The FW can only make lemonade with the lemons it's given in that regard. I wasn't exaggerating when I said there were things about it I preferred over Comodo. I could make the argument that it was more granular due to it's ability to handle multiple, single IP addresses in the same rule. I could accomplish in 1 rule what it took me 2 rules to do in Comodo. For example granular handling of DNS.

Windows FW has always taken an unfair beating, IMO, since it's inception. If I were running Win7 I wouldn't be looking for any 3'rd party FW. And if I only wanted inbound control on XP, I wouldn't either.

 

I believe that's a healthy realization to come to. I think you're making a good decision with the native Win7 FW. How often do you download things? If the answer is often... then go with a real-time AV by all means. If it's infrequent on the other hand, maybe you can just hit it up with VT Hash Check before recovering it from your sandbox? Either way I'd recommend having VTHC on hand, as a 2'nd (and 45'th) opinion, lol. You could even get away with using MSE if you utilize VTHC & SBIE well. Since it's footprint is almost non-existent on Win7.

Harden your OS/browser with a few measures as you see fit. You've got a good native imaging solution in place already.

Add EMET 3.0 too "if" you like. As I don't think 3.5 is a final release I wouldn't recommend it. Along with Smart Screen Filter & MSE, good 0-day protection/prevention in place now. And all 1'st party/integrated as well (including your FW), so very light and stable, little chance of conflicts.

And you're good to go really... no gene splicing here. If I were running Win7 that's how I'd roll anyway.

 

@luciddream.

Thank you so much for your time and advice.
All the best.

 

I've always found this app useful for adding outbound rules to win 7's firewall, that all it does, simplify the process.

http://www.sordum.org/7633/firewall-app-blocker-v1-0-beta/

 

Thank you everyone for the useful replies.I have another query.
When i configure windows firewall manually i would like to block all outbound and whitelist my applications as to what connects etc.
Is there any guide which can show me what windows services should be allowed access.?
I dont want to be blocking something that needs network access.
Thanks.

 

@Beethoven1770

I only allowed access to Chrome, Hitman Pro, VT Hash Check, File Hippo Update Checker and Utorrent.

Haven´t whitelisted anything else and everything is working fine here.

Microsoft Updates are turned off, and i´ll disable outbound filtering once every month to update manually.

 

Thank you alexC.

 

You´re welcome