Battle Best Firewall for Windows 8.1?

Status
Not open for further replies.

DaZa9

Level 8
Thread author
Verified
Aug 16, 2013
356
I'm going to install Windows 8.1 and will be using Windows Defender
Should I use Windows Firewall? or what I heard that outpost firewall is good?
When you say X is better than D say or you prefer X than D, tell why if its possible

Tell your opinion.
 

Littlebits

Retired Staff
May 3, 2011
3,893
Petrovic said:
Firewall Outbound Attacks Protection Test (July 2013)
Test Results of Firewalls on Standard Settings
elnjxi1qlc.jpg


Test Results of Firewalls on Maximum Settings
75ojm2axvt.jpg


http://www.anti-malware-test.com/firewall_test_outbound_protection_2013

You will have to know how to read these test results in order for them to be helpful to you. This test was conducted on Windows 7 x32 platform, it does not apply to Windows 8.1 or x64-bit platforms which are much different. x64-bit Windows has extra security features to block unsigned drivers which can cause connection leaks.

First, all of the untrusted outbound connections would have been blocked by UAC. In order for a untrusted connection to be successful, the user would have to manually download and execute a malicious file, ignore UAC prompts and ignore Windows run warning when executing files without digital certificates. If you are ignorant to ignore Windows default security features, then these results might mean something to you.

If you always only download files from safe sources, utilize UAC and Windows and Windows run warning when executing files without digital certificates, these results will be completely irrelevant to you.

There is no firewall that will block every type of untrusted connections despite on what some tests will say. That is why you should never depend on a firewall alone. If you use your own knowledge (common sense) and Windows default security features, that will be all you will need to be safe.

Thanks. :D
 
  • Like
Reactions: Cats-4_Owners-2
I

illumination

Littlebits said:
There is no firewall that will block every type of untrusted connections despite on what some tests will say.

Thanks. :D

Im not sure if i totally agree with this.. With Comodo Firewall, i would set it to block "ALL" incoming and would set all "outbound" in custom mode..

Meaning only connections that happen, are the one i specifically create rules for outbound. Nothing would move through that firewall that was not in my custom ruleset, without triggering a warning "popup"..

Combine those rules with a Powerful "HIPS" like in Comodo, and nothing will "slide by", especially if one felt froggy and cranked that hips up to "paranoid"
 
  • Like
Reactions: Cats-4_Owners-2

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Sadly as of last month Win8 had a bit over 8% market share while Win7 was about 46% and growing faster. Also many RATS (eg. DarkComet or any of the Back Orifice clones) run with impunity on either 32 or 64 bit systems, and many are digitally signed.
 

Littlebits

Retired Staff
May 3, 2011
3,893
illumination said:
Littlebits said:
There is no firewall that will block every type of untrusted connections despite on what some tests will say.

Thanks. :D

Im not sure if i totally agree with this.. With Comodo Firewall, i would set it to block "ALL" incoming and would set all "outbound" in custom mode..

Meaning only connections that happen, are the one i specifically create rules for outbound. Nothing would move through that firewall that was not in my custom ruleset, without triggering a warning "popup"..

Combine those rules with a Powerful "HIPS" like in Comodo, and nothing will "slide by", especially if one felt froggy and cranked that hips up to "paranoid"

Comodo and other HIPS products do very well protecting software and software vulnerabilities but can not protect against vulnerabilities in Windows or malicious processes that run at the OS level. Security software only can protect against processes that run at the software level. If the vulnerability is exploited in Windows and the network drivers are compromised at the OS level, Comodo will not even know it happened. Anything that runs at the OS level can easily bypass any security software including advanced HIPS. I'm sorry but Comodo is not as bulletproof as many believe it is. It is much more important to keep Windows updated with the latest patches because OS vulnerabilities can not be protected by security software.

Thanks. :D
 
  • Like
Reactions: Cats-4_Owners-2
I

illumination

Littlebits said:
illumination said:
Littlebits said:
There is no firewall that will block every type of untrusted connections despite on what some tests will say.

Thanks. :D

Im not sure if i totally agree with this.. With Comodo Firewall, i would set it to block "ALL" incoming and would set all "outbound" in custom mode..

Meaning only connections that happen, are the one i specifically create rules for outbound. Nothing would move through that firewall that was not in my custom ruleset, without triggering a warning "popup"..

