Simplewall-Firewall

Discussion in 'other firewalls' started by co22, Oct 25, 2016.

  1. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia
    @popescu

    Some nice reading here - > hxxps://docs.microsoft.com/en-us/windows/win32/fwp/filter-arbitration
    I think we can say, based on this article, that using 2 firewalls is quite recommended ?

     
  2. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada

    Yes, indeed.

    But again, why do you need a firewall, let alone two?

    If you are using Windows , Microsoft will "extract" whatever data they need from your PC, one way or another.
    Any legit software , which is supposed to have access to the internet , will do the same.
    Any serious malware , will be either detected by your antivirus or, if undetected and properly designed, will slip through both firewalls.

    What is left is legit software which you want to block access to the internet and maybe PUP and some other semi-innocent malware for which developers did not put significant effort in their design.

    Is it worth the effort of managing two firewalls?
     
    Last edited: Jul 4, 2020
  3. SeriousHoax

    SeriousHoax Registered Member

    Joined:
    Mar 27, 2019
    Posts:
    27
    Location:
    Bangladesh
    What about programs that automatically create rules specially inbound rules in Windows Firewall, like qBittorrent, Steam. Any way to prevent them from creating rules without using any additional software? I know there's an option in Windows Firewall to deny all types of inbound connection but programs still can create rules by themselves.
     
  4. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
  5. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    650
    Location:
    Hungary
    Uhm, some corrections.
    1. Actually, both SimpleWall and TinyWall can filter based on services. The issue with Windows Update is not the incapability of these firewalls, but that Microsoft has implemented parts of Windows Update to not run in any service, since a couple of years now. The only way to contain it without letting out svchost is to block all Microsoft IPs and domains, and for the latter you need drivers. And even then this will only work until Microsoft introduces new IPs and domains, so even commercial alternatives won't be able to single out Windows Update reliably.
    2. TinyWall *can* detect parent apps that use child processes to access the internet. This is off by default, but you can enable this per-rule if you wish.
     
  6. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    650
    Location:
    Hungary
    For properly written 3rd-party WFP-based firewalls, this is not a concern, because even if software are able to create rules in Windows Firewall, they still won't be able to get out. The rules list of Windows Firewall is completely distinct and separate from that of Simplewall or TinyWall, and you'd need to create rules in all firewalls to be able to access the internet. So, assuming popescu's intent in his answer was to point you to WFC's Secure Rules option, I'd advise against that. Only WFC requires that option because it creates rules inside Windows Firewall, but that is not the case with TinyWall or Simplewall.

    Concerning earlier discussions about running two or more firewalls:
    SimpleWall and TinyWall should be able to run on the same computer technically, at least in theory (I've never tested it though). But as I've already explained it in TinyWall's thread multiple times, I do not recommend using multiple firewalls at the same time. First of all, not every firewall is compatible with every other, but even if two specific firewalls can work together, there is little to no security advantage to it, while at the same time it almost always brings frustration and confusion to the user (usually a couple of days or weeks after the initial installations).
     
  7. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    TinyWall , by default will not alert you about anything , so haw it can detect parent apps that use child processes to access the internet remains a mystery.

    For a day to day user, you need a pop-up saying "this app is trying to connect to this IP , this port, using this child app" nothing else over sophisticated.
     
  8. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    650
    Location:
    Hungary
    TinyWall does not have popups, but that has nothing to do with detecting child processes, and that's what you've been talking about earlier. If you enable child process detection in a TinyWall rule, then child processes (to be more exact: executables of child processes) will get the same rule applied as the parent process you've created the original rule for. You don't need popups for this feature in any way.
     
  9. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia
    @ultim
    The combo (simple+Tiny) works as intended.
    It blocks, if this is what the user intends to do when installing a firewall.
    No issues whatsoever, on 2 different Windows 10 builds and configs.It blocks what is not needed and allows apps only as per user rules, whatever the app may be.For an app to pass traffic, rules in both firewalls (WFP interfaces) need to be made.It s not time consuming as the rules once made stay there.
    BF 1, for example, works perfectly, no lags, no ping spikes, no high CPU usage or any other issue that could arrive from using Secure Rules in WFC for example.

    Some may still need to test how the combo behaves in an "open" network scenario, while sharing various resources across the LAN..
    Simplewall add-s a few things: some loopback control, a more detailed log feature, a block list, more protocols to control via custom rules, IP versions to control, connections notifications.

    Based on popescu's posts i have the feeling that he/she is not an advanced user of windows firewalls, so neither simplewall, neither tinywall may be what he/she needs..
    If he/she would have used any of the firewalls, i mean really taking the time for 1 hour at least - to see how they work, he/she would have discovered that Tiny has a "training" mode while simplewall has the pop-up interactivity approach, but with Jetico/Outpost like smartness , as it allows for a nice custom rules design.

