Discussion in 'other firewalls' started by alexandrud, May 20, 2013.
Well, THAT IS TRUE!
You're right, but I've used enough other firewalls with HIPS or HIPS + firewall combos to know that it's a lot of time and effort to protect against threats that never materialized in the first place.
probe a local NTP server such as one running on your router, and have that allowed via a generic LAN allow rule.
For MS updates I allow svchost access selectively as and when "only" when running windows update, its then disallowed again right after.
When do you have time to do all these ?
Microsoft will get all necessary info's about your PC in order to deliver updates, so , whatever you are doing is a futile exercise.
Updates can be installed offline in a number of ways.. Search "windows 10 updates offline" on google. As mentioned, you can pick any NTP server in the world and create specific rules for it, you don't need to use Microsoft's.
The most pointless of arguments and I'm not sure why you keep bringing it up. We get it, you don't have the time... how is that relevant to people who do?
It is relevant because a PC is a tool which allows you to do certain tasks , including enjoying the internet.
If you spend considerable amount of time "babysitting" the tool , the whole enjoyment is gone.
Imagine that , instead of driving your car , you are permanently under the hood adjusting /repairing/tuning up....
Your ideas of how a computer should be used are irrelevant to the discussion of whether something is possible or not. It's like me arguing that the 4 minute mile is impossible because it's too much effort for me to do it.
I don't care if you don't have the time or don't feel it is a good use of time.. I care if it's possible.. and it is possible to prevent Win 10 telemetry. So if you must argue about it, move away from the time involved and focus on why you think it technically can't be done.
German Data Protection Agency: Windows 10 1909 Enterprise Telemetry can be fully disabled - said one good german expert.
The agency discovered that it is possible to deactivate the sending of Telemetry data on Windows 10 version 1909 Enterprise (and Education).
The test results need to be verified in real-world scenarios according to the agency.
The agency notes that the situation is different for Windows 10 Pro (and Home) systems as data collecting cannot be disabled completely in those editions of Windows 10.
I dont do it all for privacy but also at the risk of compromised use of svchost.
Its hardly difficult anyway, I just enable the rule just before checking and downloading updates, then disable again after.
I do not "check for updates", this is done automatically in Win10.
Not a good practice.
They may have an emergency security update / patch which must be installed immediately, not waiting for me 5-10 days to "manually" check for updates.
...along with another beautiful BSOD Your comments suggest you are a lamer or... Microsoft spy
Thats a matter of opinion, not all of us agree that security is all about 0 day patches. I have seen patches "add" security flaws as well as remove them , and if a patch breaks stuff, then it becomes meaningless at that point.
I will never ever be a supporter of fully automated patches, it should always be an interactive process as far as I am concerned.
The only truly dangerous security issues are drive by's on a desktop computer, and those are quite rare. Most exploits require a degree of stupidity to succeed. I remember the day's where one could install Windows XP, connect it to the internet and within seconds it was compromised simply from sitting idle on the desktop. The days when there was no default firewall and people didnt have nat'd, firewalled routers. Those were proper risks that required immediate patching and is what started my trend of making Windows OS install media which had updates pre applied.
There is a reason enterprises commonly do not 0 day update machines, which is something Microsoft have been fighting as they are trying to get everyone on a rapid development model which is of course totally incompatible with how professionals manage updates. Its why we have the defer option now in windows 10 updates, as well as things like automatically download but not install option, and LTSB variants as well.
Oh yes, the Blaster worm. That one hit me many years ago mere moments after a re-install of XP before I had a NAT router and the built-in firewall wasn't yet enabled by default.
May be "irrelevant" , however I do not see myself (and any of the regular users) going every week through my PC, wife's PC, daughter's PC enabling and disabling rules for svchost , deleting rules created by Windows...in order to just perform Windows updates and to get some hypothetical "privacy"
Has to be a balance between effort and benefits , sanity and insanity...
It seems you either didn't understand my post or chose to ignore it. Especially this bit:
I don't care if you don't have the time or don't feel it is a good use of time.. I care if it's possible.. and it is possible to prevent Win 10 telemetry.
I wasn't arguing that you or anyone else should do it. I was arguing with your assertions that it couldn't be done.
But on the subject of effort involved:
• Almost all of this is 'scriptable' and can be as simple as having a scheduled task or double clicking an icon.
• You need to try to understand and accept that other people may have a different opinion to you on what is 'too much effort' and where a good balance is to be found between security/privacy/ease of use.
where does one 'register to get pop ups'
Windows Firewall Control (WFC) by BiniSoft.org
If you set the profile to Medium Filtering, all programs without an allow rule will be blocked. If you enable the notifications for outbound blocked connections you will be prompted with a notification dialog about the program that was blocked and you can easily continue to block it, allow it, customize the rule before create it, etc. However, the notifications are available only for registered users. To find out how to become a registered user click here
If you bought WFC in the past and have a valid license then probably here. https://www.biniware.com/login
If you don't already have a license then you cannot get one now, you just grab the latest version by Malwarebytes which is free and unrestricted.
What's ta point in providing erroneous / outdated info about WFC
Since acquisition by Malwarebytes , WFC is free , with notifications, and you cannot register anymore.
Actually, most apps shouldn't be performing stuff like code injection, so you won't get lots of alerts in practice. And on my system, only about 15 apps are allowed to connect out, so malware would need to inject code in one of them. So it's pretty obvious whether some app is trying to bypass the firewall or not.
For example, a banking trojan will usually try to inject code into the browser, in order to connect out and perform a MITB attack. It's unlikely that malware will try to inject code into notepad.exe, because it knows that it probably hasn't got any outbound access. In other words, simply pay close attention to certain processes being modified in memory.
I am not talking about a banking trojan which may be detected by your antivirus .I am talking about a legit software which may have an undesirable behaviour, like injecting into another app in order to connect to internet.
This is not a behavior of a legit software.
More and more posts about "this is not" and "that is not"
Point is , Windows firewall , with or without WFC interface CANNOT CONTROL or RESTRICT applications to connect to the internet, if the application was designed to inject into another.
WFC can control simple, legit applications to allow/deny access to internet but this is not an additional layer of protection against malicious items.
popescu — Color me confused by this logic. Seat belts and air bags are not an additional layer of protection against injury because the seatbelts might puncture the airbag? Or, maybe the airbags have been hacked by way of hacking the brake system to hack the airbag? In all seriousness here, I’m trying to understand your logic.
What I was trying to say is that Windows Firewall was strictly design to be part of Windows OS and protect against unsolicited INCOMING connections, while allowing unrestricted OUTGOING connections.
Meanwhile, some developers created nice interfaces (WFC, TinyWall) to "manipulate" this "firewall" and induce the idea in the user's mind that "you are in control".
In reality all these will just create an illusion of security , because Windows firewall is not a firewall in reality and will never be able to restrict a malicious software to connect to internet.
Separate names with a comma.