I've been using 3rd party firewalls & just recently have been playing around with WFW - i was surprised to see there is no way lock the firewall rules - apps can freely add/change rules when installed or updated - even in a SUA with UAC on Max which i thought would force a prompt to be issued... What are the options for doing this in Windows 7 home premium? I've read i can use a controller, like Tinywall or WFW Control, but i wasn't planning on setting outbound rules right now - so is there another option or should i just use a controller and allow all outbound connections? Thanks
It has been quite a long time since I have used Windows firewall with default settings, so I don't remember if it adds rules for incoming (server type) connections. I remember it prompting, but maybe as you say it adds also some programs itself. Anyways if you are not willing to control outgoing connections, I would not worry too much about possible incoming ones either. I think you can disable them from the allowed list. TinyWall will yes lock the rules. It removes all default/your own windows firewall rules and puts it's own set of rules. You can't even make rules outside TW controller. In some cases it would be nice to be able to do so, because TW does not offer control to all Windows firewall options. In my usage I have not really found the need for that much flexibility. I don't know how WFW control works, I have not found the need to change from TW, to know if it locks the rules or allows some automatic adding.
How to PROPERLY use UAC: * Create ONE account called Admin (example) and give it adminstrative privileges; * Set a good passphrase for this Admin account; * Change UAC to Max if you want; * Create another account for your user. This account is a regular account and can't do anything without the "Admin"'s accout passphrase. After this, use the REGULAR account at all times, and everytime a windows change has to be done the system will ask for the admin passphrase. This applies to the Firewall configuration.
right, i disable them and then they just add themselves back on the next update... had 11 new additions with the last round of software updates. Thanks for the instructions, but this is already how i have it setup - apps can freely change/add firewall rules during install/update - there is no prompt
Just to clearify - Tinywall and WFC are both controllers for outbound rules - while they also block automatically made inbound rules, i thought inbound rules are still manually set in the WFW GUI. Is this not correct?
See if you can this pic on the page http://windows.microsoft.com/en-us/windows/understanding-firewall-settings#1TC=windows-7 Unfortunately my Windows is in finnish language so i can only refer with a pic/external link. Selected is the prompting option, but the first option if checked should prevent all incoming connections, in Windows firewall. Now since TinyWall takes total control of the Windows firewall, this option does not matter any. TW sets all the inbound rules too and you must also add your server type of program rules with TW user interface if you have any need for such connections. These are the TW basic rules and some of them can be unticked too as a special exception: http://www.saunalahti.fi/~jarmos3/TinyWall_rules_215.jpg So it is a tight set. All the default incoming connection Windows firewall tules have been deleted. Well not exactly deleted, taken out of operation and you can't make them working. See windows firewall advanced settings. Might help to see those disabled rules in case you have a need to produce some of them with TinyWall UI.
I don't understand; if you allow a program to make system changes (UAC), then you're allowing it to make system changes. If you don't trust an app to talk on the network, then why are you giving it full access otherwise? If you want to run it but prevent it from talking on the network (I cannot fathom this being a regular thing), you can always do so manually without being prompted to allow the other 99%.
WFC will block all rules (both inbound and outbound) that are made by third party apps, at least if you enable the "Secure Rules" option. So with this option you won't have to worry about applications trying to bypass the Win Firewall.
OK - thanks guys, i think i'm good to go. I guess it's been awhile since i looked at these controllers - i did know they controlled inbound/outbound at some point
Since using WFC, I haven't even looked at third party firewalls, although I do miss outbound alerts. For a while I tried SpyShelter Firewall, which works alongside the Win Firewall, but I had some troubles with it.
$10 gets you this with WFC doesn't it? also looking at WSA - it looks like it is only an outbound firewall and would not lock WFW rules like WFC does since it looks like it is totally separate
Yes correct. And I'm not sure if WSA can lock down the rules, you would think that it does have this ability. I recommend both TinyWall and WFC, cool thing about them is that they don't interfere with third party firewalls.
For 7 premium there are 2 ways to lock FW rules: 1st) use regedit go to the key HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\ and change itś permissions to read only. 2nd) use regedit go to the key HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\ and change itś permissions to be modified only by one specific admin acccount. (do not use that account when installing or updating apps). Panagiotis
They are both front-ends for Windows Firewall, so technically you use only one firewall: the one that is built-in in Windows.
right, but i believe @Rasheed187 is implying WFC (or Tinywall) & 3rd party firewall together - that makes 2
There is no big benefit, but it's nice to know that with some tools (like SpyShelter Firewall), you don't have to disable the Win Firewall. So if for some reason it fails to block outbound access, you can still rely on Win Firewall. And of course vice versa. But TinyWall and WFC are just controllers, so this all is no surprise.
Two firewalls are less likely to provide redundant protection and more likely to create conflicts (and will create more overhead) that leave you with no protection at all. "Shotgunning" is not a sound security principle: pick one effective product for the task it was designed for. @Rasheed187 makes a good point in that firewall products are frequently misunderstood to all be firewalls (and their brochures don't help).
Actually, I don't believe that was my point. I was just trying to say that WFC and TinyWall are great tools to manage and lockdown the Windows Firewall. If you want to get alerts about outbound access, you may want to use a third party app like SpyShelter who doesn't interfere with the Win Firewall, and works independently.
I don't think SpyShelter is even a firewall; I think they are using the term generically with what their product does: http://www.pcmag.com/article2/0,2817,2484664,00.asp ...which is what I was agreeing with and expanding upon.