    And again if any user wants to find how to make rules I can help.
    In my view is like having 2 interfaces, for the same core, allowing for more flexibility in the end.
     
  10. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    I haven't use TinyWall in the last year, so I am not familiar with what are you saying.

    So, for example , if an application app.exe is using svchost.exe to connect to the internet, and I allow app.exe, that mea

    I am not, indeed.

    However I spent several months with each TinyWall, SimpleWall, and Windows Firewall Control (Binisoft)

    IMHO , using any of these is just a waste of time , with ZERO value added to your PC security approach.

    But again, this is my opinion.
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    "mea" What?

    Is it that difficult to proof-read your posts?
     
  12. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    650
    Location:
    Hungary
    Don't mind half of your post missing, I know exactly where you're getting at anyway :D And the answer is, NO, that is a not a problem for even multiple reasons, but most importantly because when an app tries to use an svchost service to get out, such as BITS, svchost isn't running as a child process of that app.

    These tools were never meant to be your security, they were only meant to be part of it. However, as for being firewalls, any of these tools is a definitive improvement over the built-in Windows Firewall, and many people and companies find even the built-in one already adequate enough. If you ask me personally, your primary computer security has to come from the user's behavior, not from any tool. Security software are helpers only that still always assume and require a diligent user.

    Anyway, which security software do you believe in?
     
  13. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    Sorry, in fact i decided to abandon the post , but somehow got posted .
    ..." means the same rule will be created for svchost.exe as being the child app"o_O

    I am using an antivirus (Avira Antivirus Pro) with web shield disabled and Firefox browser with BitDefender trafic light and uBlock origin as add ons.


    I abandoned the firewall solution when I was not able to allow Windows update and to block Adobe Acrobat X to check for updates.

    If I allow svchost.exe TCP out 80 and 443 for windows update, also Adobe Acrobat X will be able to connect and check for updates. So, in fact the firewall did not restrict anything, the same technique can be employed by any malicious or non malicious app.
     
  14. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    636
    Location:
    Island of Woman
    related to the above post: two firewalls and spy shelter, gives 3 firewalls

    you can use: eset firewall (windows firewall based), simplewall (WPF), and spy shelter free allow/deny access to applications

    zero impact on performance or useability whatsoever, malware has to disable all 3 in order to communicate
     
  15. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia
    Exactly my point.
    If no performance impact arrives and no issues are triggered, regarding functionality, why not use such an approach, if security is what the user tries to obtain.

    Have you tried using this firewalls without Avira installed ? Antivirus software may bypass firewall rules sometimes, depending on it s design.Avire is not anyway my first choice, i would say that Windows Defender is better fitted and already preinstaled.
    Simplewall has some minimal loopback control, not enabled by default.
     
    Last edited: Jul 7, 2020
  16. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    650
    Location:
    Hungary
    Malware cannot use the "same technique", because it cannot unblock Windows Update in the firewall to allow svchost. Second, I fail to see how your current and preferred security software solves the same problem. Neither Avira nor the browser plugins provide any firewall functionality, so with your setup it is just like as if you simply allowed the whole of svchost to get out in Simple- or TinyWall. But with these firewall tools you at least have the choice to block Windows Update when you want to. Avira is a nice complement to a firewall (and vice-versa), but it doesn't replace one.
     
    Last edited: Jul 7, 2020
  17. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    Exactly, but without headache of managing a firewall.

    Why would i want to do thato_O? Updates serve a precise purpose (sometime to patch vulnerabilities) , so why would I block Windows Updateo_O?

    As I said before:

    "If you are using Windows , Microsoft will "extract" whatever data they need from your PC, one way or another.
    Any legit software , which is supposed to have access to the internet , will do the same.
    Any serious malware , will be either detected by your antivirus or, if undetected and properly designed, will slip through both firewalls.

    What is left is legit software which you want to block access to the internet and maybe PUP and some other semi-innocent malware for which developers did not put significant effort in their design.

    So, you can easily see the futility of a firewall.
     
  18. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    malwares will not disable the firewall , will just piggy back on allowed app and will communicate over the internet. None of the firewalls will "blink" .
     
  19. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    650
    Location:
    Hungary
    You'd be surprised how many people want to block Windows Updates. I also don't recommend blocking it, but there is a real demand for that feature.

