I'm going to allow all outbound traffic; Comodo or Windows Firewall?

Discussion in 'other firewalls' started by CrusherW9, Feb 3, 2013.

Thread Status:
Not open for further replies.
  1. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    As the title implies, I'm trying to decide if I want to use Comodo or Windows Firewall in Windows 7. I am not sold on outbound "protection" so assuming I'm allowing all outbound traffic, what would Comodo offer that Windows Firewall doesn't? I don't care about Defense+, sandboxing, or TrustConnect. That said, the only other features I know about are "Filter loopback Traffic," "Block Fragmented IP Traffic," "Protocol Analysis," and "Anti-ARP Spoofing" which I admit, I really don't know too much about. Any guidance here?

    EDIT: I go to a university so when I'm on campus, I'm on public wifi.
     
    Last edited: Feb 3, 2013
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,229
    Location:
    Romania
    By default, Windows Firewall allows all outbound traffic, so, you don't have to install anything or make any setting.
     
  3. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Comodo firewall is one of the best fw, power and rich of security features since many years. It's absolutely more safe than windows firewall.
     
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    A question for you.

    If you are behind a router utilizing NAT, and you don't wish to control outbound traffic, why would you still need a firewall?

    Sul.
     
  5. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    Do you care to elaborate on why you say this because I'm not necessarily sold. I'll also add to this, that I've ran Comodo Leak Test on both Comodo firewall and Windows Firewall with similar configurations and they scored REALLY close to each other. Comodo scored a 240 where as Windows Firewall scored a 230.

    Sully, I go to a university so when I'm on campus, I'm on a public network. I suppose I should add that to my initial post.
     
    Last edited: Feb 3, 2013
  6. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Ahh. Yes, thats a pretty darn good reason :D

    If it were me, I would use WFW and maybe turn off un-needed services/apps that hold ports open, like RDP and stuff, if you don't need it.

    Sul.
     
  7. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    Quite frankly some of the people I know in computer science scare me.... and I'm in computer science. My university hold's a Cyber Defense Competition yearly in which even the FBI and CIA attend in order to recruit people. I lust for their knowledge.
    Thanks for the suggestion; I will look into it. Do you mean the stuff in "Allow a program or feature through Windows Firewall?"
     
    Last edited: Feb 3, 2013
  8. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Hi crusher.
    You have a perfectly good firewall built right into windows.Primary job of a firewall is to keep bad guys out of your computer and both comodo and windows do this admirably.
    Only time you may need outbound control is on a already compromised computer although there is several ways that malware can circumvent the firewall.(piggy back on the web browser)etc.
     
  9. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I don't pretend to be a WFW guru by any means, so I cannot tell you exactly which panel or area you want to focus on.

    What I do know, from using firewalls for years, is that you have a "surface area" you first try to reduce the size of. Some call it an attack vector. Whatever you call it, you want to make it as small as possible. In this case, it means ports that are open for communication. You cannot be hacked if you cannot be reached.

    The danger obviously comes from a port being open, and bad guys exploiting it. I mention RDP because lots of computers have it on. People are pretty gun-shy, even here, about turning thier services off, so instead there are lots of features in windows now that try to allow you to leave these lines of communication open, while making them harder to exploit, or at least harder to exploit if you choose "public" becuase the OS changes settings.

    If you looked at all your ports held open, knew what service/app was holding each open, knew why and how often you would need that service/app, you would know how much you could shut off. Unlike blocking the port or turning it off for public declared networks, you actually turn it off. Closed port is better than blocked port.

    Anyway, there are certain things that you are hard-pressed to get around. Turning off RDP if you don't need it, just a small sample. Svchost rules, well in XP there were a number of good rulesets for it that I used. In vista/7 I have seen a number of them here too, and that bugger is getting more complicated lol. Thats one of the top focuses IMO.

    If you're in classes eventually learning about this stuff, you're likely to find out some really low level stuff that I never will. I know enough to be dangerous they say. But I have read and experimented a lot over the years, and tried all kinds of tests to see if I was "stealthed" or if I could brute force into myself. For the average home user, I think much of it is overhyped, just hot air. In your case, as you describe it, it sounds like a great place to be able to learn in. Maybe a pain because of people actually breaking your defenses, but oh what a honey-pot. I would love to be in that environment for about a month straight. I would have to reformat multiple times a day from all the experimenting lol.

    Anyway, good luck. Be interesting to hear what your experiences are concerning being breached by anyone and where your insecure areas were.

    Sul.
     
  10. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe


    One point are the more security features, another that historically windows firewall is more vulnerable than CIS, OP, OA...
     
  11. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    Unfortunately there aren't any classes here that teach this sort of stuff. It is primarily coding in different languages, data structures, software development, interfaces, algorithms, theory, etc. Nothing that is.... more application based, if that is the correct term.

    I have yet to be individually targeted, at least, that I know of so I haven't had a problem with anything. The main reason for this thread is that I just uninstalled NIS which came with a firewall and now I'm just doing some research as to what my options are and how to stay safe(er). I don't know a whole lot when it comes to communication security so for now I'm sort of wandering around aimlessly with Google searches. haha. You gave me some good stuff to look into though so thanks for the reply.
     
  12. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    What features and how do you know Windows firewall is more vulnerable? Do you have any articles or threads to back this up? Because I could start going around saying Windows firewall has more security features and is historically more secure and really have no idea what I'm talking about. I'm not saying you're wrong, I just would like some proof.
     
  13. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    If you are allowing outbound then WF is more than sufficient.
     
  14. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Absolutely, and a lot of people don't realize its packet filtering capabilities are superior to that of most 3rd party firewalls.
     
  15. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    For inbound, Windows Firewall suffices. If you wish to 'harden' certain settings:

    1. Make sure you're using Windows Firewall on Public Profile.
    - The default setting is "Inbound connections that do not match a rule are blocked". There are default rules created - see if you need them. If you don't need those, and you have no need for inbound connections (e.g. torrents), then consider changing it to "block all connections".

    2. Don't allow Remote Desktop and Remote Assistance connections
    (under Advanced System Properties)

    3. Go to Services.msc and disable these
    - Remote Desktop Configuration
    - Remote Desktop Services
    - Remote Desktop Services UserMode Port Redirector
    - Remote Registry
     
  16. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    I think I'm just going to go with Windows Firewall. Is that really all there is to hardening? It just seems too simple to me. Thanks for the replies though everyone.
     
  17. sepihi

    sepihi Registered Member

    Joined:
    Jan 18, 2013
    Posts:
    20
    Location:
    USA
    Last edited: Feb 4, 2013
  18. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    Ok so after some messing around, Windows Firewall doesn't seem as... intricate as I thought. I do have three questions for now though.

    1. So what's the deal with IPSec? From what I have read, it is just a way to implement a VPN (old school?) instead of using SSL but I'm not sure if that is the only purpose. Is there any hardening that can be done here other than setting up a VPN?

    2. My second question has to do with the "Allow Unicast Response" option. If I am blocking all inbound traffic, then doesn't this option have no effect? I have it set to "No" right now and have not noticed anything weird so I would assume so.

    3. As stated earlier, I have WFW set to block all incoming traffic (Block all, not block) and allow all outgoing traffic but when I go to Monitoring > Firewall, the only rules that show up have the direction of incoming. They are all under "Core Networking" or "Homegroup In". They are all active rules but I didn't think they would actually be active with block all inbound traffic enabled. Am I missing something here or does this not make sense?
     
Loading...
Thread Status:
Not open for further replies.