Serious Discussion Avast Free Firewall vs Windows 10/11 Firewall

Nunzio_77

Level 2
Thread author
Dec 3, 2023
55
Hi, a curiosity, if you can help me, but is the Avast Free firewall at the same security level as the Windows 10 or Windows 11 firewall or is it more powerful? Thank you.
 
Last edited by a moderator:

Bot

AI-powered Bot
Apr 21, 2016
4,315
HI! Both firewalls offer good protection. However, Avast Free Firewall can provide advanced features such as application control, which may not be available in Windows firewall. However, for an average user, both should provide an adequate level of security. Always remember to keep your software updated for the best protection.
 
  • Like
Reactions: Nunzio_77
F

ForgottenSeer 107474

Windows firewall allows outbound traffic by default, Avast Firewall in smart mode checks whether the program going outbound is on a blacklists. When it is malicious it will block it going outbound. Also AVAST rules creator is a somewhat easier than MIcrosoft's Defender.
 

Nunzio_77

Level 2
Thread author
Dec 3, 2023
55
Il firewall di Windows consente il traffico in uscita per impostazione predefinita, Avast Firewall in modalità intelligente controlla se il programma in uscita è presente in una lista nera. Quando è dannoso, ne bloccherà l'uscita. Anche il creatore di regole AVAST è un po' più semplice di Defender di Microsoft.
Therefore, if the malware sends data to an IP, the connection to this IP will be blocked while the malware is eliminated. So is it more protection than an AV that relies on Windows Firewall?
 
Last edited by a moderator:
  • Like
Reactions: Trident

Jonny Quest

Level 21
Verified
Top Poster
Well-known
Mar 2, 2023
1,081
English speaking forum, no? :)

Windows firewall allows outgoing traffic by default, Avast Firewall in intelligent mode checks if the outgoing program is present in a blacklist. When it is harmful, it will block its exit. The AVAST rule creator is also a little simpler than Microsoft's Defender.
Therefore, if the malware sends data to an IP, the connection to this IP will be blocked while the malware is eliminated. So is it more protection than an AV that relies on Windows Firewall?
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,351
I have no evidence that Avast firewall is in any way better than Defender Firewall, however, Avast Web Shield will quickly terminate all connections to malicious domains, as of last year Domain Generation Algorithm is also covered.
This can greatly complement any firewall solution.

As well as programmes, before being allowed as @LennyFox mentioned, are being checked for safety against Avast’s extensive list.
 
F

ForgottenSeer 107474

I am not a firewall expert, but what I have been told that even the experts have different opinions on the practical benefits of an outbound firewall in a home user environment.

What I understand is that the balance between flexibility and security is a moving pendalum. For flexibility reasons Windows has Dynamic Load Libraries which can be called (and even injected) into processes at run time. This flexibility mechanism has numeroeus security downsides. Malware could inject a DLL into a legitemate program and fool the firewall (because the firewall had an allow rule for that legitemate program).

A DLL is just an example, ActiveX, Macro's, Javabeans, Javascript executed through Eval are other examples of flexibilty mechanisms which have considerable security downsides. Even tiny bits of flexibility (e.g. metadata containing a few bytes of code in images) have been misused my malware writers in the past. Therefore firewalls have turned into FW+HIPS to prevent misuse of legitemat flexibility mechanisms (setting hooks etc).

Because HIPS are as effective as the response (knowledge) of the user who reads allows or blocks the HIPS-prompt, the 'legitemate versus flexibility grey line boundery' protection moved to behavioral monitoring, machine learning, reputation evaluation with cloud whitelists. Comodo Firewall for example still has a HIPS, but CruelSister advises to disable it and trust the Comodo reputation service and plus sandbox containment to prevent malware touching the real system.

The reason why @Trident posts that he has no evidence that the protection of Avast firewall (which is in theory better), is also more effective in practise is, because there are so many ways malware can go outbound undetected in the piggy bag of a legitemate process.

EDIT: I have ran Avast FW with Defender for a while until an acquintance of mine noticed I was using it and explained that I was better of blocking LoLBins in Windows FW (like @Andy Ful firewall hardening does), than using Avast FW (with a blacklist). The recap above is what she explained me.
 
Last edited by a moderator:

Nunzio_77

Level 2
Thread author
Dec 3, 2023
55
Sarebbe quindi più efficace concentrarsi su una migliore analisi comportamentale piuttosto che su un firewall con le minacce avanzate di oggi?
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,351
Firewall is not solely centred on programmes, for that you have antivirus and it should have already removed the malicious code.
It is more centred around securing the device from external (also blocked by the router) and internal (mostly) network attacks by closing ports, dropping packets and unnecessary connections, and preventing common attack methods.

there are so many ways malware can go outbound undetected in the piggy bag of a legitemate process
Indeed. This is where Avast Web Shield or any other anti-bot solution will come in handy, by blocking dodgy traffic generated by legitimate processes. Avast Web Shield also goes a step further than just blocking traffic, by calling remediation on processes that communicate to malicious C&Cs.
 
F

ForgottenSeer 109138

Standard firewalls will not help once a legitimate application or your system has been infected as partially discussed here. At this point you need solutions that can analyze outbound communications for certain patterns,behaviors and reputations, as malware will use well known protocols like FTP, HTTP, HTTPS, and SMTP, to communicate out to the C&C. The solution needs to be capable of predetermining attack patterns and have created signatures for these. Such methods to help determine malicious from legitimate traffic from legitimate applications. One such method of determination is the reputation of IP addresses being connected to outbound. Traditional firewalls have no way to employ these type of methods, you need advanced solutions with pattern, behavior and reputation based threat detection.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top