The thread title says it all. QUESTION: Exactly which FireWalls (FW) have strong self-protection? In non-technical terms*, I define self-protection as follows: 1- A FW's protection of its rules (allowed stuff, disallowed stuff, areas to be monitored, etc) from being wrongly added to, deleted, or modified 2- A FW's protection of itself from being terminated or "taken out of the loop" in any way except by the user. ~~~~~~~~~~~~~~~~~~~ * I use non-technical terms because I am NOT a FW guru so I don't know any technical terms about FWs, & would likely misuse them even if I did.
@Hiltihome -- Are you implying that all software security apps (including firewalls) are totally incapable of self-protection?
If you are running any software on the same machine, your OS is running on, it's vulnerable by design.
IMO , some security apps are at least somewhat self-protected. For example, my AV can't be killed by Task Manager or Process Hacker. Its settings cannot be modified, via GUI, without Admin status. Neither can it be uninstalled without a password. I am unaware of which FireWalls (FW) do have at least some self-protection, and which FW do not have any. That's why this thread was started. (BTW) Although not SELF-protection, changes to my FireWall's SHA-256 will cause a VooDooShield default/deny block plus a pop-up alert. It is nearly 100% impossible to alter a file's contents with causing a change to its SHA-256 -- or so I have been told.
If the software you use becomes a target, it will be compromised. But as a private user you most likely will never become a taget, so it doesn't matter anyway. In case you are looking for a really bullet proof solution, you need a hardware firewall/gateway/proxy/router.
As far as I have heard, a top priority of any malware that gets on to anyone's computer is to emasculate any security app that might be troublesome to the malware's goal. If so, has it finally come to THIS, I wonder? I find it difficult to accept a concept such as the following........ I would greatly appreciate any & all constructive comments on this matter.
Do they at all now? Focus has shifted from firewalls, they are no longer considered as a viable security solution for masses. Disabling windows firewall is as easy as disabling any service it depends on. Disabling malwarebytes as well, all it takes is some cleanup I perform and it stops blocking till a reinstall, yet it acts as if it is running. I do not know any with self-protection. Maybe ZoneAlarm or Comodo?
I think @TairikuOkami was referring to Malwarebytes Windows Firewall Control (WFC), of which he is a user and, as such, has kindly reported his experience with the WFC firewall. He made no reference to MalwareBytes anti-malware/antivirus app.
sphinx soft has one, terminate it with a process kill and your web access is gone. i consider this behavior as "strong" if you cant access it with password. for ras-pi - its a device outside with its own rules. no password, no luck. you need to plug off the cable and have the rights to alter pc settings concerning network settings. to note: a real firewall is not running on the used client.
It's a good firewall. Its benefits can be said for anything that uses WFP; the Windows Filtering Platform. There are other firewalls that use that, such as Simplewall.
Most firewalls have option to restrict access when they're not running. And most of them have option to protect settings with password. Are there any firewalls with "self-protection" against malware running as Administrator?
I'm guessing that tools like ZoneAlarm and SpyShelter have got self protection, which means that they can't be easily terminated. I don't think that tools like TinyWall and WFC protect themselves. Of course I assume that AV's with built-in firewalls protect themselves too.