- Oct 1, 2019
- 303
- Content source
- https://youtu.be/UfaRLUZK8No
Why you shouldn't use Windows Firewall
- Thread starter CyberPanther
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- May 26, 2014
- 1,130
This test by Leo is run on windows 7,can anyone tell me if this is significant on not?
- Apr 2, 2018
- 1,782
This man treat Windows Firewall as an antivirus? What.............
Don't watch this video. It a waste of time. This man treat Windows Firewall as an antivirus suppose to block malicious app you download from the net, and the malicious site that the malicious app communicate to.
Don't watch this video. It a waste of time. This man treat Windows Firewall as an antivirus suppose to block malicious app you download from the net, and the malicious site that the malicious app communicate to.
Last edited:
"Best solution is to have a hardware firewall", while not entirely false this entire video looks like an AD.
You can easily stop malware (or any other program for that matter) from creating Firewall Rules without your consent, by changing the permittions on
Then we have WFC which also has options to restrict access to the Firewall.
I won't deny Microsoft fails to supply the tools and options for advanced users, it wouldn't take much effort from their part to give us an option to restrict creation of Firewall Rules.
This video just shows you can easily create Firewall Rules without Admin intervention, and honestly I knew about it for years, I've used it in multiple companies scripts (and yes, it works on Windows 10, this is supported by Microsoft).
Either way the moment the Malware is on the PC you already lost, you supposed to stop the Malware from getting on your PC in the first place, and as shown by VT, that sample is easily detected.
You can easily stop malware (or any other program for that matter) from creating Firewall Rules without your consent, by changing the permittions on
Code:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\Then we have WFC which also has options to restrict access to the Firewall.
I won't deny Microsoft fails to supply the tools and options for advanced users, it wouldn't take much effort from their part to give us an option to restrict creation of Firewall Rules.
This video just shows you can easily create Firewall Rules without Admin intervention, and honestly I knew about it for years, I've used it in multiple companies scripts (and yes, it works on Windows 10, this is supported by Microsoft).
Either way the moment the Malware is on the PC you already lost, you supposed to stop the Malware from getting on your PC in the first place, and as shown by VT, that sample is easily detected.
Last edited:
- May 26, 2014
- 1,130
Near the end of the video Leo says he is not bashing windows Firewall,but He is always bashing Windows Defender, ect..It seems (if someone believes him) the next step is to ask him what he does recommend( and there is the motive for this video sales) at least this is my guess
- May 31, 2017
- 1,719
FYI, I posted the following comment on YT.
Leo, you should checkout the standalone version of www.whitelistcloud.com. This is the exact type of attack that it was designed to protect against. Basically, it creates a firewall rule for any unknown files, and is free. It is a work in progress and we have not yet implemented the kmd for the standalone version, but it should do quite well against this attack. Although I have not yet tested to see what happens when an allow and block rule are created for the same item. If this is an issue, maybe we need to check recently created allow rules for unknown items and remove them. As I said, it is a work in progress, but the concept is there.
BTW, I understand his point, but once new arbitrary unsafe code is allowed to execute (especially escalated), the system is compromised anyway.
Leo, you should checkout the standalone version of www.whitelistcloud.com. This is the exact type of attack that it was designed to protect against. Basically, it creates a firewall rule for any unknown files, and is free. It is a work in progress and we have not yet implemented the kmd for the standalone version, but it should do quite well against this attack. Although I have not yet tested to see what happens when an allow and block rule are created for the same item. If this is an issue, maybe we need to check recently created allow rules for unknown items and remove them. As I said, it is a work in progress, but the concept is there.
BTW, I understand his point, but once new arbitrary unsafe code is allowed to execute (especially escalated), the system is compromised anyway.
Exactly... I was incredibly curious throughout the video what his mitigation recommendation was going to be... maybe he will have one at some point. WD is bashed because it has developed into an amazing product the last couple of years, so it is going to be bashed more and more, especially as it gains market share.
Re-posting reply for clarification.
Link: Misconception 2 'Firewalls protect your computer by detecting malware' | Emsisoft Blog
Not to bash, but IMO this video is a poor demonstration.
- Video description is misleading as tests are performed on Windows 7 32-bit, but aims the video demonstration at Windows 10 users.
- Windows 7 is no longer supported by Microsoft.
- All Windows users should migrate to Windows 10. Check lifecycle support.
- Layered protection is very important for all PC Security
channelsset-ups. This is not demonstrated in the video.- Windows 7 does not have adequate layers of protection. The old Windows Defender is Anti-Spyware only.
- Windows 10 comes with Virus, Malware and Ransomware protection under Windows Security.
Link: Misconception 2 'Firewalls protect your computer by detecting malware' | Emsisoft Blog
Not to bash, but IMO this video is a poor demonstration.