Combine those rules with a Powerful "HIPS" like in Comodo, and nothing will "slide by", especially if one felt froggy and cranked that hips up to "paranoid"

Comodo and other HIPS products do very well protecting software and software vulnerabilities but can not protect against vulnerabilities in Windows or malicious processes that run at the OS level. Security software only can protect against processes that run at the software level. If the vulnerability is exploited in Windows and the network drivers are compromised at the OS level, Comodo will not even know it happened. Anything that runs at the OS level can easily bypass any security software including advanced HIPS. I'm sorry but Comodo is not as bulletproof as many believe it is. It is much more important to keep Windows updated with the latest patches because OS vulnerabilities can not be protected by security software.

Thanks. :D

I agree that windows OS patches are necessary, and one would conclude this would go without saying. This said, with proper patches in place, Comodo firewall is as close to bullet proof as it gets.. With max settings, one would have a really hard time getting anything through without the firewall knowing so.. I for one, would love to see proof of this, I.E. a video of some sort, showing CIS firewall set to max settings, and seeing if anything can bypass it inbound or out, without setting off an alert..
 
  • Like
Reactions: Cats-4_Owners-2

Amiga500

Level 12
Verified
Jan 27, 2013
661
Upon reading this thread i have come to the conclusion that the main priority is to actually keep the malware out of the system in the first place.

The main function of a firewall is to keep the bad connections out.If something on your system is making non-legit connections then its your antivirus/antimalware program which needs to be addressed rather than the firewall.
 
  • Like
Reactions: Cats-4_Owners-2

WalterWolf

Level 3
Verified
Jan 28, 2013
319
Littlebits said:
illumination said:
Littlebits said:
There is no firewall that will block every type of untrusted connections despite on what some tests will say.

Thanks. :D

Im not sure if i totally agree with this.. With Comodo Firewall, i would set it to block "ALL" incoming and would set all "outbound" in custom mode..

Meaning only connections that happen, are the one i specifically create rules for outbound. Nothing would move through that firewall that was not in my custom ruleset, without triggering a warning "popup"..

Combine those rules with a Powerful "HIPS" like in Comodo, and nothing will "slide by", especially if one felt froggy and cranked that hips up to "paranoid"

Comodo and other HIPS products do very well protecting software and software vulnerabilities but can not protect against vulnerabilities in Windows or malicious processes that run at the OS level. Security software only can protect against processes that run at the software level. If the vulnerability is exploited in Windows and the network drivers are compromised at the OS level, Comodo will not even know it happened. Anything that runs at the OS level can easily bypass any security software including advanced HIPS. I'm sorry but Comodo is not as bulletproof as many believe it is. It is much more important to keep Windows updated with the latest patches because OS vulnerabilities can not be protected by security software.

Thanks. :D


What if you use WinPatrol + Registry Protection list for Windows Vista/7 ?


I know that updates are necessary.
 

Chigwells

Level 4
Jan 16, 2012
194
I'm intrigued by this discussion! I always thought a third party firewall was much more robust than Windows own. I have Comodo firewall installed on Windows 7 HP x64 to Chiron's recommendations, but what Littlebits states seems to change everything.

As I understand it, in non-techie speak, a 3rd party fw is kind of sitting on the system, whereas Window's own fw is integrated within. Additionally there is this Advanced Security feature, which I've never heard of before, which appears to strengthen it further (in some way that I don't as yet understand :()

I'm really considering towards a change. Littlebits, you're using Windows Firewall with Advanced Security, could you point me in the direction of a tutorial, thanks

I've already looked at Microsoft and Technet sites:
Windows Firewall with Advanced Security
Windows Firewall with Advanced Security Getting Started Guide
Introduction to Windows Firewall with Advanced Security

(just wondered if you have a favorite guide elsewhere)

Comodo and other HIPS products do very well protecting software and software vulnerabilities but can not protect against vulnerabilities in Windows or malicious processes that run at the OS level. Security software only can protect against processes that run at the software level. If the vulnerability is exploited in Windows and the network drivers are compromised at the OS level, Comodo will not even know it happened. Anything that runs at the OS level can easily bypass any security software including advanced HIPS. I'm sorry but Comodo is not as bulletproof as many believe it is. It is much more important to keep Windows updated with the latest patches because OS vulnerabilities can not be protected by security software.

Thanks. :D

Apologies as this is probably completely off-topic, aargh!
 
