another Windows Firewall Control?

If you did not increase the default DPI setting, which is by default set to 96, you can use the normal version. If you increased the DPI, use the 120 DPI version.

 

OK, I will use the 96 DPI version. But if I installed the 120 DPI version would it look bigger/larger on my screen? Or smaller?

I have installed the "Microsoft .NET Compact Framework 2.0 SP1" on my laptop, is that the right one for WFC?

I'm sorry for asking too much question but I'm very curious.

 

.NET Compact Framework is designed for Pocket PC, Pocket PC Phone Edition, Smartphone, and other Windows CE powered devices. If you use Windows Vista or Windows 7 you don't have to install nothing to make Windows Firewall Control work. These operating systems already have the needed libraries.

 

Thank you! Maybe you could form a FAQ on Binisoft site from all that questions.

Can you please tell me just what exactly are the differences between the registered and the free version of WFC? On Binisoft site it says that the registered version offers password protection and learning mode. I don't need the learning mode since I will be using the low filtering which doesn't have the learning mode. And I don't think I need the password protection since I'm the only user of my laptop. But on the Softpedia site I've read that in the free version there's no shell integration. I would like to use that. And are there any nag screens or anything like that in the free version?

Thanx!

 

The description on Softpedia is outdated, since it is from version 2.8. I wrote them several times to update the description but until now I have no response from them. When I submit a new version, only the new executable file is updated.

There is no nag screen, but those two options are disabled in the normal version: Learning Mode and Lock Application.

 

I'm not sure that I know what exactly means the Lock Application feature. That one can set a password to prevent another user of the PC to change the settings? Or does it mean that you set some rules for FW and then lock them to stay permanent even if you reboot the PC? Thank you again.

 

"Lock Application" disables all menu items from the WFC interface. This option also disables and hides the Windows Firewall applet from Control Panel and restricts the access to WF.msc (Windows Firewall with Advanced Security). In this way, other users can't change the settings of Windows Firewall.

All the rules created by WFC are permanent, even if you restart the computer, even if you close the wfc.exe process. You don't have to create the rules every time your computer starts. "Lock Application" does not add any firewall rule.

I saw that you mentioned the Learning Mode a few posts before. This feature has a meaning only for High Filtering profile. There are no notifications for Low Filtering profile because in this profile all programs that don't have a rule defined are allowed to create outgoing connections to the internet. For a better security I recommend to use High Filtering profile, and to allow only a few programs that you know you want them to connect. All other programs will be blocked until you will create rules to allow them, including the programs you have mentioned that you want to be blocked. This is a better approach to take.

For example create rules to allow your internet browser, messenger application, torrent client, etc... The rest of them, keep them blocked.

 

You are right. I just started with the low filtering. Now I'm considering the high filtering. I will have to consider registering the WFC because notifications make everything more under control and easier to understand. Thank you for all the help!

 

I have a question about the learning mode. Let's say that I for example set the firewall control to medium filtering and block a program called CCleaner with the free version of WFC. When a new version of CCleaner is released the program will notify me and try to connect to download it. Will WFC notify me about that or not (since I would only have the free version). And do the notifications (learning modeh) work only when the WFC application is active/running or also when it's not? How do I see that some program wants to connect to the internet if the WFC application is closed/not running? Thank you!

 

I also have a question regarding Windows 7 Firewall itself. How string is it? Are there any leaks?

 

You will not be notified, not because you don't have Learning Mode activated, but for the reason that you have blocked it. You should instead create a rule in a manner that the auto update of a program is allowed, but other connections should be blocked. For CCleaner is not the case, because when you press the button "Check for updates..." from CCleaner main interface it will start a web page in your browser. So it actually does not connect by itself, using ccleaner.exe.

For other programs, let's say you have Winamp, and you have a rule to allow Winamp to connect to internet to listen some online radios. If you install a new version of Winamp, you don't have to define a new rule for it. Windows Firewall rules are based on the path of the application. So if you update Winamp, the path for the executable file will remain the same, and also the firewall rule for it.

Notifications generated by Learning Mode are available only when the program is running. It can't show any notifications if the program is not running. Do you see any firewall notifications for any firewall if the firewall software is not running ?