Aka "trojan backdoor malware test" vs software firewall that does not catch malware.Video Description said:
- Apr 6, 2016
- 440
was this guy an Emsisoft emplyee? if yes is he still?
Yes, I recall something like that. "Funny," Emisisoft uses the Windows Firewall instead since a few years now amid some major flak from some of their users. Using a cherry-picked scenario isn't my idea of a fair test. But, it is what it is. I'll continue to use Andy Ful's FirewallHardening utility in conjunction with Windows Firewall and not get sucked into some kind of vortex of paranoia.
- Apr 6, 2016
- 440
that is one of the cons of a virutal company. they have so many pros but there are some cons as well.
i always had the feeling about Emsisoft that how they choose their employees like they chose this guy who probably all they know about was that he is a youtuber and test products ( this might be wrong and the guy actually sent some proofs that he is worthy to Emsisoft ). and then they got Umbra in, which was( not sure why he is not anymore but i wasn't a fan of him anyway ) a mod here at MT.
and we know most of the Emsisoft employees was the same like tech and geek guys around the internet in other software forums and stuff like that ( i've read that somewhere ) so the problem with this this being a virutal company is that it is not really that common and it just people have not the right feeling about it at least i don't. like is the whole operation even trusted and reliable? we know Fabian Wosar is hiding very well and he is a guy we've been told that really needs to be hidden and not known so we actually accepted that we are not going to know that much about one of the cores in Emsisoft and his back ground. meanwhile see how they chose their employees. this just does not feel "secure" to me. it feels that it's just so easy to get into the Emsisoft and it is normal since it's a virutal company but it just does not feel right maybe cause it is still not that common this being a virutal cybersecurity company.
like i always had the question by myself that Emsisoft BB for example, it reacts to the malwares based on the rules that Emsisoft employees giving to it. so who actually is that employee who give these rules? and how many of Emsisoft employees actually have access to those rules is it being monitored? ofc the all problems comes with the not virutal companies too but it sounds a bit scarier in a virutal company.
the good part is that Emsisoft does not get that much information about it's users, but yet who says that to not to? and who can change that? virutal companies have some kind of NDA like physical companies?
hmm i probably should've write a review about Emsisoft
i always had the feeling about Emsisoft that how they choose their employees like they chose this guy who probably all they know about was that he is a youtuber and test products ( this might be wrong and the guy actually sent some proofs that he is worthy to Emsisoft ). and then they got Umbra in, which was( not sure why he is not anymore but i wasn't a fan of him anyway ) a mod here at MT.
and we know most of the Emsisoft employees was the same like tech and geek guys around the internet in other software forums and stuff like that ( i've read that somewhere ) so the problem with this this being a virutal company is that it is not really that common and it just people have not the right feeling about it at least i don't. like is the whole operation even trusted and reliable? we know Fabian Wosar is hiding very well and he is a guy we've been told that really needs to be hidden and not known so we actually accepted that we are not going to know that much about one of the cores in Emsisoft and his back ground. meanwhile see how they chose their employees. this just does not feel "secure" to me. it feels that it's just so easy to get into the Emsisoft and it is normal since it's a virutal company but it just does not feel right maybe cause it is still not that common this being a virutal cybersecurity company.
like i always had the question by myself that Emsisoft BB for example, it reacts to the malwares based on the rules that Emsisoft employees giving to it. so who actually is that employee who give these rules? and how many of Emsisoft employees actually have access to those rules is it being monitored? ofc the all problems comes with the not virutal companies too but it sounds a bit scarier in a virutal company.
the good part is that Emsisoft does not get that much information about it's users, but yet who says that to not to? and who can change that? virutal companies have some kind of NDA like physical companies?
hmm i probably should've write a review about Emsisoft
- Aug 22, 2013
- 886
Many of us knowingly or unknowingly are sitting behind a good home router these days, which i believe has some kind of firewall security. ( correct me if am wrong). So my question is that " will this qualify as a basic hardware firewall?"
- Feb 7, 2014
- 1,540
that is one of the cons of a virutal company. they have so many pros but there are some cons as well.
i always had the feeling about Emsisoft that how they choose their employees like they chose this guy who probably all they know about was that he is a youtuber and test products ( this might be wrong and the guy actually sent some proofs that he is worthy to Emsisoft ). and then they got Umbra in, which was( not sure why he is not anymore but i wasn't a fan of him anyway ) a mod here at MT.
and we know most of the Emsisoft employees was the same like tech and geek guys around the internet in other software forums and stuff like that ( i've read that somewhere ) so the problem with this this being a virutal company is that it is not really that common and it just people have not the right feeling about it at least i don't. like is the whole operation even trusted and reliable? we know Fabian Wosar is hiding very well and he is a guy we've been told that really needs to be hidden and not known so we actually accepted that we are not going to know that much about one of the cores in Emsisoft and his back ground. meanwhile see how they chose their employees. this just does not feel "secure" to me. it feels that it's just so easy to get into the Emsisoft and it is normal since it's a virutal company but it just does not feel right maybe cause it is still not that common this being a virutal cybersecurity company.
