Using third party firewall instead of Windows Firewall

Discussion in 'other firewalls' started by Melita, Nov 21, 2020.

  1. Melita

    Melita Registered Member

    Joined:
    Nov 20, 2014
    Posts:
    138
    Location:
    Spain
    I am not familiar with this subject. Do members her use third party firewalls instead of the Windows native firewall? Do they give more protection than the Windows firewall? You opinions and information will be most appreciated.

    Thank you
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,504
    Location:
    Romania
    You are in other firewalls section of the forum. Obviously, since there is a dedicated topic for almost any 3rd party firewall, people are using other firewalls too. I think these days, most firewalls are using Windows Filtering Platform for filtering purposes. Windows Firewall is also a firewall based on WFP. If you didn't need a firewall until now, you can continue with Windows Firewall.
     
  3. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,119
    Location:
    Hawaii
    As you probably know, Windows has its own built-in FireWall (FW). It is a good FW but it is difficult to configure. Therefore, many Wilders members use a "front end" application. A front-end application lets the user easily configure the Windows FW. There are several excellent front-end apps that are being discussed here at Wilders. Examples are: TinyWall and SimpleWall.

    Some Wilders folks prefer to use a 3rd party, self-sufficient FW instead of using the Windows FW. Examples of 3rd party FW are: Comodo and Evorim.

    As to your question, "Do they give more protection than the Windows firewall?" --
    • Front-end apps are very user-friendly. They help the user to easily configure the Windows FW. So, YES -- they do give more protection than the Windows FW alone.
    • 3rd party firewalls are a good bit more complicated to configure than front-end apps. If carefully configured by the user, the Comodo FW can be far more powerful than a front-end-plus-WindowsFW. For example, the ComodoFW has a built-in sandbox that can be used to safely do a check-run of apps without exposing the user's computer to infection or BSODs. WindowsFW has no such capability. In answer to your question: YES for Comodo FW, and "I don't know" for all other 3rd party FWs.
    I recommend you to take a close look at using Tiny Wall because: (a) it has a very active support thread here at Wilders, and (b) TinyWall's developer participates very often in that thread.
    OR
    If you decide to give Comodo FW a trial, I recommend you check out CruelSister's EXCELLENT configuration guidance at HERE.
     
  4. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    487
    Location:
    USA
    Windows' Firewall, now known as Microsoft Defender Firewall, has excellent stateful protection. As well, Windows has its own Network Inspection Service (NIS): Microsoft Network Realtime Inspection, ServiceWdNisSvc as nissrv.exe. There's more going on under the Defender hood, beyond the scope of this discussion...

    But you need at least one of many third party GUI utilities to make life easy .

    I prefer GlassWire, if you can afford it. Poke around on the web site and in a few minutes a 20% discount offer should pop up if you haven't hardened the heck out of your browser. glasswire dot com

    Its primary abilities are a one-click block (and un-block) for internet facing executables, e.g. Firefox's pingsender.exe or Windows Runtime Broker, runtimebroker.exe or USO Core Worker Process, usocoreworker.exe. The others are Ask To Connect and First Network Activity where you get alerts to make appropriate decsions.

    Rules are built in the Defender Firewall, each as a numbered {Glasswire.app.in_XXX} and/or app.out_ without disturbing the native rules.

    Toggle GlassWire off in its GUI and just its rules will be disabled which comes in handy when troubleshooting. And doing Windows Updates so the likes of my runtimebroker.exe and usocoreworker.exe blocks don't bork things up.

    It's got some superb monitoring and logging capabilities and a bunch of NGFW (next gen firewall) features.
    https://www.wilderssecurity.com/posts/2804423/

    Cheers.
     
    Last edited: Nov 21, 2020
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,096
    Location:
    Canada
    The Comodo Firewall is made up of two components: A firewall and a HIPS. Focusing first on the firewall component, it has issues.

    1. It does not handle IPv6 rules properly and configuring it to IPv6 rules is difficult at best
    2. It does not handle some ICMP rules properly either; it reports an attempt at a specific ICMP type for a specific application, but there is no way to configure a rule for it. For example: Multicast Listener Discovery
    3. The "Enable anti-ARP spoofing" option does not work; it breaks the network connection
    Other than those issues, it works fine at application control and global rules. It can be configured with customized Network zones and Port sets which can be globally applied to any selected applications you wish to utilize them on. This reduces the need for repeat port and IP assigments on a per rule basis for the individual applications you want to restrict.