About your last question, please read the following topic.

https://www.wilderssecurity.com/showpost.php?p=1975283&postcount=599

I use Windows Firewall combined with Microsoft Security Essentials since the beta stage of Windows 7, and I never had any security issues, and I must say, I do navigate a lot, even on unconventional sites. For me, this combination is perfectly suited.

 

OK, I will have to learn to use it yet... Thanx.

Good news about Windows Firewall & WFC's "strength"!

Another question: how is it about the different FW profiles (home/public)? If I use the same computer in different environments, how do the FW rules apply? If I create some rules in one environment will they stay when I connect the laptop in some other place/city?

 

I d like to point out something, i didnt look if its in progress or something. I downloaded Windows Firewall Control and was hoping it was signed. In my opinion this would add more trust in your product. Then I rightclick and see that indeed there is a digital signature/certificate but it not displayed when you doubleclick to install. Can this be fixed?

 

By default, the firewall rules created with WFC applies to all profiles: Public, Private, Domain. These settings can be modified later from the Manage Rules window if you choose to modify a specific rule. So, a rule to allow your web browser created for the Private profile will work whenever you set your location to Home. If you go to a public place, like a hotel lobby, and you set your location to Home, that rule will work. If you set your location to Public, your rule will not work. My recommendation is to create your rules for all profiles. I think if you set your rules at home to allow or block something, you'd want these to apply even when you go to McDonalds.

Our certificate is generated using makecert.exe and our files are signed using signtool.exe. These programs are both part of Windows 7 SDK. Unfortunately, a code signing certificate solution is priced over 170 euros/year, and right now the income generated from donations doesn't allow us to make such an investition. The solution that we use at present time is not as good like a digital signing solution from VeriSign, InstantSSL, etc, but it is something than nothing. It helps to ensure that our executable files are not tampered. This is why you see that wfc.exe is not digitally signed even if it appears to be digitally signed, because the signature was not issued by a known issuer. This is the reason why it cannot be verified.

 

It seems that StarSSL offers solutions for websites. You can not sign executable files.

 

A comodo partner offers cheaper code signing http://codesigning.ksoftware.net/ but i believe its better to keep the money. Its most looks anyway. A flattr button in each app's page would also help.

 

This is a good alternative solution. I will consider to add "a real" digital certificate in the future. For now I'm still learning some WPF tricks and patterns that will help me to implement the next version, which is build from scratch. Probably this version will be digitally signed.

 

i wont let sign by comodo after the latest issues, never ever.
i still have some of their certs here disabled for reason.

 

Of course, I agree! I would like it so that all the rules that are created apply to all the profiles and networks. How do I do that?

 

Rules created with WFC are for "ANY" by default (that means private, domain and public profiles).
You can check this by choosing "Manage Rules", selecting any rule and then "Modify Rule". You will find all three checkboxes (private, domain, public) marked.

 

Or simpler, you can look in the column named "Profile" and you will see "Any" if a rule applies to all profiles.

 

Hi.
I like the IP addresses to be reverse-resolved to the hostname when popups tell me destination/remote addresses of the connections.
I'll be glad if this feature be implemented.
Sorry for my bad English. Thanks.

 

It is already implemented. Just klick the IP-address in the popup.
A WHOIS-query will start in your browser via networktools.nl

 

I can't resolve host name via C# code in a reasonable time. It takes sometimes even 4-5 seconds of delay to resolve the host name and show it in the notification dialog. You can click on the remote address and the host name will be queried using networktools.nl in you default web browser. This is the fastest way.

 

Updated to version 3.1.0.3

What's new in version 3.1.0.3
- New: Manage Rules contains a new button named "Find Invalid Rules". The firewall rules which reffering executable files that were removed from the disk but still have defined firewall rules, will be highlighted. This applies to the current view
from the list.
- New: Notification at program startup if it is not running with administrative privileges.
- Fixed: Deletion of a firewall rule causes a lost focus on the selection. Now the next rule from the list is automatically selected.
- Fixed: Modify Rule can maximize if a double click occurs on the title bar. This should not happen.
- Updated: The classic buttons Minimize, Maximize, Close were added to Manage Rules Window.
- Updated: The classic Close button was added to About Window.

I didn't have enough time to finish the WPF version. Until then here is a new update. Better than nothing.

Please share here your opinions about this version and what do you think the next version should include.

Thank you for your support,
Alexandru