Oh, come on. Comodo, ZoneAlarm, PrivateFirewall...are they using Win firewall as a base? I think not.
Bitdefender Internet Security, too. It's been a almost two years since I've had hands-on with Kaspersky IS and I'm sure if they since dumped their firewall and went with Windows that would have been Big News. And you think correctly. guest has long been inflicting his "nowadays any firewall" delusion here and no doubt elsewhere. He remains adamant even having been corrected on several occasions. So sad. As well, Windows firewall or not, Glasswire rocks. It's core function monitoring and reporting is superb. That it doesn't do any thinking for you is the issue most users whine about.
Firewall capability aside,i find the fonts way too small,on the gui/popups.Unless Im a foot away from the screen Ive got a job to see/read them properly.I have my pc plugged in to tv screen ,and the lack of font control really bugs me.
I agree with this, the Win Firewall is quite good, I use WFC to control it. But I just expected a bit more from GW, on screenshots it looked cool, but I didn't see any true need for it. Plus I was annoyed about the high CPU usage, I'm not sure if it was some conflict. Yes correct, apps can still control outbound connections independent of the Win Firewall. But I guess GW is more of a network monitor with some extra options.
Actually, he's right on this one. Since WIN 7, almost all Internet Security suites use Windows Filtering Platform aka WFP: https://msdn.microsoft.com/en-us/library/windows/desktop/aa363967(v=vs.85).aspx . That includes Comodo: CIS uses WFP in conjunction with inspect.sys packet filter driver. Inspect runs at the lowest level (kernel level) where WFP runs at higher levels. I don't know the specifics about WFP works or how CIS uses it. Ref.: https://forums.comodo.com/firewall-help-cis/is-cis-using-windows-filtering-platform-wfp-or-what-t103704.0.html;msg757415#msg757415
That's not the point. GW can't control outbound connections independent of the Win Firewall (WF), but tools like Comodo and SS can. So if you block something in Comodo and allow it in WF, it's still blocked. WFP is an interface that's being used by security tools.
I think Comodo is going to change that in the next version. And there is no real advantage of having a separated firewall driver. Last update of Private firewall was in 2013, Outpost firewall has disappear. I wouldn't use "..." in your sentence since there are no more firewalls with its own driver as far I know.
You miss the point, almost all security tools use their own driver, but they can choose to use the Win Firewall for blocking outgoing or incoming connections. So your statement is not correct. Comodo will most likely continue to monitor inbound and outbound traffic independently of the Win Firewall, since that is what most HIPS and third party firewalls do. What is the advantage? Let's say that malware manages to bypass or disable the Win Firewall, then you're still protected by a third party firewall/HIPS.
There is no AV Suite using it's own firewall driver besides Comodo and Zone alarm for historical reasons You can control outgoing and and incoming connections with windows firewall ie. WFC does it and most AV suites are able to do it using the advanced settings HIPS has nothing to do with a firewall, not even at driver level. I haven't seen yet a malware able to bypass WF but I have seen a lot of malware able to kill CIS during the last years, youtube is plenty of videos and I have tested myself. I guess the same applies to ZA.
Well we have 4 products EIS (Online armor) ZA Comodo PF (abandonware?) last update 2013 Then we have hundred of other firewalls, av suites... using WF which offer the same functionality, and there is no proof that any of those 4 fw is any better than WF
guest your inaccuracies are troubling. EIS(Online Armor) implies one product. Simply not true. It would be more accurate to display this. Online Armor(abandonded) EIS
EIS interfaces with WFP as noted below. Most current Internet Security suites do the same. Most have drivers which interface with WFP using a NDIS miniport filter. Technically Emsisoft Internet Security isn't considered compatible with Malwarebytes Anti-Malware due to the fact that Malwarebytes Anti-Malware uses a WFP driver to capture network traffic for their website blocking, and that driver could cause problems with the WFP driver used by Emsisoft Internet Security. Ref.: https://support.emsisoft.com/topic/19289-compatibility-with-malwarebytes-anti-malware/ Also the firewall used in EIS was designed from the ground up as a new piece of software and has no relationship to the firewall used in Online Armor.
I know that OA is abandon, I just assumed since you said that it has is own driver that the fw driver was a light "version" of online armor. That was my intention by putting OA brackets. But as itman said EIS uses WFP so we can take it from the list I added it there thanks to your inaccuracy.
I'm afraid you're still misunderstanding. Windows Filtering Platform (WFP) is an interface used by security tools like third party firewalls, HIPS and AV's. If a security tool is using WFP, this doesn't mean it can't control outgoing and incoming connections independently. To give an example, both GlassWire and SpyShelter use a WFP driver, but if you block some app from outbound access, GW simply creates a rule in Win Firewall. If SpyShelter blocks some app, it creates a rule in its own settings. It doesn't care about the Win Firewall rules. If you still don't understand, then I give up.
