Indeed, if MS decide to change the API, you can say bye bye to all your 3rd party firewalls until they adjust their soft, and in the meantime, people will babycry because they can't use them LOL
Is built-in Windows Firewall enough?
- Thread starter Marac
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Status
Windows firewall is enough but if you frequently use public wifi or install new softwares
a third-party firewall is better only if you can configure it properly, otherwise, it would be similar to Windows firewall
a third-party firewall is definitely more convenient than WF, for example, Comodo firewall. You can set up some specific rules which you can't on windows firewall
example: Allow chrome.exe to connect to port 80, 443, 53, 8080 | block everything else
or you can block the whole folder of exe files using 1 single rule in comodo firewall, again, you can't on windows firewall
a third-party firewall is better only if you can configure it properly, otherwise, it would be similar to Windows firewall
a third-party firewall is definitely more convenient than WF, for example, Comodo firewall. You can set up some specific rules which you can't on windows firewall
example: Allow chrome.exe to connect to port 80, 443, 53, 8080 | block everything else
or you can block the whole folder of exe files using 1 single rule in comodo firewall, again, you can't on windows firewall
Last edited:
It depends...
1. Are you a high-risk user ?
2. Are you the paranoid type ?
3. When it comes to Windows security, do you know what you're doing ?
If you want to get real technical about it, then Windows Firewall is insufficient because it is default-allow (except for server processes) for outbound connections. Furthermore, its self- and anti-tampering protections are weak.
3rd-party firewalls packed into internet security suites provide additional protections such as exploit\intrusion detection.
Is a 3rd-party firewall a best practice ? There are those that say yes - that it is needed to block outbound data theft - while others hold the position that it is irrelevant once the system is compromised (even if the firewall prevents data transmission). The difference in perspective always seems to be centered around what a 3rd-party firewall can do (block outbound) versus what it was originally designed\intended to do (block inbound).
Last edited by a moderator:
- May 13, 2017
- 2,685
Firewall App Blocker (Fab) v1.6 provides a more friendly GUI for WF, also comes with the context menu for exe as well.
Windows Firewall - it is a car. 3rd party firewall - it is Bugatti Veyron, but technically, it is still only a car. The question is, do you need it?
I'm not a developer, so I might be incorrect, but why else would a WFP API exist.
More: Windows Filtering Platform (Windows)
I'm not saying 3rd-party Apps that depend on WFP are bad, but most home computers don't need constant alerts.
It's different for standalone software such as Comodo Firewall, since it doesn't use WFP (as far as I know). They usually are packed with different features, that is above my level of expertise.
The average user looking to protect a system doesn't know any better, so their inclination is to metaphorically bring an aircraft carrier to a knife fight. As ridiculous as that sounds, it is an apt description of what many users do - even those that know better.
The whole "It's better to be safe than sorry..." position ("So I will excessively layer") on security is emotionally driven - based largely upon a lack of knowledge. The end result are irrational decisions and actions, along with a dose of unrealistic expectations thrown on top.
Last edited by a moderator:
I think a big issue for those who take an active interest in making sure their system is secure is that there's a pretty huge paradox (paradox might be the wrong word) going on:
They want to ensure their system is invulnerable against any form of malicious attack but at the same time they're fully aware that their system can never truly be invulnerable, and no matter how much security they pile onto it there's always going to be a chance that they get infected, which I think manifests itself as this constant anxiety about their system being compromised no matter how low the chances are.
I think the best people can do is reach a point where they feel protected enough that they stop obsessing over it.
It's very unfortunate that emotions are the basis of most users' IT security decisions. Feelings have no place in security. The worst is when a user frets over their security when they already know they are as safe as is technically possible - that they have already done everything reasonable to ensure their security. When a person exhibits such behavior the psychiatrists and psychologists start to use choice words like paranoid, maladaptive and disease.
Last edited by a moderator:
I see no reason to argue about using programs to manage Windows Firewall, Windows Firewall is enough but it's not accessible nor easy to manage. Programs like WFC make it usable for advanced users!
Is no different from using third-party apps to manage Windows Defender, which lots of people do here.
It doesn't take a day to learn how to do those changes manually, but it's time consuming and frustrating compared to pushing a button on a third-party app.
When Microsoft wakes from their slumber (yeah right...) and adds notifications for outbound traffic (a feature that has been requested for over a decade), then Windows Firewall will be usable without third-party apps.
Also saw someone mention Windows Firewall cannot allow/block traffic per doors/protocols, this is wrong, Windows Firewall has that feature.
Is no different from using third-party apps to manage Windows Defender, which lots of people do here.
It doesn't take a day to learn how to do those changes manually, but it's time consuming and frustrating compared to pushing a button on a third-party app.
When Microsoft wakes from their slumber (yeah right...) and adds notifications for outbound traffic (a feature that has been requested for over a decade), then Windows Firewall will be usable without third-party apps.
