Of course it does... microsoft added windows firewall in "local security policy" for this very reason... (but it is not available in home edition). Panagiotis
as i said above , how can WinFW be tampered with if your system is clean. Windows built-in security features are supposed to be working all together. SUA + UAC max + smartscreen + WinDef + WinFW, all of them work in tandem ; if you disable them (as many people does because they read some noobs blogs), and then happy click on everything, then expect to be infected and obviously WinFW to be tampered with. I set up systems to many customers before, teach them safe habits, then i never saw one getting infected since, when they call me, it is because they have drivers/internet issues. Conclusions, WinFW with controllers or not, is good enough, could be better sure, but if one take the time to learn it , it is worth the use.
What is stopping a malware or keylogger from hijacking your browser's connection? Once your system is compromised, depending on a firewall with outbound control to prevent the malware from connecting out is simply a gamble, not security by design. At best, it's a damage control tool. At worst, it provides a false sense of security. The purpose of a firewall with outbound control is to limit access for legit programs, not controlling outbound traffic of malware after it has executed.
exactly. Problem is that people are so used to those security oriented FW (comodo, Emsisoft OA, Zone Alarm, etc...) ; they had forgotten what is the original FW purpose.
I know what you mean but I would not even call those security oriented; not when they failed to protect against unsolicited inbound access on potentially hostile networks. The linked test result and discussion below were 2 years ago but it goes to show the irony... https://www.av-comparatives.org/firewall-reviews/ https://www.wilderssecurity.com/threads/av-comparatives-firewall-test-03-2014.362063/
Indeed, in fact if i have to invest in a FW , i would buy an hardware one (and surely not an software one), then i will be a bit safer. Until then i will use my "hardened" WinFW.
Personal comments about other members removed. Keep on topic please unless you want this thread closed.
That's why I combine WFC with HIPS, to make sure that the Window Firewall is not that easy to bypass. The reason I decided to use WFC, is because it auto-blocks outbound connections. Most HIPS do not offer this feature, and having to respond to all of these alerts about apps wanting to call home, can quickly become annoying.
@Rasheed and guest, How do you make rules if you don't get an alert telling what wants out or in and where to/from? Must know the name of every possible .exe file? My experience on Windows 7 and 10: Dozens of times I've tried using windows firewall, read Stem's tutorial, and just can't get it. To notify about attempted connection is enabled. It NEVER talks to me. Also I read here how people delete all built-in rules. Make their own. Good idea? I wish we could have a simple firewall like Kerio or Sygate where making rules was so much easier.
if you select "outbound connections..." - block , then the above text applies to outbound connections as well. About WinFW : https://technet.microsoft.com/en-us/library/cc755604(v=ws.10).aspx Not at all. Let me show you the context; in fact, it is easy (if you do the right research beforehand). To make WinFW deny-default, blocking all outgoing connections on every profiles, i follow those lines: note: i don't install hundreds of programs, i have less than 10 installed; others are portable versions. 1- After some research, i can figure out which Windows' processes/apps need to go out (Windows Update, WIndows Defender, svchost, etc...) and which doesn't ; obviously disable/enable some is depending your needs (many rules in WinFW don't need to be enabled) 2- you don't need every programs you have to call home; from this, just create rules for internet-needing programs (torrents client, browsers, email clients, etc...). 3- when you need updates for those you blocked the outbound connections, just download the new version manually. i took me time to get it also, so if it is really what you want to do , you will succeed (not saying you will increase your knowledge of how Windows works, which is gold) Because outgoing connections are allowed by default; the option you mentioned is only for inbound connections. All is about your knowledge of Windows, i prefer disabling rules than deleting them because maybe later you may need them. I just prefer MS to give us the option to get alert for outbound connections, will be easy to implement since the feature exist already for inbound connections.
Maybe you could help us with rule No 1. "...whichWindows' processes/apps need to go out (Windows Update, WIndows Defender, svchost, etc...) and whichdoesn't "...
