Windows or 3rd Party Firewall with WSA?

Discussion in 'Prevx Releases' started by mhl6493, Apr 28, 2013.

Thread Status:
Not open for further replies.
  1. mhl6493

    mhl6493 Registered Member

    Joined:
    Apr 20, 2010
    Posts:
    230
    Location:
    Tennessee
    I'm sure this has probably been asked before, but which is better to run with WSA Antivirus -- Windows native firewall, or a 3rd party firewall? I'd be potentially running it on computers with Vista and Windows 8. Techfox and PrevxHelp, I'd especially be interested in hearing from you on this -- and anyone else, of course. Thanks!
     
  2. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    Windows own firewall is sufficient as an inbound firewall, and WSA works along with this very well. WSA's firewall is not a bi-directional firewall, but it can monitor outbound connections, and more besides.

    You might be interested in this excellent post by Techfox1976 on the subject of firewalls: https://www.wilderssecurity.com/showpost.php?p=2219994
     
  3. mhl6493

    mhl6493 Registered Member

    Joined:
    Apr 20, 2010
    Posts:
    230
    Location:
    Tennessee
    Thanks, Tony. Do you think the Vista firewall would also be sufficient?
     
  4. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    Yes, WSA will work alongside the Windows Vista firewall with no problems.
     
  5. mhl6493

    mhl6493 Registered Member

    Joined:
    Apr 20, 2010
    Posts:
    230
    Location:
    Tennessee
    Thanks again. And thanks for sharing the link. Every time I read what Techfox1976 writes, I learn something.
     
  6. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
  7. mhl6493

    mhl6493 Registered Member

    Joined:
    Apr 20, 2010
    Posts:
    230
    Location:
    Tennessee
    Thanks, Triple Helix. My main concern was whether nor not the Vista Firewall was sufficient. I had heard that Windows 8 was much better, but that Vista still left a lot to be desired. Just wondered whether I should use it or something else instead. Thanks again!
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Vista's firewall is perfectly fine - Windows 7/8 primarily just expose more functionality for the user but they have similar underlying functionality and do the full job of inbound protection.
     
  9. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    XP's original firewall was horrid. Even the firewall had vulnerabilities.
    Vista improved on it substantially and finally removed the vulnerabilities.
    With Service Packs, Vista and XP both, shockingly enough, have reasonable firewalls.
    Windows 7 exposes more control to the user and to programs.
    Windows 8 exposes yet even more control to the user and a lot less to programs.

    The only reason I would advocate a different firewall is in the event you have very specific and non-standard network needs that most users do not and an underlying knowledge of TCP/IP, routing, IP packet types, etc. If you don't know this stuff, then you probably don't have a need for extra-fancy packet filtering.

    In completely unrelated news:
    This Firefox window has 794 tabs open. Intentionally. That is eye-twitch-worthy.
     
  10. mhl6493

    mhl6493 Registered Member

    Joined:
    Apr 20, 2010
    Posts:
    230
    Location:
    Tennessee
    Thanks. Since both my needs and knowledge are pretty basic, I'll just stick with Vista. 794, huh? Gotta be some type of record... :D
     
  11. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    While talking about firewalls.

    WSA's built-in firewall for Windows 8 clients... what setting is it at? Block outbound connections for application when infection is present? OR Block all untrusted applications from making outbound connections?

    As I've noticed, WSA does not offer nearly as much granularity for Windows 8 as it does for Windows 7.
     
  12. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The first.
     
  13. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Hello,

    Are there plans to add the granularity of the firewall control back to Windows 8? I really miss it :'( ...
     
  14. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Thanks for clarifying!


    It's been said before that Windows 8 does not allow the granularity any longer by design in WSA.
     
  15. mhl6493

    mhl6493 Registered Member

    Joined:
    Apr 20, 2010
    Posts:
    230
    Location:
    Tennessee
    I remember reading that here as well. My question is, from my limited knowledge, does the lack of granularity with Windows 8 in any way reduce the level of security it provides? Or do the other security advancements in Windows 8 off-set what is lost in this area?
     
  16. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Hello,

    I totally understand that as my question was not whether that granularity was allowed or not because I already knew that. In the beginning when Win 8 was introduced, WRSA had that granularity but it did not work properly, so it was removed. I was hoping at that time the issues would be addressed and that granularity would return. The firewall that WRSA offers at this moment for Win 8 is very limited. Even its very limited monitoring function does not work very well. I look at the main GUI and am told the firewall is monitoring 20 processes with 83 active connections. Now I go to PC security > Firewall > View Network Applications, and only 12 processes are listed. Somewhere in this, 8 processes are not being displayed. IMHO this can not even be truly called a firewall. You can not even view all the connections that you have.