Also saw someone mention Windows Firewall cannot allow/block traffic per doors/protocols, this is wrong, Windows Firewall has that feature.
- Jun 9, 2013
- 6,720
- Apr 13, 2013
- 3,224
The original question was "Is built-in Windows Firewall enough?". The answer would depend on what the Poster meant by Enough. As a traditional Inbound protection modality (especially if one already uses a Router) the answer would be Yes.
But if by Enough it was meant optimal protection against malware, the answer is most certainly No.
Although this is just repeating what Lockdown stated in Post 23, I'll do it anyway:
Let's say one comes across a zero day malware file that gets past the Primary defense and was:
1). A Worm- an Outbound alerting Firewall will inform the User that a scripting engine is attempting to get out on to the network.
2). a malware file that forks a legitimate process- oft times an Outbound Firewall will block these silently without the need for any user input.
3). Powershell malware- most often these will seek to download payloads. An Outbound firewall will block this attempt.
4). a keylogger- these can log as much stuff as they want, but if blocked from transmitting this information out, the User is Golden.
There are oodles and oodles of more stuff that could be used as examples, but why bother? Considering that WF would allow all of the above (and also could be frequently deactivated or manipulated by malware), it is not an optimal solution for malware protection.
And I don't think that having these concerns is being Paranoid- personally I just think that it is Smart.
But if by Enough it was meant optimal protection against malware, the answer is most certainly No.
Although this is just repeating what Lockdown stated in Post 23, I'll do it anyway:
Let's say one comes across a zero day malware file that gets past the Primary defense and was:
1). A Worm- an Outbound alerting Firewall will inform the User that a scripting engine is attempting to get out on to the network.
2). a malware file that forks a legitimate process- oft times an Outbound Firewall will block these silently without the need for any user input.
3). Powershell malware- most often these will seek to download payloads. An Outbound firewall will block this attempt.
4). a keylogger- these can log as much stuff as they want, but if blocked from transmitting this information out, the User is Golden.
There are oodles and oodles of more stuff that could be used as examples, but why bother? Considering that WF would allow all of the above (and also could be frequently deactivated or manipulated by malware), it is not an optimal solution for malware protection.
And I don't think that having these concerns is being Paranoid- personally I just think that it is Smart.
tell me how you can allow port 80 but block all other ports without having to manually type them?
I bet you can't
the screenshot you sent doesn't explain what I mentioned. I know that already and I can perfectly do it
creating a separate block rule for everything just doesn't work
and I don't want the the medium blocking mode which I have to make rule for every single program
Last edited:
you know there is a button called "block all connections" right?
so if you block all but the rule, it works.
You people should do some researches before stating...
Last edited by a moderator:
- Jan 28, 2018
- 2,464
The firewall itself has no difference in function between third party and Windows' s, and I think that it is enough to control communication as specified.
I guess that Microsoft intends to give the degree of difficulty to the location and setting of the adjustment, considering "I want to prevent unintended users from feeling easily touching".
Or ... I can not deny the possibility of being a Windows Easter egg.
I guess that Microsoft intends to give the degree of difficulty to the location and setting of the adjustment, considering "I want to prevent unintended users from feeling easily touching".
Or ... I can not deny the possibility of being a Windows Easter egg.
"block all connections" means blocking everything but it only appears in Inbound connectionyou know there is a button called "block all connections" right?
the "Block" in outbound connection will switch WF to Medium blocking mode like in WFC => when something wants to connect, it must have an allow rule, if I recall it right
I tried to use it but it's super annoying to create rules for every process
just saw your post, I knew that too and it created a lot of headache to find out what was blocked
- May 4, 2018
- 2,261
TinyWall isn't too bad to look at either, fairly simple, light and also helps out Windows Firewall as well!
As stated depends on your personal preferences, your setup, laptop and other aspects. Everyone has a different setup.
~LDogg
As stated depends on your personal preferences, your setup, laptop and other aspects. Everyone has a different setup.
~LDogg
- May 13, 2017
- 2,685
Glasswire is a masterpiece. It is everything WF should have been for common users. Pity, that the free version is utterly useless.
Some UDP connections last for a millisecond and then disappear. It took me months to configure some rules.
Even now, all I can do, is to log all the traffic and guess, what connection is needed by the particular software.
Sometimes I just give up and allow all IPs for a software, because I just do not have the nerves to continue.
Yes, but you have to use a bunch of programs to monitor the connection to know, what rules you have to create.
Some UDP connections last for a millisecond and then disappear. It took me months to configure some rules.
Even now, all I can do, is to log all the traffic and guess, what connection is needed by the particular software.
Sometimes I just give up and allow all IPs for a software, because I just do not have the nerves to continue.
- Status
Similar threads