I second that, Djigi Win updates and Defender do need out. But a lot of svchost or taskhost or background services is a mystery to me. @guest, Now I see why it was so frustrating. I didn't know it was a design feature not to alert on outbounds. What were they thinking of I really want to use just what's built in by M$. I know how to make rules even though their painful design of unnecessary multiple dialogs makes it a chore. I will try again. To find out which rules must be made for system or svchost or core networking processes is rough since it's not easy to read so many of their existing rules. Without details in some sort of alert it's an impossible job. Thanks for the M$ link. It's for XP. I saw this one for Windows 10 which explains how windows own and 3rd party firewalls work off the filtering engine: https://msdn.microsoft.com/en-us/library/windows/desktop/aa366509(v=vs.85).aspx
I see on one page these settings: The following rules applies to all 3 profiles: Domain, Private and Public Outbound/ allow service 'Windows update' Outbound/ allow program 'Windows\system32\smartscreen' Outbound/ allow service 'Windows Time' Outbound/ allow program "\Windows\explorer.exe" Outbound/ allow program '\Windows\HelpPane.exe' (Windows Help, enables fetching online help ) Outbound/ allow program '\program files\windows defender\MpCmdRun.exe" Outbound/ allow program <Firefox/Chrome/Opera, whichever browser you use> Outbound/ allow program \program files\Internet explorer\iexplore.exe Outbound/ allow program \program files x86\Internet explorer\iexplore.exe Outbound/ allow program \Windows\ImmersiveControlPanel\SystemSettings.exe Outbound/ allow program \windows\system32\UserAccountBroker.exe Outbound/ allow program <your antivirus update program> Outbound/ allow program “%ProgramFiles% (x86)\Secunia\PSI\psia.exe” Outbound/ allow program “%ProgramFiles% (x86)\Secunia\PSI\psi.exe” Outbound/ allow program \windows\system32\wwahost.exe Outbound/ allow program \windows\system32\AuthHost.exe Outbound/ allow program \windows\system32\RunTimeBroker.exe Outbound/ allow program '\Program files\Windows Media Player\wmplayer.exe' Outbound/ allow program '\Program files (x86)\Windows Media Player\wmplayer.exe' Outbound/ allow program <Adobe Flash Update service> Outbound/ allow program <Adobe Acrobat Update service> Outbound/ allow program \windows\system32\svchost.exe For SVCHOST, you have to create 2 rules: 1st rule: program: \windows\system32\svchost.exe. Name it "SCVHOST UDP 53". Now select the rule and choose Properties. Go to protocols and ports tab, set Protocol Type='UDP', set Remote ports to Specific Ports, and type in '53'. 2nd rule; program: \windows\system32\svchost.exe. Name it "SVCHOST TCP 80,443' Now select the rule and choose Properties. Go to protocols and ports tab, set Protocol Type='TCP', set Remote ports to Specific Posts, and type in '80,443'. Outbound/ allow program \windows\system32\wermgr.exe Outbound/ allow program <\users\<userAccountName>\appdata\local\microsoft\onedrive\onedrive.exe> (if you choose to use OnrDrive, each account that uses OneDrive needs a rule ) Outbound/ allow Core Networking DHCP-out Outbound/ disable all Core Networking rules that mentions IPv6, IPHTTPS, IGMP, Teredo, and ICMPv6 Outbound/ disable the 2 rules that mentions HomeGroup Outbound/ disable all rules for Remote Assistance Outbound/ disable Proximity Sharing over TCP Outbound/ disable all Network Discovery rules OutBound/ disable <Mail> ( Disable if you don't have MS accounts ) OutBound/ disable <Calendar and People> ( Disable if you don't have MS accounts ) OutBound/ disable Microsoft Phone Companion (should be for smartphone platforms only) OutBound/ disable Message Queuing TCP Outbound OutBound/ disable Message Queuing UDP Outbound Outbound/ disable Contact Support InBound/ allow <Core Networking ICMPv4 in> (enable this rule if you want to be able to ping your machine) InBound/ allow Core Networking DHCP in Inbound/ allow program <Mcafee Site Advisordir>siteadv.exe Inbound/ allow service <SA Service> ( Mcafee site advisor ) InBound/ disable Core Networking IPHTTPS in InBound/ disable Core Networking IGMP in InBound/ disable all Core Networking rules that mentions IPv6, Teredo, and ICMPv6 InBound/ disable all