Last edited:

Exterminator

Level 85
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Outpost was very buggy when I ran it on Windows 8.Maybe it is better now and can't really say for sure.I use ESS 7 on 8.1 but if I had to choose just a firewall I would say Windows
 

Littlebits

Retired Staff
May 3, 2011
3,893
I'm intrigued by this discussion! I always thought a third party firewall was much more robust than Windows own. I have Comodo firewall installed on Windows 7 HP x64 to Chiron's recommendations, but what Littlebits states seems to change everything.

As I understand it, in non-techie speak, a 3rd party fw is kind of sitting on the system, whereas Window's own fw is integrated within. Additionally there is this Advanced Security feature, which I've never heard of before, which appears to strengthen it further (in some way that I don't as yet understand :()

I'm really considering towards a change. Littlebits, you're using Windows Firewall with Advanced Security, could you point me in the direction of a tutorial, thanks

I've already looked at Microsoft and Technet sites:
Windows Firewall with Advanced Security
Windows Firewall with Advanced Security Getting Started Guide
Introduction to Windows Firewall with Advanced Security

(just wondered if you have a favorite guide elsewhere)



Apologies as this is probably completely off-topic, aargh!

To use Windows Firewall effectively you first must utilize UAC, never approve the unknown always deny what you don't know for sure is safe. Windows Firewall by default blocks all inbound connections and displays prompts for you to unblock the connection, but allows all outbound connections. So it is important to never allow a bad process through UAC because outbound connections will be allowed. Firewall rules are automatically created according to your Network configuration in Network and Sharing Center (Home, Work or Public).

Windows Firewall with Advanced Security allows you to customize the created rules with tweaks to provide better security.
There are guides all over the web but experience of actually working with it helps you learn, there really isn't guide to help you setup your own config, it all depends on your situation and installed programs. Everyone will need different configurations based on their programs, connection status, connection location, etc.

Here is a video which explains a lot-


Enjoy!! :D
 
  • Like
Reactions: Chigwells and Ink
D

Deleted member 178

In addition, most people use 3rd party firewalls for their whole package including Hips, behavior blocker, etc.

If you dont need those other component Windows FW is strong enough
 
  • Like
Reactions: Cats-4_Owners-2

Stubbornest

Level 1
Verified
Jan 3, 2014
55
RE: Best Firewall for Windows?

In my opinion the most important protection level a firewall should have is Outbound protection. This gives an extremely important layer of defense against many forms of malware that need internet access to become malicious (from trojan downloaders to the recent cryptolocker variants which need to contact the C&C).

Also many password stealers will use legitimate Remote Access software in order to break in. Inbound only defense will not help one in this case.
TinyWall adds outbound connection control to Windows Firewall. In fact, initially every outgoing connection attempt is blocked. (Except TinyWall itself, but it can also block itself by changing the special exception.)
You need to whitelist (by executable, window, or process), blocklist, or unblock.
But it also recognizes well-known proggies for which you can add an exception (permanent, or ad-hoc).
 
  • Like
Reactions: Cats-4_Owners-2

Victor Cristy

New Member
Feb 15, 2014
1
RE: Best Firewall for Windows?

Firewall Outbound Attacks Protection Test (July 2013)
Test Results of Firewalls on Standard Settings
elnjxi1qlc.jpg


Test Results of Firewalls on Maximum Settings
75ojm2axvt.jpg


http://www.anti-malware-test.com/firewall_test_outbound_protection_2013
Also this is my first reply to your posted forum, I also noticed, like aztony, that there is no ZoneAlarm in your list tested? I see your test was reported in July 2013, can you update it with ZoneAlarm attached also?
 

Littlebits

Retired Staff
May 3, 2011
3,893
Also this is my first reply to your posted forum, I also noticed, like aztony, that there is no ZoneAlarm in your list tested? I see your test was reported in July 2013, can you update it with ZoneAlarm attached also?

That is NOT a network firewall test, it tests HIPS features. ZoneAlarm doesn't have full HIPS features, it only has IDS cloud-based protection therefore it would have scored very low this test. However the Network control on ZoneAlarm is one of the very best and probably the most user-friendly firewall available.

Most tests that claim to be firewall or anti-leak tests are actually testing HIPS features, some don't even test Network control features.
If you utilize UAC, keep your software updated and don't download suspicious files then HIPS features are not necessary. In most cases Windows Firewall will be enough if you already have a router with a hardware firewall. UAC is more powerful protection because it runs at the Windows OS kernel level above all security software. Just don't approve anything that you are not completely sure is safe on UAC prompts and you have better protection that can be offered by HIPS features with no compatibility issues or configuration (tweaking) needed.


Thanks. :D
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top