    The HIPS component is excellent, especially best in "Safe mode" with auto-containment enabled, and as @bellgamin mentions, Cruel Sisters guide is first-rate. "Paranoid mode" is incredibly strong, but I don't recommend using it, as it does not recognize wildcards for primary application rule path. Windows 10 has too many commonly used applications that need wildcards in their path names to reduce unnecessary application name management. Also if you are not careful, you can cripple your O/S. I did so once, which my image backup program bailed me out on.
     
  6. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,119
    Location:
    Hawaii
    Glasswire is a superb FW!

    Licenses to use Glasswire's 3 FW versions cost $40, $70, $100, respectively. Even with their coupon, the prices for Glasswire's 3 versions are $29, $50, $75 respectively. As far as I could discern from Glasswire's rather legalistic EULA, the license is "lifetime."

    Confucius say, "Why buy a cow, when milk is so cheap?" Hence, I made sure that all 4 FWs in post #3 above are free and offer excellent FW-type protection.
     
  7. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    487
    Location:
    USA
    Um, in the context of this thread, how about something that makes sense. Surt say, "Why buy milk when water is free?"

    So, the discount GlassWire Basic is 7.9¢ a day. Pretty darn close to free for a nice tall cool glass o' milk from contented cows. In full agreement, Confucius say, "Water is wet."

    Pro is 6.8¢ or 4.6¢ a day across two or three devices, very affordable for a family (or modest SOHO). For anyone with a 5 to 10 PC setup to maintain, the Elite price is a drop in the bucket... of milk.

    I believe the license is an activation and version update subscription, then lifetime to use whatever version one has when the subscription expires. And renewable/upgradeable anytime thereafter.

    This isn't the first or second or third or maybe fourth time you've stuffed an irrelevant post into a GlassWire discussion carping about the bargain price points of world class software. Obama say, "Cut it out."

    All that said, what would your mandatory donation to a developer of one of the "all 4 FWs in post #3 above" be? $10? ~comment removed~ OK. $20. Wow, GlassWire is only nine smackers more!

    (None of this is in any way meant to dismiss those for which free software is the only choice.)
     
    Last edited by a moderator: Nov 22, 2020
  8. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,119
    Location:
    Hawaii
    @Surt -- I was being flippant. No offense intended. Glasswire (GW) is superb. There is a very thorough review of it HERE. GW is much more than just a firewall (FW). In fact, if one elects NOT to buy one of the premium versions after GW's trial period is completed, GW can still be used -- for free -- except that its FW capabilities will cease to function.

    Another broad-spectrum FW to take a look at is Sphinx, listed HERE. It works on Windows 7, 8, 8.1, & 10. Sphinx has several versions, both free and non-free, as compared HERE. Each version includes a built-in, very detailed Help file. Sphinx's non-free versions are priced at $15, $39, & $40. There are also pricier options for very large networks. One of Wilder's advanced members, @Brummelchen , is a strong advocate of this FW.
     
    Last edited: Nov 22, 2020
  9. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,735
    I wonder why so many people drool over what is no more than a basic configuration, and a flawed one too.
    @Melita if you're behind a router the Windows FW is fine.
     
  10. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,119
    Location:
    Hawaii
    Hmm... according to PC Magazine's article HERE, Glasswire's paid versions must be renewed annually.
     
  11. Deletedmessiah

    Deletedmessiah Registered Member

    Joined:
    Feb 20, 2018
    Posts:
    130
    Location:
    Outer space
    Some user mentioned on Malwaretips that you can get lifetime license of Glasswire on Steam for 50€.
     
  12. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    466
    Am considering installing Comodo Firewall and have read only good reviews about CS settings, both on this forum and on Malware Tips. Could you expand on your statement "a flawed one"? What makes it so, in your opinion?
    Thanks
     
  13. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,735
    Under Firewall the setting do not show popup alerts is chosen followed by block requests. What if a legit program is blocked? You won't even have the chance to whitelist it. Better to have explicit alerts, which will be very few anyway. Comodo is supposed to be verbose.
    Also, under auto-containement, the restriction level is set to restricted. If the idea is to harden the sandbox I find the level untrusted the better option.
     
