I'm going to allow all outbound traffic; Comodo or Windows Firewall?

As the title implies, I'm trying to decide if I want to use Comodo or Windows Firewall in Windows 7. I am not sold on outbound "protection" so assuming I'm allowing all outbound traffic, what would Comodo offer that Windows Firewall doesn't? I don't care about Defense+, sandboxing, or TrustConnect. That said, the only other features I know about are "Filter loopback Traffic," "Block Fragmented IP Traffic," "Protocol Analysis," and "Anti-ARP Spoofing" which I admit, I really don't know too much about. Any guidance here?

EDIT: I go to a university so when I'm on campus, I'm on public wifi.

 

By default, Windows Firewall allows all outbound traffic, so, you don't have to install anything or make any setting.

 

Comodo firewall is one of the best fw, power and rich of security features since many years. It's absolutely more safe than windows firewall.

 

A question for you.

If you are behind a router utilizing NAT, and you don't wish to control outbound traffic, why would you still need a firewall?

Sul.

 

Do you care to elaborate on why you say this because I'm not necessarily sold. I'll also add to this, that I've ran Comodo Leak Test on both Comodo firewall and Windows Firewall with similar configurations and they scored REALLY close to each other. Comodo scored a 240 where as Windows Firewall scored a 230.

Sully, I go to a university so when I'm on campus, I'm on a public network. I suppose I should add that to my initial post.

 

Ahh. Yes, thats a pretty darn good reason

If it were me, I would use WFW and maybe turn off un-needed services/apps that hold ports open, like RDP and stuff, if you don't need it.

Sul.

 

Quite frankly some of the people I know in computer science scare me.... and I'm in computer science. My university hold's a Cyber Defense Competition yearly in which even the FBI and CIA attend in order to recruit people. I lust for their knowledge.

Thanks for the suggestion; I will look into it. Do you mean the stuff in "Allow a program or feature through Windows Firewall?"

 

Hi crusher.
You have a perfectly good firewall built right into windows.Primary job of a firewall is to keep bad guys out of your computer and both comodo and windows do this admirably.
Only time you may need outbound control is on a already compromised computer although there is several ways that malware can circumvent the firewall.(piggy back on the web browser)etc.

 

I don't pretend to be a WFW guru by any means, so I cannot tell you exactly which panel or area you want to focus on.

What I do know, from using firewalls for years, is that you have a "surface area" you first try to reduce the size of. Some call it an attack vector. Whatever you call it, you want to make it as small as possible. In this case, it means ports that are open for communication. You cannot be hacked if you cannot be reached.

The danger obviously comes from a port being open, and bad guys exploiting it. I mention RDP because lots of computers have it on. People are pretty gun-shy, even here, about turning thier services off, so instead there are lots of features in windows now that try to allow you to leave these lines of communication open, while making them harder to exploit, or at least harder to exploit if you choose "public" becuase the OS changes settings.

If you looked at all your ports held open, knew what service/app was holding each open, knew why and how often you would need that service/app, you would know how much you could shut off. Unlike blocking the port or turning it off for public declared networks, you actually turn it off. Closed port is better than blocked port.

Anyway, there are certain things that you are hard-pressed to get around. Turning off RDP if you don't need it, just a small sample. Svchost rules, well in XP there were a number of good rulesets for it that I used. In vista/7 I have seen a number of them here too, and that bugger is getting more complicated lol. Thats one of the top focuses IMO.

If you're in classes eventually learning about this stuff, you're likely to find out some really low level stuff that I never will. I know enough to be dangerous they say. But I have read and experimented a lot over the years, and tried all kinds of tests to see if I was "stealthed" or if I could brute force into myself. For the average home user, I think much of it is overhyped, just hot air. In your case, as you describe it, it sounds like a great place to be able to learn in. Maybe a pain because of people actually breaking your defenses, but oh what a honey-pot. I would love to be in that environment for about a month straight. I would have to reformat multiple times a day from all the experimenting lol.

Anyway, good luck. Be interesting to hear what your experiences are concerning being breached by anyone and where your insecure areas were.

Sul.

 

One point are the more security features, another that historically windows firewall is more vulnerable than CIS, OP, OA...

 

Unfortunately there aren't any classes here that teach this sort of stuff. It is primarily coding in different languages, data structures, software development, interfaces, algorithms, theory, etc. Nothing that is.... more application based, if that is the correct term.

I have yet to be individually targeted, at least, that I know of so I haven't had a problem with anything. The main reason for this thread is that I just uninstalled NIS which came with a firewall and now I'm just doing some research as to what my options are and how to stay safe(er). I don't know a whole lot when it comes to communication security so for now I'm sort of wandering around aimlessly with Google searches. haha. You gave me some good stuff to look into though so thanks for the reply.

 

What features and how do you know Windows firewall is more vulnerable? Do you have any articles or threads to back this up? Because I could start going around saying Windows firewall has more security features and is historically more secure and really have no idea what I'm talking about. I'm not saying you're wrong, I just would like some proof.

 

If you are allowing outbound then WF is more than sufficient.

 

Absolutely, and a lot of people don't realize its packet filtering capabilities are superior to that of most 3rd party firewalls.

 

For inbound, Windows Firewall suffices. If you wish to 'harden' certain settings:

1. Make sure you're using Windows Firewall on Public Profile.
- The default setting is "Inbound connections that do not match a rule are blocked". There are default rules created - see if you need them. If you don't need those, and you have no need for inbound connections (e.g. torrents), then consider changing it to "block all connections".

2. Don't allow Remote Desktop and Remote Assistance connections
(under Advanced System Properties)

3. Go to Services.msc and disable these
- Remote Desktop Configuration
- Remote Desktop Services
- Remote Desktop Services UserMode Port Redirector
- Remote Registry

 

I think I'm just going to go with Windows Firewall. Is that really all there is to hardening? It just seems too simple to me. Thanks for the replies though everyone.

 

Don't forget to *disable* UPnP (in your router) and block its two ports on Windows if you use Windows Firewall. In the last week, more vulnerabilities have been discovered in UPnP. You will, of course, need to do manual NAT for anything you need but you will be much safer in the long run.

http://www.forbes.com/sites/andygre...-now-to-avoid-a-serious-set-of-security-bugs/

http://www.zdnet.com/how-to-fix-the-upnp-security-holes-7000010584/

 

Ok so after some messing around, Windows Firewall doesn't seem as... intricate as I thought. I do have three questions for now though.

1. So what's the deal with IPSec? From what I have read, it is just a way to implement a VPN (old school?) instead of using SSL but I'm not sure if that is the only purpose. Is there any hardening that can be done here other than setting up a VPN?

2. My second question has to do with the "Allow Unicast Response" option. If I am blocking all inbound traffic, then doesn't this option have no effect? I have it set to "No" right now and have not noticed anything weird so I would assume so.

3. As stated earlier, I have WFW set to block all incoming traffic (Block all, not block) and allow all outgoing traffic but when I go to Monitoring > Firewall, the only rules that show up have the direction of incoming. They are all under "Core Networking" or "Homegroup In". They are all active rules but I didn't think they would actually be active with block all inbound traffic enabled. Am I missing something here or does this not make sense?