Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Firewall settings
Message
<blockquote data-quote="Victor M" data-source="post: 1124977" data-attributes="member: 96560"><p>Windows telemetry bypasses the firewall. You see 1 outbound rule for them. Do you think MS would let you disable their telemetry money cow so easily? They use the telemetry to build security intelligence, to know where attackers are attacking. And then you have to pay them to get this intelligence. It is what makes their security products effective.</p><p></p><p>MS Update also bypasses the firewall. You don't see any rules for it. Upon finishing Windows installation and at first internet connection, there is a flurry of net activity when Windows immedately downloads all your needed driver. Some years ago there was a vulnerability in win update, but you can't stop the updates by disabling the non-exsitant firewall rule. So you just sit there and watch while they pwn you.</p><p></p><p>Windows NTP ( windows time service) also bypasses the firewall without a rule. MS thinks it is so essential that they don't bother making a outbound rule for it, yet your clock is accurate. So what happens if there is a vulnerability in windows time, then what do you do?</p><p></p><p>Windows remote management and other admin gadgets like push to install, remote shutdown, sync your settings, bypasses the firewall without any rules. You only see evidence of their existence in gpedit.</p><p></p><p>If you think MS is transparent about their networking, and has built a real firewall for you to control your traffic, they have not.</p><p></p><p>Thankfully there are 3rd party firewalls like SimpleWall. It still uses the MS firewall engine with all its flaws, but it has a long list of blocked ip addesses and that is the only way to selectively block telemetry and win update - via ip address blocking. It's GUI is 'different' but it is worth learning. It feels good to have control. And all you see in the logs are a long list of blocked traffic. Just set it up on an old machine and leave it alone for a day and you will see.</p></blockquote><p></p>
[QUOTE="Victor M, post: 1124977, member: 96560"] Windows telemetry bypasses the firewall. You see 1 outbound rule for them. Do you think MS would let you disable their telemetry money cow so easily? They use the telemetry to build security intelligence, to know where attackers are attacking. And then you have to pay them to get this intelligence. It is what makes their security products effective. MS Update also bypasses the firewall. You don't see any rules for it. Upon finishing Windows installation and at first internet connection, there is a flurry of net activity when Windows immedately downloads all your needed driver. Some years ago there was a vulnerability in win update, but you can't stop the updates by disabling the non-exsitant firewall rule. So you just sit there and watch while they pwn you. Windows NTP ( windows time service) also bypasses the firewall without a rule. MS thinks it is so essential that they don't bother making a outbound rule for it, yet your clock is accurate. So what happens if there is a vulnerability in windows time, then what do you do? Windows remote management and other admin gadgets like push to install, remote shutdown, sync your settings, bypasses the firewall without any rules. You only see evidence of their existence in gpedit. If you think MS is transparent about their networking, and has built a real firewall for you to control your traffic, they have not. Thankfully there are 3rd party firewalls like SimpleWall. It still uses the MS firewall engine with all its flaws, but it has a long list of blocked ip addesses and that is the only way to selectively block telemetry and win update - via ip address blocking. It's GUI is 'different' but it is worth learning. It feels good to have control. And all you see in the logs are a long list of blocked traffic. Just set it up on an old machine and leave it alone for a day and you will see. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