  14. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,096
    Location:
    Canada
    Agreed.

    True, but I have several Auto-containment rules set up in specific order so that one might trigger before the other. Granularity can be achieved this way so that folders especially targeted by malware attacks will, for example, contain the attack from internet or external media sources, File rating: Unrecognized, 3 days or less old.
     
  15. Melita

    Melita Registered Member

    Joined:
    Nov 20, 2014
    Posts:
    138
    Location:
    Spain
    Thank you for all the support:)

    I read through the long thread of SimpleWall It does not appear to be a front end application because it wants the Windows FW to be turned off. So I guess I am left with TinyWall. Comodo looks quite daunting for me when it comes to customizing and setting it up. Also I am not knowledgeable enough to deal with various running processes. I can hardly identify them for what they are :confused:
     
  16. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    466
    Thank you, this makes sense to me
     
  17. Melita

    Melita Registered Member

    Joined:
    Nov 20, 2014
    Posts:
    138
    Location:
    Spain
    Thank you for all the support :)

    Many thanks for your helpful post. I read through the long thread of SimpleWall. It does not appear to be a front end application because it wants the Windows FW to be turned off. So I guess I am left with TinyWall. Comodo looks quite daunting for me when it comes to customizing and setting it up. Also I am not knowledgeable enough to deal with various running processes. I can hardly identify them for what they are :confused:
     
  18. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    5,084
    Location:
    .
    TW isn't a front-end application either. WFC is.

    TW was a front-end for Windows Firewall. Now it directly interfaces with WFP. This a quote from the dev:
     
    Last edited: Nov 23, 2020
  19. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,119
    Location:
    Hawaii
    Both SimpleWall and Windows Firewall are built upon exactly the same foundation. That foundation is the Windows Filtering Platform (WFP).

    WFP is a set of system services & Application Programming Interfaces (API) that are included as an integral part of the Windows Operating System. WFP allows access to Transmission Control Protocol/Internet Protocol (TCP/ IP) packets as they are being processed by Windows. WFP is the "engine" that implements packet-filtering logic.

    Windows Firewall (WFW) is a "manager" or front end for WFP. So is Simplewall. Thus, it is advisable (NOT essential) to disable the WFW front-end because:
    • Any app can create its own rules in WFW, which is not safe.
    • The operating system gives WFW's rules high priority so that they are processed BEFORE any other firewall's rules.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    By the way, yet another good "front end" firewall is Windows Firewall Control by Binisoft. See HERE and HERE.
     
  20. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    711
    Location:
    Milan, Italia
    Simplewall and TinyWall are not "front ends", but standalone firewalls that use WFP but not Windows Firewall. Like Glasswire, Malwarebytes/Binsoft's Windows Firewall Control is indeed a front-end for Windows Firewall, as were earlier versions of TinyWall.

    @Melita as @Joxx has suggested, Windows Firewall is fine for most folks.
     
    Last edited: Nov 24, 2020
  21. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,119
    Location:
    Hawaii
    Allow me to nit-pick -- SimpleWall & TinyWall are "front ends" for WFP. So is Windows Firewall.

    As to the effectiveness of Windows Firewall (WFW), I totally agree. As to ease of use, however -- not so much (see HERE and HERE, for instance). Further, ANY app can readily change WFW's rules, correct?
     
    Last edited: Nov 24, 2020
  22. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,677
    Location:
    Paris
    It's important to remember that it is childsplay for a malicious process to either totally disable WDFW or to edit it (actually malware will have an easier time making Rules for it than the actual user would).
     
  23. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,772
    Location:
    New Mexico, USA
    Quick question, that is fairly irrelevant. It just occurred to me that I haven't passworded Comodo Firewall. Is it advisable, or is the whole minute it takes necessary? In other words, would it be just another password to have to remember?
     
  24. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,677
    Location:
    Paris
    Hi Chuck! Unless someone (or something) with malicious intent potentially could have access to your system utilizing a password to protect Comodo isn't needed.

    On the other hand, if you have evil friends...
     
  25. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,772
    Location:
    New Mexico, USA
    Thank you. Nope, most of my friends know less about computers and software than me.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.