like i always had the question by myself that Emsisoft BB for example, it reacts to the malwares based on the rules that Emsisoft employees giving to it. so who actually is that employee who give these rules? and how many of Emsisoft employees actually have access to those rules is it being monitored? ofc the all problems comes with the not virutal companies too but it sounds a bit scarier in a virutal company.
the good part is that Emsisoft does not get that much information about it's users, but yet who says that to not to? and who can change that? virutal companies have some kind of NDA like physical companies?
hmm i probably should've write a review about Emsisoft
This is a firewall topic not Emsisoft. I think you should open a different thread before you attempt to sell ready dig post holes or poke-uh-dot tables, it will get you nowhere on assumptions. Just saying.
I was a user of Emsisoft also but dropped it, just saying.
- Apr 1, 2019
- 2,868
His problem is with outbound connections, which a hardware firewall isn’t blocking either unless you have set it to, or they have some kind of security filter for IPs. Windows 10 firewall works great for this as well. You only have to worry about outbound connections if you are either already infected and worried about data exfiltration, or a malware contacting a C&C server, or you are trying to block certain program from making outbound connections. There are common ports to watch or block for worms, but it’s your last line of defense. And most routers aren’t protecting you in this way, but they are most likely putting all your inbound ports into stealth mode and avoid port scanners.
Last edited:
- Apr 6, 2016
- 440
that doesn't make any difference too anyway.
it is what it is
but i'll probably do that one day
the topic tho has nothing to discuss about actually. the guy is white today black tomorrow. one day telling good about products that suggest to use windows firewall and the other day blame windows firewall.
starting the video we hear "don't use windows firewall" end of the video we'll hear "i don't want to bash Windows Firewall"
Stop posting this misinformation videos from that guy please.
It's just ridiculous that he not even know what OS version he use. Very high expert level
It's just ridiculous that he not even know what OS version he use. Very high expert level
- Mar 16, 2019
- 3,862
The malware created an inbound rule. Enabling this option would nullify the rule created by the malware. I always disable inbound connection no matter which Firewall I use since I don't need it nor 99% average users.
Last edited:
- Sep 10, 2015
- 901
It's 2020, hackers won't enter through your firewall unless you're directly exposed to the internet (no NAT).
- Apr 1, 2019
- 2,868
You’re right I missed that in my post. Outbound connections and inbound rules matter. However wouldn’t your router also need to forward the port, or am I mistaken?
Also I didn’t watch the whole thing...my bad.
- May 26, 2014
- 1,339
that is one of the cons of a virutal company. they have so many pros but there are some cons as well.
i always had the feeling about Emsisoft that how they choose their employees like they chose this guy who probably all they know about was that he is a youtuber and test products ( this might be wrong and the guy actually sent some proofs that he is worthy to Emsisoft ). and then they got Umbra in, which was( not sure why he is not anymore but i wasn't a fan of him anyway ) a mod here at MT.
and we know most of the Emsisoft employees was the same like tech and geek guys around the internet in other software forums and stuff like that ( i've read that somewhere ) so the problem with this this being a virutal company is that it is not really that common and it just people have not the right feeling about it at least i don't. like is the whole operation even trusted and reliable? we know Fabian Wosar is hiding very well and he is a guy we've been told that really needs to be hidden and not known so we actually accepted that we are not going to know that much about one of the cores in Emsisoft and his back ground. meanwhile see how they chose their employees. this just does not feel "secure" to me. it feels that it's just so easy to get into the Emsisoft and it is normal since it's a virutal company but it just does not feel right maybe cause it is still not that common this being a virutal cybersecurity company.
like i always had the question by myself that Emsisoft BB for example, it reacts to the malwares based on the rules that Emsisoft employees giving to it. so who actually is that employee who give these rules? and how many of Emsisoft employees actually have access to those rules is it being monitored? ofc the all problems comes with the not virutal companies too but it sounds a bit scarier in a virutal company.
the good part is that Emsisoft does not get that much information about it's users, but yet who says that to not to? and who can change that? virutal companies have some kind of NDA like physical companies?
hmm i probably should've write a review about Emsisoft
Dont worry too much, Leo and Umbra are/were just community managers/tech envagelists, they are/were not core members in the Emsisoft team (fortunately).
I know that Umbra time on Emsisoft was very short and maybe Leo isnt affiliated with Emsisoft anymore (needs confirmation).
- Mar 16, 2019
- 3,862
I think you're right. If port forwarding and UPnP is disabled on the router then the router wouldn't forward the port and any inbound connection attempt will fail.
Similar threads
