- Apr 13, 2013
- 3,224
- Content source
- https://youtu.be/J8icGPr0YKQ
How malware can exploit WF in Part 2.
Windows Defender Firewall critique- Part 1
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
How malware can exploit WF in Part 2.
Bot
AI-powered Bot
- Apr 21, 2016
- 4,364
Looking forward to the next part. Understanding the vulnerabilities of Windows Defender Firewall is crucial for enhancing security measures.
- Dec 23, 2014
- 8,510
I like this short description:
ms.codes
It is also worth mentioning that Windows Firewall can be enhanced via GlassWire, Windows Firewall Control, Simplewall, etc.
At home, one can also apply the block rules for popular LOLBins.
If one uses Microsoft Defender, the outbound connections via phishing or malicious URLs can be monitored via Network Protection (a part of ASR protection).
If I correctly recall, it is possible to use Windows Firewall with Comodo Firewall, but I am unsure how sensible it could be (using one of them looks more sensible).
Is Windows Firewall Good Enough
When it comes to protecting your computer from online threats, the question often arises: Is Windows Firewall good enough? Surprisingly, many people may not be aware that Windows Firewall is an in-built security feature that is already present on their devices. With its robust capabilities and...
ms.codes
It is also worth mentioning that Windows Firewall can be enhanced via GlassWire, Windows Firewall Control, Simplewall, etc.
At home, one can also apply the block rules for popular LOLBins.
If one uses Microsoft Defender, the outbound connections via phishing or malicious URLs can be monitored via Network Protection (a part of ASR protection).
If I correctly recall, it is possible to use Windows Firewall with Comodo Firewall, but I am unsure how sensible it could be (using one of them looks more sensible).
Last edited:
- Apr 5, 2021
- 620
Of course Windows Firewall only blocks inbound connections by default. It can be setup to block both inbound and outbound. An easy way to do so as Andy mentioned above:
www.binisoft.org
As for malware disabling Windows Firewall, I guess that's where other protections are necessary.
Windows Firewall Control
Windows Firewall Control is a powerful tool which extends the functionality of Windows Firewall by adding outbound notifications and many other features.
www.binisoft.org
As for malware disabling Windows Firewall, I guess that's where other protections are necessary.
- May 10, 2019
- 2,289
I also wonder how effective the product the rely on and harden WF, like Trend Micro, F-Secure, Avira and Emsisoft are.
- Dec 23, 2014
- 8,510
When looking at the test results of MRG Effitas (Microsoft Defender Enterprise with ASR rules), the protection is similar (slightly better in recent tests) to Avira and Trend Micro.
But, the results for Windows Firewall on default settings will be significantly worse (Network Protection and ASR rules disabled).
- May 10, 2019
- 2,289
Regarding Emsisoft, this is what they said after they dripped support for their internet security version and started using WF.
Emsisoft and Windows Firewall: Your questions, answered.
Emsisoft answers your questions concerning Emsisoft Anti-Malware and Windows Firewall. Find out why we believe it to be an excellent solution to protect you from malware threats.
www.emsisoft.com
lokamoka820
Level 22
- Mar 1, 2024
- 1,137
Is Avast Free Firewall better than Windows Firewall or the same?
- Aug 19, 2019
- 1,168
Comodo Firewall doesn't technically disable WF when installed. The security centre just states it as not active but you can still apply WF rules, like your WFH blocking of LOLBins and they will work with CF installed.
Out of 10 recommendations (professional or amateur) about using more than one firewall at the same time, 9 unequivocally confirm that NO more than one firewall should ever be used on a system. For people who do not understand this, I respectfully suggest that they should not be selective, and do not seek only those opinions that fit their beliefs, be objective, and inform yourselves by looking for all the correct information.
Also, for average users, it is irresponsible to induce an average-Joe to use several firewalls at the same time (when he doesn't even know how to use one firewall alone). You have to be responsible when writing opinions, remembering that out of 10, what works for 1 user generally does not work for the other 9 users.
Finally, it is not true that Windows Firewall by default is insecure. That premise is a fallacy, which starts from the mistake of not understanding the meaning of “default” for Windows. I repeat, it is not true that what works for 1 user here in MT, works also for billions of users outside MT. The Windows firewall is 100% customizable, and can block 100% of any kind of IN or OUT connection, there is not the slightest need for a third party firewall. If the Windows default is not based on “block everything”, that has nothing to do with security issues, because the Windows “default” is based on “usability”. Security and usability always is a trade, hardening security always implicates less usability (which doesn't apply to average-Joe).
Also, for average users, it is irresponsible to induce an average-Joe to use several firewalls at the same time (when he doesn't even know how to use one firewall alone). You have to be responsible when writing opinions, remembering that out of 10, what works for 1 user generally does not work for the other 9 users.
Finally, it is not true that Windows Firewall by default is insecure. That premise is a fallacy, which starts from the mistake of not understanding the meaning of “default” for Windows. I repeat, it is not true that what works for 1 user here in MT, works also for billions of users outside MT. The Windows firewall is 100% customizable, and can block 100% of any kind of IN or OUT connection, there is not the slightest need for a third party firewall. If the Windows default is not based on “block everything”, that has nothing to do with security issues, because the Windows “default” is based on “usability”. Security and usability always is a trade, hardening security always implicates less usability (which doesn't apply to average-Joe).
