Windows firewall misconception

Discussion in 'other firewalls' started by pandlouk, Jun 6, 2010.

Thread Status:
Not open for further replies.
  1. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,551
    One of the biggest misconceptions about windows firewall is that most think that its outbound protection is turned off by default.

    This is not true, windows outbound protection is always on, it is simple in "default allow mode" and since it does not have any block rules allows everything out.

    If you want to only block some specific applications to connect in internet simple create block rules for them and windows firewall will restrict them according to you rules.

    ps.Example of how I personally use it:
    I take advantage of the zones.
    -Public zone is set in default block outbound with some specific allow rules enabled only to the public zone. (For when I am connecting in public Wi-Fi’s).
    -Private zone is set in default allow outbound mode with some specific block rules enabled only to the private zone. (For when I am connecting in home and trusted networks).
    -And of course some non program but protocol specific block rules are enabled in all zones.

    Panagiotis
     
  2. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    836
    Location:
    Québec, Canada
    Which version of the Windows Firewall are you talking about?
    I'm on XP Pro SP3.
    Does it apply?
     
  3. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    He's referring to the Vista/Windows 7 firewall.
     
  4. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    @pandlouk :
    Although you are absolutely right I had no idea about the existance of such misconception. I thought it was simple, clear and known :
    - Windows XP only inbound protection
    - Windows Vista/7 inbound and outbound protection.
     
  5. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,551
    I thought so too, but there are so many articles/forum threads/blogs in internet about how to enable "Windows Firewall Outbound Protection".

    A friend of mine for blocking a handfull of applications spend 3 hours reconfiguring the firewall when he could have done it in 2-3 minutes.:p

    Panagiotis
     
  6. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,551
    As Espresso said I am reffering to Vista/2008/7 firewalls.

    XP firewall offers no means to block outbound connections.

    Panagiotis
     
  7. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Good news :D :doubt:
     
  8. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    What is the value of using semantics as in "outbound protection is always on" if this means a "default allow everything out unless you create outbound rules specifically yourself" mode.

    It's as usefull as having a "door is locked" sign on a door lock where it really means; "Well, actually it's open and only locked if you insert and turn the key now".

    A normal "outbound protection is on" default mode would mean "block all outbound except where outbound rules have been made".

    The mere fact that such an implementation would freak out the majority of Windows users doesn't mean it's ok to make up one's own semantics.
     
    Last edited: Jun 7, 2010
  9. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,551
    It means that the outbound protection/layer/module (or whatever feats you best) of the firewall is activated and is not inactive/disabled.

    Actually it is as usefull as having a "this door has a lock" where it really means; "It's up to you to how to use the key and how much you want to fortify it".

    Actually you are wrong. The first generation (packet filters) firewalls where the exact opposite. "Block only the bad connections and allow everything else".
    Normal for those was the opposite. And since the majority of the windows users have the default firewall configuration this is the normal (more common) configuration in the windows world.

    Because it freaks you, it does not mean that it will freak out the majority of the windows users; and if you do not like the expression I used you can simple ignore it. ;) :)

    Panagiotis
     
    Last edited: Jun 7, 2010
  10. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Hi Panagiotis:

    Thanks for your interesting post.

    Is there any chance you could post some images of your rules for the 3 classifications you mentioned?

    You could consider a learning thread for Windows 7 Firewall the value would be huge!
     
  11. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,917
    Location:
    U.S.A.
  12. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,551
    You are welcome Escalader.

    Actually is nothing that special. Since you are an Outpost user just transfer Outposts block rules "Network rules", "Low level" and "Attack Detection" in the windows firewall.

    And when you are connecting in a very hostile network, change the incoming policy to "block all incoming", disable the "unicast response" and maybe combine it with the open source ARP-AntiSpoofer.

    As JRViejo wrote, Stems tuttorial applies here too and remaking it adds no value. Just pay attention at the profiles domain/private/public boxes when making the specific rules.

    Panagiotis
     
    Last edited: Jun 7, 2010
  13. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Just to clear this up, I didn't mean your way of describing a default.
    I meant Microsoft's choice in words.

    And you're right about old school packet filters firewalls.
    The didn't come with a sort of Defense+ paranoid block everything mode/default/setting/whatever.
     
Loading...
Thread Status:
Not open for further replies.