Q&A KSC Free vs KAV

McMcbrad

Level 20
Oct 16, 2020
969
What having a firewall adds to the security though?
That depends on many factors, such as router, other devices on your network and others.

Many firewalls one way or another can be trained to allow a set of trusted programs and then block everything else by default - this can "sabotage" many forms of malware, as a credentials stealer for example, won't be able to send its database to the attacker, a downloader won't be able to load anything or a RAT won't be able to connect to the C&C. Ransomware might not be able to get an online key, so decryption might be easier or not needed at all.
It depends on the way you utilise it, as well as on the firewall itself.
It of course has potential bypasses.

Normally firewall is complemented by some sort of Intrusion Prevention (Network Attack Blocker in KIS), which can reduce your attack surface.

KIS includes other modules as well, listed by @harlan4096 which all work to minimise the vectors attackers could exploit.
 
Last edited:

Nagisa

Level 6
Verified
Jul 19, 2018
286
It of course has potential bypasses.
Such as injecting code to other programs and uploading data at that way :unsure: But I guess that would make it easier to get caught by antiviruses because having those malicious patterns. So can we say that firewall module rather protects from obvious data stealing attempts? If true, having a simple firewall control program and blocking all inbound connections while allowing a few trusted programs outgoing would be no more less secure, am I wrong?
 

McMcbrad

Level 20
Oct 16, 2020
969
Such as injecting code to other programs and uploading data at that way :unsure: But I guess that would make it easier to get caught by antiviruses because having those malicious patterns. So can we say that firewall module rather protects from obvious data stealing attempts? If true, having a simple firewall control program and blocking all inbound connections while allowing a few trusted programs outgoing would be no more less secure, am I wrong?
It again depends on many variables, but in general, yes. It would be almost the same, except for the fact that AV firewalls normally deploy some policies over Windows services as well... not sure if small free firewall companions do that too. And yet the lack of IPS would remain. Some AV firewalls, such as Comodo go a step further with Deep Packet Inspection.
 
Top