How good is the Default settings of Windows Firewall?

Discussion in 'other firewalls' started by sg09, Jun 11, 2010.

Thread Status:
Not open for further replies.
  1. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    I am in a public profile. How good is the default profile of Windows Firewall. What should I do to ensure maximum protection? I use utorrent and Dropbox.
    I am using Vista 32bit. Please explain as I am not at all expert in Firewall configuration.

    Please don't suggest any 3rd party Firewalls. I have come back to Windows Firewall after using almost all of them. It's the best silent firewall in my opinion.
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    The public profile is the strictest of all 3, but will give you issues if you're simply using it in a home environment, for example SSDP/UPnP is blocked which is generally used by programs such as uTorrent to open ports.

    I use the Home profile at home, as far as I'm aware it doesn't reduce your security or leave you vulnerable to attack from external sources, it just allows more internal network data to be transmitted/received, which is why it's generally safe to use Home on a private Home network.

    If Stem is around he will hopefully explain it somewhat better than I did. :D
     
  3. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    @funkydude: Thanks for your answer.
    I am using a public broadband. While I used Avast or Kaspersky I got a lot of dcom attack and helkern attack. Also my friend who uses the same ISP, see lots of IP blocking in idle time from MBAM pro. That why I think there are botnets working inside our ISP. I also see a lots of attacks blocked in Bullguard IS.
    I am using public profile in windows firewall right now and not facing any problems in utorrent. Should I do anything more to tighten the filtration of incoming traffic?
     
  4. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Use Peerblock :isay:
     
  5. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    I use peerblock...;)
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Not sure what you mean by public broadband. Are you at home behind a router with a broadband connection from an ISP, or on a 3G/wireless public network?

    But yeah, public will give you the most protection.
     
  7. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    938
    To do an easy safe configuration I use e.g. "Windows Woorsm Doors Cleaner" (WWDC) and "Seconfig XP" (it seems works in Vista also). With this configuration tools is added aditional security to Windows Firewall. To check the protection in ShieldsUP! is adviced.
     
  8. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Who is your ISP? Bharti Airtel or BSNL ?
     
  9. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    BSNL


    I am not behind a router. Direct Broadband connection from my ISP.


    Both seems to work upto xp...:( Anyway thanks..:)
     
  10. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,917
    Location:
    U.S.A.
  11. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
  12. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    sg09, if it's possible for you, you should invest in a decent router. It would be your first big barrier of defence.
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi sg09,

    Check in the firewalls "public policy" for any rule that allows inbound and then check for any "exceptions"(you should be able to find info for that in the post linked to by JRViejo)
    You should only have inbound allow rules/exceptions for the applications that actually require that inbound, such as (possibly) your torrent client.


    - Stem
     
  14. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Thanks, I am really thinking of buying one...:)

    Thanks for your help :D I am doing this....:cool:
     
  15. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    How good is the Default settings of Windows Firewall?

    Answer: Good enough for the average user who doesn't download illegal warez/apps/software, illegal cracks and serials and only uses the internet for honest purposes and only downloads legal and legitimate programs from reputable companies.
     
  16. wat0114

    wat0114 Guest

    Agreed wholeheartedly :)

    sg09, if you want, list the apps you have that you know need Internet connectivity and I'll help if possible with granular rule settings. Public profile is the tightest for sure, but it can certainly be improved.
     
  17. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Windows firewall would keep you protected no matter what you were downloading.
     
  18. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    thanks. I am attaching the whole list of my installed applications.
    View attachment Applications.txt
     
  19. wat0114

    wat0114 Guest

    sg09, you have a lot of apps I don't use, but some of my rules could apply to your situation. Make sure to visit the link in post #10 of this thread for Stem's excellent tutorial on how to set up the fw rules.

    Here are my outbound rules, mostly made up of my custom rules with the rest built-in core rules. The Active profile is “Public”. They are certainly not perfected, some could maybe be tighter, but I believe mostly thorough. The trouble with setting specific program rules in Win 7/Vista fw is knowing exactly which programs need Internet access, because there are no pop-ups like in 3rd party firewalls. Java, for example, was rather difficult, so I just created rules for all its executables to ports 80 & 443. For FTP, I simply created for any program, but perhaps I should restrict this to specific ones. My son plays Fusion Fall and that was difficult because IE needs to connect to non- standard remote ports. I had to examine the logs to figure it out. There are four “Block” rules for svchost services, but I need to temporarily allow the second and fourth ones when running Win updates. I block them most always because svchost likes to connect out whenever it pleases without good reason, so I keep it on a short leash ;)


    EDIT 06152010 I've updated the outbound rules so a new screenshot.
     

    Attached Files:

    Last edited by a moderator: Jun 15, 2010
  20. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    Nice post wat, thanks for the graphic too
     
  21. wat0114

    wat0114 Guest

    Thank you Greg! Tomorrow will be my inbound rules. It was tight getting all the important columns into the shot (Snagit would only scroll vertically), so I had to remove some of the other columns to make it all fit.
     
  22. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Thanks a lot wat0114..:)
     
  23. wat0114

    wat0114 Guest

    You are welcome!

    Here are my inbound rules, a lot of which I don't even need because I'm behind a router and not on a local network, but I created them anyway just for the learning experience. Again, maybe they're too restrictive, not restrictive enough or I'm missing something, but I think they're a decent starting point. I block SSDP from my router because I can't get it to stop sending them.

    EDIT 06142010 I've updated the inbound rules so a new screenshot.
     

    Attached Files:

    Last edited by a moderator: Jun 14, 2010
  24. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Wow, Thanks again.... Very useful indeed...:thumb:
     
  25. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    176
    Forgive my curiosity but why did you change the default ICMPv4 and ICMPv6 inbound rules?
     
Loading...
Thread Status:
Not open for further replies.