Local proxies impeding firewall protection (on Windows 7 at least)

lets just hope for everyones sake that malware writers follow the same advice..my point is this..if the avast web shield is creating a hole in these firewalls what is to stop malware authors doing exactly the same?
Regards.

 

Usually malware programs requires administrative privileges to change system settings.
1. One thing you can do is to not disable UAC and watch carefully which programs try to get elevated privileges. Without administrative privileges, less harm can be done to your computer.
2. Always install software from the official websites or another trusted sources.

Always, the user is the one who helps malware to mess up with his computer. The user must be the most careful and should not rely 100% on antimalware programs. There is no bulletproof security solution.

 

Thanks for the reply.
A standard user account would be a good idea i suppose.
I like the look of your windows firewall controller.it is the best one ive seen and i really want to try it at some point.
Im using kaspersky at the moment.
Just out of curiousity.can i run two different security set-ups on two different accounts?
Im running kaspersky on an admin account.if i create a limited user account would i be able to use a different security set up?
Thanks.

 

A standard user account is a good idea. Also, an admin account with UAC enabled is fine too. Windows Firewall does not support different rules setup for different user accounts. All the rules are per machine installation.

 

Lets just hope malware writers dont use this local proxy scenario then.
No doubt they will and this shows a fault in most firewalls..its a major security flaw and needs to be addressed.

 

It's debatable as to where the fault lies, but it's not about that now. I hope that instead of pointing fingers they're working together to resolve the issue.

 

What I get from this thread is following:

I have been running W7 firewall almost a year with Avast and Sandboxie as my security protection. The idea of switching to Comodo was on my mind. I have used it before on my XP, so it is familiar in earlier version to me. Then it had the rules made on Windows registry and on "high" rules making options it lost it's rules sometimes.

I didn't like it's HIPS part component then.

So maybe, not sure, I keep using the Windows 7 firewall. The inbound server connections protection is not compromised by this Avast webshield, the point I want make to everyone new to these issues. It is only outbound connections that are not filtered. But by default they are allowed anyways and not practical to try make the outbound rules without 3rd party addons.

The mentioned GRC leaktest was able to to be passed with Tinywall with Avast 6, but I think not in Avast 7, by making some setting in Avast 6 checked, which was not on by default install. Anyways Tinywall is not likable to me with no popups. The other popular addon that uses W7 rules is not free. And the third Sphinx "addon" uses it's own rules.

In the try to keep my computer with no conflicts between security programs the option I have now with running Avast 7 AV, the Win 7 firewall and Sandboxie seems a reasonable solution even if W7 firewall gives no protection to outbound connections.

And lets hope to those of you using outbound connections controlling firewalls that installed malware does not start to act like Avast's current webshield.

 

I also use the WIN 7 firewall and I agree in provides excellent basic inbound protection. Note that advanced features such as denial-of service and the like are missing.

Avast webshield is providing outbound protection. It is basically filtering your browser connections for malware. What protects your inbound connections from the Internet is the WIN 7 firewall statefull inspection feature that ensures only inbound connections are allowed from previous outbound requests. Open a WIN 7 inbound firewall rule and note the "block edge traversal" option. This ensures no inbound request is allowed without a corresponding outbound request.

 

FWIW, there are a couple of reports that Comodo Firewall v6 running on Windows 7 has the same issue as Comodo Firewall v5 running on Windows 7, and one report that Comodo Firewall v6 running on Windows 8 is also affected.

Discussion Thread: "Avast bypass"
https://forums.comodo.com/firewall-help-cis/avast-bypass-t89551.0.html

Issue Report: "CFW fails to block HTTP connections with Avast 7 - Update [M198]1[v6]"
https://forums.comodo.com/bug-repor...st-7-update-t89767.0.html;msg647524#msg647524