- Mar 2, 2023
- 1,094
This thread may help to answer that one
Serious Discussion - Avast Free Firewall vs Windows 10/11 Firewall
Hi, a curiosity, if you can help me, but is the Avast Free firewall at the same security level as the Windows 10 or Windows 11 firewall or is it more powerful? Thank you.
malwaretips.com
- May 13, 2017
- 2,638
Majority is not always right, especially when they use the same source. A firewall is not an AV. Everyone literally uses multiple firewalls, like routers and other devices, WF is just the last one.
Even a single firewall is like multiple firewalls, when it filters network packets and then apps, like Comodo Firewall, packet is simply held/blocked till it is inspected by the next firewall/user.
Yes, it can block anything and any app or malware with admin rights can remove those rules at will. According to MS, it is not a vulnerability, it is by design, it is all about endpoint security.
Last edited:
Hi @TairikuOkami !
I never said "the majority is right". I said to seek all the correct information, avoid selectivity.
I also said that "default" for Windows means usability, because is focused at average-Joe. To focus at usability and security at the same time demands a complex recommendation (and subjective opinions about particular settings/configurations generally don't apply to average-Joe).
Routers and Windows Firewall are complementary (precisely) because Windows "default" is based on usability (routers deals with IN connections, while WF deals with OUT). Same logic applies to single firewall built by small internal firewalls, all they are coordinated to work as one single major firewall. When more than one single firewall is installed, they are not coordinated.
PS: Windows is incredible customizable, it's possible to convert Windows into a blocker where is possible to block almost everything (including commands trying to disable the firewall). We don't see that in real-life, because Windows is focused on usability.
Last edited:
- Dec 23, 2014
- 8,510
Thanks. So, using two firewalls installed in Windows is possible. But, I agree with @Decopi that it is not recommended for most users (we already use 2 firewalls because the basic firewall is in the router).
- Apr 5, 2021
- 620
Routers, at least the type found in homes will only block inbound, which any old firewall will do by default. What's more important is ability to block outbound, and Windows firewall, as well as most 3rd-party firewalls can be configured to do so. Even the simple built-in firewall in Linux can block outbound, but it can not do so for selected applications. The rules apply to all applications seeking outbound access. Still, it's better than just using inbound blocking only.
The problem faced for most people who want to use outbound filtering, is do they know how to set up the rules to restrict applications to:
Btw, using a multiple firewall setup consisting of a router and application firewall is perfectly fine, and I'd go so far as to say recommended, as the router will block all kinds of unnecessary Internet "noise" from reaching the application firewall. The router is just separate hardware which has no interaction with the OS. The problem is trying to use two or more application firewalls together. Not a good idea.
The problem faced for most people who want to use outbound filtering, is do they know how to set up the rules to restrict applications to:
- Protocol
- Remote Port(s)
- Remote IP address(es)
Btw, using a multiple firewall setup consisting of a router and application firewall is perfectly fine, and I'd go so far as to say recommended, as the router will block all kinds of unnecessary Internet "noise" from reaching the application firewall. The router is just separate hardware which has no interaction with the OS. The problem is trying to use two or more application firewalls together. Not a good idea.
Last edited:
- May 13, 2017
- 2,638
MS sure made it difficult by forcing store apps to change location with each update. I tried the feedback, but instead of addressing the issue, they attacked me for posting my spam email.
Attachments
- Apr 5, 2021
- 620
MS sure made it difficult by forcing store apps to change location with each update. I tried the feedback, but instead of addressing the issue, they attacked me for posting my spam email.
Yes, that is problematic, and something that I find astounding that MS is unable to or most likely unwilling to fix.
MS sure made it difficult by forcing store apps to change location with each update. I tried the feedback, but instead of addressing the issue, they attacked me for posting my spam email.
With your permission, it would be interesting to separate topics:
1. Usability
2. Security
3. GUI
Usability is the focus for average-Joe, and in this case it is NOT recommended to install more than a single firewall + router.
Advanced users looking for +security = -usability, can customize the Windows Firewall. And also they can block commands that disable the firewall. In Windows it is practically possible to block almost anything you want to block.
But considering that Windows focuses on “usability”, the firewall GUI is not user-friendly. In that case, some third-party firewalls are useful! @TairikuOkami, I consider you one of the most knowledgeable people on this subject, and I always thank you because I have learned a lot with you. But IMHO, these third-party firewalls are NOT better than WF in terms of security, they serve only as a better GUI, and just few third-party firewalls have good GUI (Comodo Firewall is full of bugs, and does not even allow to customize Windows Services or Svchost etc etc etc).
- Apr 5, 2021
- 620
Interesting, because I remember many years ago during Windows Vista days, I would sometimes pm, in another forum, a firewall expert who said that Windows firewall did an excellent job in terms of the way it handled and inspected packets for abnormalities, better than most 3rd-party firewalls. In fact he was disappointed with the way most application firewalls did so. Too bad he stopped participating in the forum long ago.
- May 13, 2017
- 2,638
Average Joe has no say here, because he does not even know, if he has AV installed, let alone a firewall.
They usually only care about a firewall to deal with a single issue, like blocking an app, tracking. Like this:
Firewall App Blocker (Fab) v1.9
With Firewall App Blocker (FAB) you can Quickly allow or deny apps access to the internet through Windows Firewall. It is portable freeware
www.sordum.org
Similar threads
