Windows Firewall API

Discussion in 'other firewalls' started by guest, Jan 25, 2010.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    Hi

    I am really looking into the windows firewall because it is simple, light and does what I want...


    The only problems I have with it are these 2:

    1: There is an API to control the firewall settings... So even if you block everything but exception in the outgoing rules, an app could use the API to make a rule and allow itself... Doesn't it just break any security aspects of the outgoing firewall??

    Also, I can't find a way to log blocked outgoing connections... is there a way??

    What do you think about this?

    Thanks

    Alex
     
  2. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    WFP is only one part of several to protect windows against intrusion.

    And there is more than one interface for WFP:
    https://www.wilderssecurity.com/showthread.php?t=255224

    My favorite these times is malware defender - its a HIPS based programm
    which also allow/controls access to important system parts.
    To set the WFP for intrusion it hast to pass the MD hips - however.
     
  3. guest

    guest Guest

    Well, I only want to think about the firewall... I will think about the other components later...

    Thanks

    Alex
     
  4. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    wrong way - but your way - luck...
     
  5. guest

    guest Guest

    Well, I just don't like HIPS and my question was about the windows firewall...

    This is not the only way I protect my computers.

    On my computer I will do the following:

    -Do all the updates (of course)
    -Microsoft Security Essentials
    -M0n0wall-based firewall
    -Disable any windows feature I don't use
    -Disable autorun
    -Look 'n Stop as my firewall
    -Firefox with Noscript, adblock and no plugins or ad-ons like flash. But I only use scripting on my banking website.
    -Only use a standard user account, never admin
    -NX bit support set to AlwaysON
    -Use of 64 bit vista or seven (so, patchguard and signed-only drivers)

    I probably forgot something there...

    But, the only way something could get on my machine is by using firefox... And since I am always updated, I only go to legitimate and legal websites, and most of all, I don't use any plugin or extension and browse without javascript, I guess the risks are sort of small ;)

    On my friends machines I do the same, but I use Nod32 instead if they want to pay for an AV. But since I have no control of what they will install and do on the web, they sometimes can get infected... But it dosen't happend very often since I also explain the risks and what not to do...

    Alex
     
  6. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    On top of that, there are APIs that will disable (or enable) Windows firewall altogether.

    It does, but Windows firewall is implemented as NDIS. In order to do use APIs, an app must run with admin privileges, which in itself breaks the whole security aspect.

    That's what I'm saying.

    Cheers,
     
  7. guest

    guest Guest

    the windows firewall is using a NDIS drivero_O I thought it was only using the new WFP...

    Of course I think about the new vista and 7 firewall... not the xp one...
     
  8. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Certainly. Seems I'm still thinking XP. My bad.
     
Loading...
Thread Status:
Not open for further replies.