    If you are concerned about malware, then you should pair a firewall with an antivir. Obviously you shouldn't demand comprehensive malware protection from a category of software that was never primarily intended to do that. But even without an antivir, still many malware will be blocked by a well-configured firewall, because not all viruses infect processes but instead start their own executables. Assuming they didn't acquire admin rights yet, but if they did, then antivir is also only going to be 50-50% successful. If antivir were so successfully as you seem to think, there wouldn't be regular malware outbreaks. Also, when freshly infected, modular malware are pretty dumb and rely on downloading external modules before they can get "smart", so a good firewall can help there too. A firewall will also help keep an infection from spreading if you have a local network.

    And last but not least, there are plenty of reasons to have a firewall for reasons other than protection from malware. You are too much concentrated on your own narrow use-case which is why you don't see the advantages.
     
  20. popescu

    popescu Registered Member

    Joined:
    Sep 1, 2018
    Posts:
    259
    Location:
    Canada
    That was my idea to begin with, while on Win 7.
    I had at that time PC Tools Firewall Plus , which I was able to successfully manage :

    • I was able to block Malwarebytes telemetry , just by firewalls pop-ups , nothing else
    • applications which will try to connect thru a child app
    • FQDN addressing
    While having PC tools Firewall I really had the filling that , somehow, I can manage who or what is connecting to internet

    Now, on Win 10 , I tried multiple firewalls ; none of them easy to manage and none of them will offer you satisfaction that you accomplished something. It is like setting a lock on a door, lock which will unlock at random. letting intruders in or out.

    It is better having a firewallo_O Probably yes.
    It is better having a big pillow in front of you while driving? Probably yes.

    Is it worth the effort?
    Probably not,
     
  21. pinkfufu

    pinkfufu Registered Member

    Joined:
    Oct 22, 2016
    Posts:
    18
    Location:
    withheld
    I've installed it on my children's PC. Their user accounts don't have administrative privileges. The problem is that on logging in they're required to enter the Administrator's password, which they don't have. It's a real nuisance entering the password over and over through the day.

    1. Why does SimpleWall require administrative privileges to run after it's been installed by Administrator? (In comparison, ZoneAlarm or Norton Firewall didn't require this.)
    2. Is there a workaround to this?

    Thanks.
     
  22. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    113
    Location:
    Here
    Microsoft offer some non-standard ways to update if windows telemetry is your concern. For instance the Microsoft Update Catalog can be used to download updates and install offline, WSUS offline update can be used on a network, and you can now select to update Windows from other up to date machines on your LAN. I've not tried but in theory you could have an up to date VM, take it offline (LAN only), then update the host without the host connecting to Microsoft servers at all. VM rollbacks can be used to erase any trace that the host was updated from the VM.

    Outgoing DNS can be limited to your DNS server of choice, time sync can be limited to a time server of your choice.

    That's a question for you to answer obviously, but given your posts here I'd agree with you that it's probably not worth it in your case.

    If the software requires the internet to function, like steam, then you can still block it but it's unusable, so why install it at all? If the software can be used offline but attempts to get an internet connection anyway, for example to search for updates, then you can block it.

    Regarding software that uses svchost to upload/download files. In my limited testing Windows update only used BITS for background downloads and bandwidth control. I was able to manually search and install updates with BITS disabled on Windows 10. I can't say for certain but it may be worth testing if it's a genuine concern and you still want to update directly from Microsoft.

    If your machine is severely compromised then it's already game over, no software can be trusted and clearly other layers of security have failed you. This is why I use an external firewall to drop all traffic unless specifically allowed.
    As has been mentioned by ultim however the majority of malware will likely fail as they're often downloaders that go on to retrieve the actual malware.
     
  23. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia

    Is the "Skip UAC..." option in general settings enabled ?
     
  24. apcs

    apcs Registered Member

    Joined:
    Sep 11, 2019
    Posts:
    3
    Location:
    usa
    @ Sm3K3R: hi, can you or anyone please explain the function of the Rule highlighted in attached screenshot?
    thanking you in advance, stay safe, apcs.
     

    Attached Files:

  25. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    I regularly image my computer & retain images several weeks. Ergo, I am 99.99% unconcerned about any malware except a keylogger. Of course, a keylogger is only dangerous if it is able to call home.

    Ergo, I use an antivir (SecureAPlus) so as to (hopefully) prevent a keylogger from getting on board in the first place. However, if my antivir lets a keylogger slip past, there is a high possibility that my firewall will block its attempts to call home. If anything nasty gets past those 2, then there's my clean-up batter -- OSArmor (a behavior blocker on steroids).

    IMO, talking about the security value of a firewall in isolation from one's overall security is like talking about an automobile's air filter as though it were solely responsible for maintaining the vehicle in good running condition. I have 2 firewalls: 1 in my router plus a software FW. I think it's very unwise to omit a FW brick in anyone's OVERALL wall of security.
     
    Last edited: Jul 8, 2020
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.