@ichito Since, SS Firewall relys on Windows Firewall, how i can prevent a malware to add a WF rule during boot stage? 90% malwares does that, many with simple reg add command to open up a outgoing port.
@ichito -- Wow! Loads of helpful information!!! THANKS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @moredhelfinland -- SS firewall does not rely on Windows firewall. SS uses Windows Filtering Platform (WFP), a series of APIs & system services that are Windows built-in "shortcuts" for network filtering, to be used in creating firewalls & other such apps (see note 1). Thus, malware would have to penetrate SS itself to add or modify a rule in SS firewall. SS is strongly self-protected to prevent that sort of thing from happening. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTE 1- Windows firewall is also built on the same WFP APIs & services. It is the Windows firewall that is somewhat vulnerable, not WFP or the SS firewall.
There currently is no security app that can block processes from being killed, SpyShelter strangely enough also doesn't offer such a feature. I do remember that HIPS from back in the days like System Safety Monitor offered this stuff.
@bellgamin That's the point, WFP based firewall softwares are more vulnerable, rather than third party firewalls that uses their own filter driver? Only that is why im using a software based firewall, that does use it's own filter driver rather than WFP based ones.
No, the point is that SS doesn't rely on the Windows Firewall, so if WF is bypassed, then SS keeps blocking outbound connections. Plus it also monitors for code injection, which is often used by malware to bypass firewalls. ZoneAlarm also watches for code injection but is bloated. I personally use TinyWall as firewall and SS as behavior blocker which should prevent apps from bypassing TinyWall.
come on, please stop repeating this BS, FUD at its best. it is NOT helpfull to comment each firewall thread with this unproven statement and to recommend another (paid) software.