Actually, you explained that well. Here are the specifics. Note the sections I underlined. Also important to note is the firewall used in most IS suites today, does not totally disable all of the Win firewall functionality. Doing so will also disable WFP as noted below. For example when using Eset's Smart Security firewall, you will see wording along the lines of "These settings are being managed by vendor application Eset Smart Security" when accessing Windows Firewall settings via Control Panel: Windows Filtering Platform (WFP) is a set of API and system services that provide a platform for creating network filtering applications. The WFP API allows developers to write code that interacts with the packet processing that takes place at several layers in the networking stack of the operating system. Network data can be filtered and also modified before it reaches its destination. By providing a simpler development platform, WFP is designed to replace previous packet filtering technologies such as Transport Driver Interface (TDI) filters, Network Driver Interface Specification (NDIS) filters, and Winsock Layered Service Providers (LSP). Starting in Windows Server 2008 and Windows Vista, the firewall hook and the filter hook drivers are not available; applications that were using these drivers should use WFP instead. With the WFP API, developers can implement firewalls, intrusion detection systems, antivirus programs, network monitoring tools, and parental controls. WFP integrates with and provides support for firewall features such as authenticated communication and dynamic firewall configuration based on applications' use of sockets API (application-based policy). WFP also provides infrastructure for IPsec policy management, change notifications, network diagnostics, and stateful filtering. Windows Filtering Platform is a development platform and not a firewall itself. The firewall application that is built into Windows Vista, Windows Server 2008, and later operating systems – Windows Firewall with Advanced Security (WFAS) – is implemented using WFP. Therefore, applications developed with the WFP API or the WFAS API use the common filtering arbitration logic that is built into WFP. The WFP API consists of a user-mode API and a kernel-mode API. This section provides an overview of the entire WFP and describes in detail only the user-mode portion of the WFP API. For a detailed description of the kernel-mode WFP API, see the Windows Driver Kit online help. Ref.: https://msdn.microsoft.com/en-us/library/windows/desktop/aa366510(v=vs.85).aspx
Doesn't look right to me. I would check with BitDefender to verify that that the Win firewall service should be disabled. I am running Win 7. It might be different for Win 10. I know from experience that I have had the Win firewall mysterious totally disabled when using Eset Smart Security. When that happens, I just reset the Win firewall to default settings and reboot. Thereafter, it is back to the mode I previously described.
@ itman "Actually, he's right on this one...almost all Internet Security suites use Windows Filtering Platform" That's not same as guest's "any firewall uses Windows firewall as a base"
Forgot to mention I run Windows 7, but since when has that detail been important in Wilders postings? From page two of the BDIS 2016 User Guide: Disable or remove any firewall program that may be running on the computer. Running two firewall programs simultaneously may affect their operation and cause major problems with the system. Windows Firewall will be disabled during the installation. The firewall log is devoid of errors and typically: 2016/02/28 14:19:23.856 [BDFW] Library init completed successfully. 2016/02/28 14:19:23.856 [BDFW] Driver init completed successfully. 2016/02/28 14:19:31.204 [BDFW] Ip 192.168.0.256 added to device {f15c1818-SNIP-fc541} I run BDIS in paranoid mode full time and build rules as the alerts pop-up. Quite chatty at first, but that's the fun.
BTW, if malware is capable of terminating HIPS, I'm sure it won't have any trouble disabling the Win Firewall. He seems to be confused between WFP and the Win Firewall, they are two different things.
Well then I wouldn't notice they are two different things to post up about. In which case I'd simply dismiss the any and almost all discussion with a "Duh. Yeah." You, on the other hand, are confused as to my expertise.
It depends, some third party firewall have this implemented others don't, so what? What you don't understand is that all of them have in common that they are using the same driver made by msft, WFP. WF is just another interface using WFP.
I said this "Nowadays any firewall uses Windows firewall as a base" lets be more specific so every one is happy but I'm still right "Nowadays almost (but 2 or 3) any firewall uses Windows Filtering Platform (as WF) as a base"
Yes. Eset's user manual uses the exact same wording. What that wording actually means is that the full functionality of the Win firewall is not in effect. Not that the Win firewall itself is turned off. Please bear with me since this subject is confusing as hell; even to those with technical knowledge. When a vendor firewall is interfacing with WFP, the Windows Firewall screen accessible via Control Panel should look as given below: Additionally if you access the "advanced settings" option from the above screen, you will observe that the Win Firewall is indeed enabled: However if the Win firewall service is disabled, the result is all functionality of the Win firewall is disabled including WFP. When that happens, you would see a screen such as this: http://www.computerperformance.co.uk/images/win8/firewall_private.jpg