    I was truly expecting Webroot to fix these problems with Win 8 and return the firewall functionality and granularity to WRSA for Win 8 that it offers in the other Windows OS's. The way it is now as far as to the user, IMHO it is useless. It is totally transparent and can not even display all active connections properly thus giving the user no real functionality in monitoring his system or in knowing what connections are being made or active.

    Hence my previous post did not ask the question as to whether the functionality or granularity was allowed or not, but my questions was simply this: Are there any plans on making the firewall functional and granular in Win 8 as all other windows OS's. Other firewalls do it, so why can not Webroot fix this in Win 8? It has been quite a few months now (about 6, half a year), and I for one have expected Webroot to improve their firewall for Win 8 by now. Every vendor I can think of has got their firewall functioning now in Win 8 except Webroot.
     
  17. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I think you're making a problem where there isn't one: the count of processes can be 20 or 50 and only 12 will show if that is the number of unique processes. My guess is it is svchost.exe or a browser which has multiple duplicate processes: WSA's firewall merges them together. You can view the active connections by clicking on one of the items in the list.
     
  18. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Hello Joe,

    Thanks for that answer as it is appreciated. I can understand that. That was just an example (based on a misconception on my part) but still leaves my original question unanswered. I originally purchased a multi year license partially on the ability of the firewall to be granular as to allow and blocks, remembering theses decisions, and to block/deny/kill active connections or processes. I of course had this functionality until Windows 8 was released which has been about six months now. The time has now come t decide whether to renew WRSA or not. I am just trying to make an informed decision as to whether I am going to stay with Webroot or move on. I would of course rather stick with it as I do like it, but I do not want to end up installing another firewall to get the functionality I want. If for some reason you cannot answer my question as to if there are any plans to bring more functionality and control to the Win 8 version of the WRSA firewall is fine. It is simple as I will just seek a product that gives me what I want. I am sorry if you think I am making a problem where there is none. Many may not want that extra functionality but I do. I am just giving you a chance to keep me around as a customer before I just go off and purchase another solution by asking this question. I like Webroot but the functionality on my system has changed since I made the decision to purchase it. If it does not now give me the functionality I want and no plans are in the works to bring it back, then why should I renew? I just want to make an informed decision based on whatever info you can provide. I have asked the question before with no definitive answer but now is the time to decide to renew or move on to a different alternative. If I am going to spend the extra money on a suite that includes a firewall, I do want some control over it, but the way it is now I have none. I cannot afford extra money to be spent to get another product to use along WRSA to have the control that I want. I appreciate all the work you put in here along with the excellent support you provide, and for that you have my respect. Thank you as the first thing I would miss is the fantastic customer service you give to the WRSA users here at Wilders. I often find myself wondering how you have or find to be able to do it.
     
  19. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We've considered adding the additional control into the WSA UI, but it is vastly underused and a feature which many users have been confused by. We're working on a general simplification of WSA so I don't expect to have this in place moving forward, simply because there is so little demand for it and very little added value: WSA will automatically terminate malicious connections and malicious processes, so there really is no need to use the connection management feature when using WSA on Win8 - users manually doing this is an extremely rare case and something which can be accomplished with the in-built Windows 8 OS firewall, so we have little that we can do to actually add value to the user without creating bloat.

    Because of how the Windows Filtering Platform works on Windows 8, any third party firewall is going to be just calling the same OS APIs that you can access via the OS's own UI, as it is mandated by Microsoft to use their filters to actually perform any blocking, so while you may be able to see the options within another product's UI, it's really just a usability layer over what you already have in your OS.
     
  20. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Thanks a lot Joe.
    I appreciate the help :thumb: ...
     
  21. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    But it would be nice to have the choice to either:

    Block all unknown (not classified as good or bad by Cloud) application form making outbound connections.

    This would make all undetected keyloggers unable to communicate with malicious IPs. I would like WSA to do this for me, not configure the built-in Win 8 firewall myself. :)

    OR

    Block all connections from known malicious applications.

    This is default right now. "U"-marked processes can send data to unknown hosts until classified as malicious in cloud.
     
  22. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    True, except that they can't steal your information to send out because of the Identity Shield.
     
  23. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    I completely understand that. I fully trust ID Shield's capabilities. But Identity Shield does not cover, for instance, financial documents (located in C:\Documents) malware might steal from me and transfer to a remote host. A rule in Firewall which blocks 'U'-processes from accessing the web would cover that threat.

    Correct me if I'm wrong here, please. :)
     
  24. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes, you're correct with that use-case - depending on how much new software you use, you may be better off just entering into a whitelist-only mode if you are concerned about files being copied off as there are numerous ways around any firewall to send files outbound.
     
  25. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    That's a good advice. I did not actually think of the whitelist mode feature. :)
     
Thread Status:
Not open for further replies.