Avast Free Firewall vs Windows 10/11 Firewall
- Thread starter Nunzio_77
- Start date
- Apr 21, 2016
- 3,508
HI! Both firewalls offer good protection. However, Avast Free Firewall can provide advanced features such as application control, which may not be available in Windows firewall. However, for an average user, both should provide an adequate level of security. Always remember to keep your software updated for the best protection.
- Mar 2, 2023
- 812
I'm not sure which one is more powerful, but which one is easier to navigate, to add rules to, is laid out in a more user friendly way etc?
Windows firewall allows outbound traffic by default, Avast Firewall in smart mode checks whether the program going outbound is on a blacklists. When it is malicious it will block it going outbound. Also AVAST rules creator is a somewhat easier than MIcrosoft's Defender.
- Dec 3, 2023
- 11
Therefore, if the malware sends data to an IP, the connection to this IP will be blocked while the malware is eliminated. So is it more protection than an AV that relies on Windows Firewall?
Last edited by a moderator:
- Mar 2, 2023
- 812
English speaking forum, no? 
Therefore, if the malware sends data to an IP, the connection to this IP will be blocked while the malware is eliminated. So is it more protection than an AV that relies on Windows Firewall?
- Feb 7, 2023
- 1,745
I have no evidence that Avast firewall is in any way better than Defender Firewall, however, Avast Web Shield will quickly terminate all connections to malicious domains, as of last year Domain Generation Algorithm is also covered.
This can greatly complement any firewall solution.
As well as programmes, before being allowed as @LennyFox mentioned, are being checked for safety against Avast’s extensive list.
This can greatly complement any firewall solution.
As well as programmes, before being allowed as @LennyFox mentioned, are being checked for safety against Avast’s extensive list.
I am not a firewall expert, but what I have been told that even the experts have different opinions on the practical benefits of an outbound firewall in a home user environment.
What I understand is that the balance between flexibility and security is a moving pendalum. For flexibility reasons Windows has Dynamic Load Libraries which can be called (and even injected) into processes at run time. This flexibility mechanism has numeroeus security downsides. Malware could inject a DLL into a legitemate program and fool the firewall (because the firewall had an allow rule for that legitemate program).
A DLL is just an example, ActiveX, Macro's, Javabeans, Javascript executed through Eval are other examples of flexibilty mechanisms which have considerable security downsides. Even tiny bits of flexibility (e.g. metadata containing a few bytes of code in images) have been misused my malware writers in the past. Therefore firewalls have turned into FW+HIPS to prevent misuse of legitemat flexibility mechanisms (setting hooks etc).
Because HIPS are as effective as the response (knowledge) of the user who reads allows or blocks the HIPS-prompt, the 'legitemate versus flexibility grey line boundery' protection moved to behavioral monitoring, machine learning, reputation evaluation with cloud whitelists. Comodo Firewall for example still has a HIPS, but CruelSister advises to disable it and trust the Comodo reputation service and plus sandbox containment to prevent malware touching the real system.
The reason why @Trident posts that he has no evidence that the protection of Avast firewall (which is in theory better), is also more effective in practise is, because there are so many ways malware can go outbound undetected in the piggy bag of a legitemate process.
EDIT: I have ran Avast FW with Defender for a while until an acquintance of mine noticed I was using it and explained that I was better of blocking LoLBins in Windows FW (like @Andy Ful firewall hardening does), than using Avast FW (with a blacklist). The recap above is what she explained me.
What I understand is that the balance between flexibility and security is a moving pendalum. For flexibility reasons Windows has Dynamic Load Libraries which can be called (and even injected) into processes at run time. This flexibility mechanism has numeroeus security downsides. Malware could inject a DLL into a legitemate program and fool the firewall (because the firewall had an allow rule for that legitemate program).
A DLL is just an example, ActiveX, Macro's, Javabeans, Javascript executed through Eval are other examples of flexibilty mechanisms which have considerable security downsides. Even tiny bits of flexibility (e.g. metadata containing a few bytes of code in images) have been misused my malware writers in the past. Therefore firewalls have turned into FW+HIPS to prevent misuse of legitemat flexibility mechanisms (setting hooks etc).
Because HIPS are as effective as the response (knowledge) of the user who reads allows or blocks the HIPS-prompt, the 'legitemate versus flexibility grey line boundery' protection moved to behavioral monitoring, machine learning, reputation evaluation with cloud whitelists. Comodo Firewall for example still has a HIPS, but CruelSister advises to disable it and trust the Comodo reputation service and plus sandbox containment to prevent malware touching the real system.
The reason why @Trident posts that he has no evidence that the protection of Avast firewall (which is in theory better), is also more effective in practise is, because there are so many ways malware can go outbound undetected in the piggy bag of a legitemate process.
EDIT: I have ran Avast FW with Defender for a while until an acquintance of mine noticed I was using it and explained that I was better of blocking LoLBins in Windows FW (like @Andy Ful firewall hardening does), than using Avast FW (with a blacklist). The recap above is what she explained me.
Last edited:
- Feb 7, 2023
- 1,745
Firewall is not solely centred on programmes, for that you have antivirus and it should have already removed the malicious code.
It is more centred around securing the device from external (also blocked by the router) and internal (mostly) network attacks by closing ports, dropping packets and unnecessary connections, and preventing common attack methods.
It is more centred around securing the device from external (also blocked by the router) and internal (mostly) network attacks by closing ports, dropping packets and unnecessary connections, and preventing common attack methods.
Indeed. This is where Avast Web Shield or any other anti-bot solution will come in handy, by blocking dodgy traffic generated by legitimate processes. Avast Web Shield also goes a step further than just blocking traffic, by calling remediation on processes that communicate to malicious C&Cs.
- Jul 14, 2015
- 736
Its easier to use andy's Firewall Hardening tool, load all Lolbins and your safe against payloads and injections... etc.
Last edited:
Practical Response
Level 8
- Mar 10, 2024
- 388
Standard firewalls will not help once a legitimate application or your system has been infected as partially discussed here. At this point you need solutions that can analyze outbound communications for certain patterns,behaviors and reputations, as malware will use well known protocols like FTP, HTTP, HTTPS, and SMTP, to communicate out to the C&C. The solution needs to be capable of predetermining attack patterns and have created signatures for these. Such methods to help determine malicious from legitimate traffic from legitimate applications. One such method of determination is the reputation of IP addresses being connected to outbound. Traditional firewalls have no way to employ these type of methods, you need advanced solutions with pattern, behavior and reputation based threat detection.
Last edited:
Similar threads
