Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Clearing up confusion on WFP
Message
<blockquote data-quote="Eddie Morra" data-source="post: 779039"><p>Hiya</p><p></p><p>I think sometimes there might be some confusion when it comes to third-party software-level Firewall components and the Windows Filtering Platform (WFP). I'm not pointing the finger on anyone or any community, but in the past, I've seen people express dislike to third-party software-level Firewall components over Windows Firewall on the grounds of it being "based on Windows Firewall", or along those lines. Hopefully, this will clear up some confusion for anyone who may have misunderstood how Windows Firewall and third-party Firewall components using WFP are alike.</p><p></p><p>1. Windows Firewall relies on WFP for filtering network operations.</p><p>2. Third-party Firewall components which relies on WFP is not equal to them being "based" on Windows Firewall.</p><p>3. Even if a vendor is using WFP (same as Windows Firewall), it does not mean that it is identical in terms of network protection... the filtering will be a vendor-specific implementation and thus the vendor will have the flexibility of adding/removing features (not to mention the ability for them to apply for their own optimisation).</p><p></p><p>Windows Firewall has improved a lot and may be more appropriate for many nowadays in comparison to the old days.. but this does not mean that any third-party relying on the same underlying technology as Windows Firewall is "useless". You need to remember that the filtering is still a vendor-specific implementation, and that WFP is actually quite robust and secure... it would make no sense for someone to unnecessarily re-invent the wheel when it wouldn't be better than what is already available and offered to them; using what is already available (especially when it is already robust, secure and well-tested) is a no-brainer when it comes to development costs and deadlines, too.</p><p></p><p>Please check the following documentation.</p><p></p><p></p><p></p><p></p><p></p><p>Source: <a href="https://docs.microsoft.com/en-us/windows/desktop/fwp/windows-filtering-platform-start-page" target="_blank">Windows Filtering Platform</a></p><p></p><p>The above quoted documentation qualifies as evidence for my claim of WFP usage not being the equivalent as being "based" on Windows Firewall. My claim is reliant on Microsoft's documentation, which at best is still sketchy though, because we all know what Microsoft is like with documentation.</p><p></p><p>[SPOILER="Nostalgic bonus"]</p><p>For anyone who wants a laugh about old Anti-Virus solutions and mistakes: <a href="http://www.uninformed.org/?v=4&a=4&t=pdf" target="_blank">http://www.uninformed.org/?v=4&a=4&t=pdf</a></p><p></p><p>TLDR:</p><p>Once upon a time, Kaspersky probably thought that building an Anti-Virus was the same as "OS development" and started going nuts with making changes to the Windows kernel, even when they did not really need to make certain changes to support features they were after (unnecessarily reducing system stability, integrity and security). Obviously, they've learnt from those mistakes and turned a new leaf on how they approach certain features with more consideration into robustness and security for a very long time now.</p><p></p><p>McAfee Internet Security Suite 2006 was vulnerable because they were using a now-obsolete mechanism named <a href="https://en.wikipedia.org/wiki/Layered_Service_Provider" target="_blank">Layered Service Provider (LSP) </a>for filtering network operations... if only WFP was around at the time to save them.</p><p>[/SPOILER]</p><p></p><p>Cya</p></blockquote><p></p>
[QUOTE="Eddie Morra, post: 779039"] Hiya I think sometimes there might be some confusion when it comes to third-party software-level Firewall components and the Windows Filtering Platform (WFP). I'm not pointing the finger on anyone or any community, but in the past, I've seen people express dislike to third-party software-level Firewall components over Windows Firewall on the grounds of it being "based on Windows Firewall", or along those lines. Hopefully, this will clear up some confusion for anyone who may have misunderstood how Windows Firewall and third-party Firewall components using WFP are alike. 1. Windows Firewall relies on WFP for filtering network operations. 2. Third-party Firewall components which relies on WFP is not equal to them being "based" on Windows Firewall. 3. Even if a vendor is using WFP (same as Windows Firewall), it does not mean that it is identical in terms of network protection... the filtering will be a vendor-specific implementation and thus the vendor will have the flexibility of adding/removing features (not to mention the ability for them to apply for their own optimisation). Windows Firewall has improved a lot and may be more appropriate for many nowadays in comparison to the old days.. but this does not mean that any third-party relying on the same underlying technology as Windows Firewall is "useless". You need to remember that the filtering is still a vendor-specific implementation, and that WFP is actually quite robust and secure... it would make no sense for someone to unnecessarily re-invent the wheel when it wouldn't be better than what is already available and offered to them; using what is already available (especially when it is already robust, secure and well-tested) is a no-brainer when it comes to development costs and deadlines, too. Please check the following documentation. Source: [URL='https://docs.microsoft.com/en-us/windows/desktop/fwp/windows-filtering-platform-start-page']Windows Filtering Platform[/URL] The above quoted documentation qualifies as evidence for my claim of WFP usage not being the equivalent as being "based" on Windows Firewall. My claim is reliant on Microsoft's documentation, which at best is still sketchy though, because we all know what Microsoft is like with documentation. [SPOILER="Nostalgic bonus"] For anyone who wants a laugh about old Anti-Virus solutions and mistakes: [URL]http://www.uninformed.org/?v=4&a=4&t=pdf[/URL] TLDR: Once upon a time, Kaspersky probably thought that building an Anti-Virus was the same as "OS development" and started going nuts with making changes to the Windows kernel, even when they did not really need to make certain changes to support features they were after (unnecessarily reducing system stability, integrity and security). Obviously, they've learnt from those mistakes and turned a new leaf on how they approach certain features with more consideration into robustness and security for a very long time now. McAfee Internet Security Suite 2006 was vulnerable because they were using a now-obsolete mechanism named [URL='https://en.wikipedia.org/wiki/Layered_Service_Provider']Layered Service Provider (LSP) [/URL]for filtering network operations... if only WFP was around at the time to save them. [/SPOILER] Cya [/QUOTE]
Insert quotes…
Verification
Post reply
Top
