Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,998
    Location:
    Among the gum trees
    Why do Firefox and Chrome silently create inbound rules? I'm far from being an expert but this seems like a potential security risk.
     
  2. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    223
    Location:
    Canada
    Steam is another one, along with the Windows Store. v5.3.1.0 Laughs though.
     
  3. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    305
    Location:
    CSA Consulate, Glos., UK
    Browsers use TCP as the main protocol for network communications, it is directional, so you only need an outgoing rule to connect to an external IP address, this connection allows bidirectional traffic without requiring a second incoming rule. the connection protocol thus already knows who both ends are. https is more secure as it encrypts the traffic.

    However, to convert the text url you type in the address bar, networks use public DNS servers to make the conversion for you. They use UDP as a protocol. It is directionless, connectionless, unencrypted and doesn't maintain the connection link, and thus also requires an incoming rule, as it needs to be told the source is OK. Firefox maintains it's own DNS cache to avoid excessive dns lookups.

    The newer versions of Firefor (I'm not sure about Chrome tho) are experimenting with a more secure form of name resolution that uses a secure https connection, by default not turned on, it's optional. Look up FIREFOX TRR (Trusted recursive resolver) for about:config settings to enable and use it instead. Your other network enabled apps probably use dns over udp via svchost.exe.
     
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,788
    Location:
    Romania
    Read here why. Just remove them and everything should be fine if you don't use those functionalities.
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,998
    Location:
    Among the gum trees
    Thank you, Sir. That makes sense.
     
  6. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    305
    Location:
    CSA Consulate, Glos., UK
    Rather old thread, that - for much older obsolete versions of FF. Current ff release is v.68.
    Blocking localhost (127.0.0.1), which firefox can use for inter-process communications can slow it down a bit for little gain in security.
     
    Last edited: Aug 7, 2019
  7. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    524
    Location:
    sweden
    When, is this program going to be implemented into MBAM?
     
  8. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    223
    Location:
    Canada
    It was never claimed that it would in the first place, just saying somethings doesn't make it true.
     
  9. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,788
    Location:
    Romania
    There wasn't and there is no such plan.
     
  10. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,998
    Location:
    Among the gum trees
    I don't use those features, but I see Chrome recreates those inbound rules after an update.

    If it isn't a security risk I'm OK with leaving the inbound rules intact.
     
  11. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    524
    Location:
    sweden
    What a pity, it should be. It would be very convenient, and, that "package" would be very competitive.
    MBAM would need something like that since they are declining in the testresults.
     
  12. guest

    guest Guest

    Home users are low incomes market, the money is with corporations.
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,788
    Location:
    Romania
    Unfortunately, this is very true.
    Maybe this will change in the future, but until now, there was no such plan.
     
  14. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    223
    Location:
    Canada
    Nobody ones all-in-one do everything programs, that's called bloat for the people who just want the firewall or just the malwarebytes product whatever and are happy with their own firewall. It's better to have things standalone that play nice together like how WFC currently is. Imagine right clicking WFC's folder and instead of a 2MB folder you see 250MB's, and it installs several services and auto-updates constantly, all so you can get a simple frontend for Windows Firewall.
     
  15. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    372
    Location:
    Hungary
    When I planned to include similar telemetry data in TinyWall, I made a public poll about it first, and even though my plans likewise only included non-personal data, users were very much against it. In the end I decided not to do it in TinyWall. Of course due to this, my knowledge about the number of users is less accurate, but because there is no company or commercial interest behind TinyWall, it also doesn't matter that much.
     
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,788
    Location:
    Romania
    The problem is that I was not in charge anymore when this was decided. This was a trade off when I proposed to the new owner to make WFC freeware, otherwise the latest version would have been 5.3.1.0.
     
  17. guest

    guest Guest

    People seems to forgot that companies are businesses, business is to make money, Malwarebytes is business, it isn't charity, and they bought WFC not to give it away for free. People don't want to pay with cash, they will pay with their datas.

    If people wanted a free WFC without telemetry, they should have donated more so @alexandrud won't have to sell it.

    Nothing shocking,just business.
     
  18. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    441
    Location:
    Germany
    Well, while there is an opportunity not to pay either for data or for the program :D
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,965
    Location:
    The Netherlands
    It happened again with Brave portable. I ran it inside the sandbox, and I tried to make a rule, but it refuses to give it outbound access.

    https://portapps.io/app/brave-portable/

    Wait a minute, shouldn't this be blocked by WFC?
     
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,998
    Location:
    Among the gum trees
    I would have thought so but apparently not.
     
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,788
    Location:
    Romania
    WFC can block the creation of these unwanted firewall rules if you enable Secure Rules feature. Otherwise it does nothing in this regard. Everything works as expected.
     
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,998
    Location:
    Among the gum trees
    Before I enable Secure Rules, I have a bunch of block rules created by NoVirusThanks SysHardener. Am I correct that these rules will be deleted or disabled after enabling Secure Rules?

    What if I create new Authorised Group called "NoVirusThanks"? Will those rules then be enabled? Thanks.

    Sample attached:
     

    Attached Files:

    Last edited: Aug 12, 2019
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,788
    Location:
    Romania
    If you add this as an authorized group, WFC will not touch these rules. They will remain enabled. If you use Medium Filtering profile (outbound filtering enabled in Windows Firewall) there is no need to have hundreds of block rules because those applications are by default blocked by not having a rule. Less rules is always better.
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,998
    Location:
    Among the gum trees
    Cool. Thank you.
    That does make sense, but I am quite happy to have SysHardener create rules as NVT knows which to block far better than I. Or should I say, NVT knows what not to allow far better than I.
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,998
    Location:
    Among the gum trees
    Did NOT happen!

    Well that didn't go well. Adding "NoVirusThanks" to the Authorised Group before enabling Secure Rules did NOT keep those rules enabled. Neither did adding "NoVirusThanks SysHardner FW Rules". What's more, restoring my firewall rules and settings did NOT remove the Secure Rules that were added, meaning any new block rules would take precedence over my previous allow rules.

    I could stuff around manually configuring my system but who has time for that nonsense?

    Thankfully I have Macrium Reflect to put my machine back to how it was.

    :thumbd:
     
    Last edited: Aug 12, 2019
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.