Network Discovery rules for private profile (NB Datagram in, NB Name in, LLMNR UDP In, Pub-WSD-In, SSDP-In, UPnP-In, WSD-Events-In, WSD-EventsSecure-In, WSD-In) InBound/ disable the 2 rules that mentions HomeGroup InBound/ disable DIAL protocol server x2 (allows remote control of apps) InBound/ disable Microsfot Edge (it is a browser, only outgoing needed, no unsolicited traffic allowed) InBound/ disable Message Queuing x2 InBound/ disable Proximity Sharing over TCP InBound/ disable Search (don't know why search needs a inbound rule, search reaches outbound) InBound/ disable Proximity Sharing over Tcp InBound/ disable all rules for Remote Assistance InBound/ disable <Mail and Calendar> (Disable if you don't use MS accounts) InBound/ disable <People> ( Disable if you don't use MS accounts ) Inbound/ disable Contact Support Inbound/ disable Remote Desktop 3 rules Inbound/ disable GROUP=Remote Event Log Management Inbound/ disable GROUP=Event Monitor Inbound/ disable GROUP=Remote Service Management Inbound/ disable Remote Shutdown Inbound/ disable GROUP=Remote Volume Management Inbound/ Disable Secure Socket Tunnelling Protocol Inbound/ disable GROUP=Windows Management Instrumentation Inbound/ disable Media Player Network Sharing Service Inbound/ disable Xbox InBound/ disable MS Edge Inbound/ disable Search Inbound/ disable MSN Money Inbound/ disable MSN Sports Inbound/ disable MSN News Inbound/ disable MSN Weather Inbound/ disable Microsoft Photos Inbound/ disable Xbox
Those rules are for a very specific system. Some are valid for all users, others may hamper your normal usage of Win10.
And then there are people like me. I am afraid that M$ is stealing my data, so I can't rely on their FW, because it's designed to help M$ in this. It sure protects from some imaginary hackers, but my PC has never been attacked by such. Ever. So, in my case, I'm protecting my PC from this: https://privacy.microsoft.com/en-us/privacystatement/ Using Win7 for now. Next step is moving to Linux Mint. Soon.
If MS want your datas, they will use a process or port that Windows must need, so any FW will let it pass. Linux is you best bait for privacy, at least for datas you store locally; once outside your machine, privacy ends.
sadly its very hard to lock down windows networking down properly because of the very insecure use of wrappers. svchost rundll runonce When you get one of these asking for network access it could be anything behind them including malware. However of course if malware is in a position to make outbound connections then the battle is already lost anyway, in this case the firewall prompting is at least acting as a warning system that something is up.
Exact , no need to say some processes like svchost are needed for some features like Windows Update , if you block it , no updates. Anyway fighting MS is pointless, the system is proprietary (unlike Linux) , so no one (except MS) has full access to it and could analyze every bit of code. You want secure your datas, encrypt them locally. It is the only option.
Installed Mint 18 alongside Win7. Trying it since yesterday. Very nice feeling. Might become my primary OS very soon. Sorry for the OT. edit: That's the FW that comes with Mint 18 > http://gufw.org/
Have been suing TinyWall for some time now and seems okay to suffice for the Windows built-in firewall. I pair it with EAM.
There are no good firewalls “ thats free ” ( or not ), there are Windows firewall and GUIs. Application control is too complicated with Windows firewall. Do this : Inbound blocked Outbound blocked Then allow outbound ports : 80 TCP 443 TCP 53 UDP for browsers 123 UDP for setting the time 993 TCP for client messaging 1194 UDP for VPNs That's enough.
I think you misunderstood, I use WFC, which is a third party tool to control the Windows Firewall. It's quite easy to manually make rules to allow certain apps to make outbound connections. WFC also has a another bonus, it will auto-block apps from adding rules to the Win Firewall. You should check it out: http://www.binisoft.org/wfc.php Yes, at first I saw it as a disadvantage because I was used to outbound alerts, but WFC showed me how handy it was to auto-block apps. Only a couple of apps are allowed to access the network on my system anyway.
