Windows Firewall No Longer Successful in Shields Up Test?

Issues Concerning Windows Firewall's Effectiveness

Well to be honest, I haven't been keeping up-to-date on firewall issues, but previously when I tested Windows firewall on the GRC Shields Up! test, it checked out as a complete pass. Now after a while when I did a test on my brother's clean computer with Windows Firewall set on its maximum settings, the test showed that it did pass in the everything except the ping echo portion of it. Turns out that the computer still replied to the ping echo! This issue concerns me a bit since his computer is no longer completely "hidden", yet my brother still insists he have a basic, lightweight firewall (doesn't really want to change) so I was wondering, is everyone else experiencing similar test results with Windows Firewall? Or is something wrong with our settings? (which is odd, because I even reset to default and checked to make sure everything was secure with no specific allows) And if so, does anyone know how I can fix it?

 

You can turn off the ping response in the firewall's advanced settings.

Go to Control Panel | Windows Firewall | Advanced tab | Appropriate network | Settings button | ICMP tab and turn off everything, particularly the top item "Allow incoming echo reqest".

That should kill the ping response completely.

 

According to RFC 1122:

RFCs really should be followed. It is a bad idea not to respond to pings. There is no security flaw in this, this is a myth. If you allow pinging your computer you are still safe. It is not true that if you deny response to ICMP that you are hidden from attacks. Firstly, most random attacks do not even try to ping you before they attack. Secondly, try http://www.insecure.org/nmap/.

 

ICMP is like NetBIOS, it can blocked if an user or his internet do not need it. I have it blocked and I can use p2p, play online games, listen/watch streaming and I have no problems at all.

 

ICMP is not like NetBIOS. No RFC is speaking about having NetBIOS enabled. Common users should not be told this because it can cause problems. For example if your ISP changes some settings or hardware and some problems appear it is ICMP what will be used for diagnostics, it will be because it is the purpose of ICMP protocol. If you tell users that to deny ICMP is ok you can cause a lot of troubles to them. Ok, 99% will live with no problems with ICMP disabled but still there are some that will be in trouble (or at least e.g. their ISP will have more work because of it). The important thing here is that there is no why to disable ICMP - it is not dangerous to have it enabled. Please follow standards, follow RFCs.

 

Of course not, I will not tell such a user not to block ICMP or not to use realtime AV, because it is useless and so on, but I guess, that Wilders Security Forums members have a good knowledge about computers and security, otherwise, they would not be registried here. I used NetBIOS just as an example, because some programs or internet do not work without it.

 

Alright, thanks for the input guys, guess it's fine to have things this way. However, my question still hasn't been completely answered--has anyone else been experiencing the same results from the test using Windows Firewall? Just a bit curious.

 

If you are behind a router or some sort of hardware firewall, it is ALWAYS in charge of either dropping or acknowledging pings. Even if you place your pc in the "DMZ" and have all traffic forwarded to it, only tcp connections and udp packets are forwarded. This may be your problem

Otherwise, I hate to say it, but who cares. Stealth and dropping ping packets is a waste of time, effort, and actually is against some internet regulations. As long as you have closed ports, you are good to go.

Cheers,

Alphalutra1

 

Thanks once again, good information for me to remember