App Review Windows Defender Firewall critique- Part 1

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Ophelia

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,545
I like this short description:

Windows Firewall vs. Third-Party Firewalls​

Windows Firewall is a robust security feature, but some users may consider using third-party firewalls for enhanced protection. Third-party firewalls offer additional features and customization options that may cater to specific security needs. They often include advanced intrusion detection and prevention systems, application control, and more granular control over network connections.

However, it is worth noting that third-party firewalls can be more complex to set up and manage, requiring additional resources and potentially introducing compatibility issues. Windows Firewall, being integrated into the operating system, offers a seamless and less resource-intensive solution for most users.

In conclusion, Windows Firewall is a capable security feature that provides essential protection against unauthorized access and common network threats. It is a user-friendly solution that is easy to configure and offers a reliable level of security for everyday users. While it may have limitations, such as limited outbound protection and potential conflicts with third-party applications, it remains a valuable asset in defending your computer against network-based threats.


It is also worth mentioning that Windows Firewall can be enhanced via GlassWire, Windows Firewall Control, Simplewall, etc.
At home, one can also apply the block rules for popular LOLBins.
If one uses Microsoft Defender, the outbound connections via phishing or malicious URLs can be monitored via Network Protection (a part of ASR protection).
If I correctly recall, it is possible to use Windows Firewall with Comodo Firewall, but I am unsure how sensible it could be (using one of them looks more sensible).
 
Last edited:

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
621
Of course Windows Firewall only blocks inbound connections by default. It can be setup to block both inbound and outbound. An easy way to do so as Andy mentioned above:


As for malware disabling Windows Firewall, I guess that's where other protections are necessary.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,545
I also wonder how effective the product the rely on and harden WF, like Trend Micro, F-Secure, Avira and Emsisoft are.

When looking at the test results of MRG Effitas (Microsoft Defender Enterprise with ASR rules), the protection is similar (slightly better in recent tests) to Avira and Trend Micro.
But, the results for Windows Firewall on default settings will be significantly worse (Network Protection and ASR rules disabled).
 

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
When looking at the test results of MRG Effitas (Microsoft Defender Enterprise with ASR rules), the protection is similar (slightly better in recent tests) to Avira and Trend Micro.
But, the results for Windows Firewall on default settings will be significantly worse (Network Protection and ASR rules disabled).
Regarding Emsisoft, this is what they said after they dripped support for their internet security version and started using WF.

 

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,214
If I correctly recall, it is possible to use Windows Firewall with Comodo Firewall, but I am unsure how sensible it could be (using one of them looks more sensible).
Comodo Firewall doesn't technically disable WF when installed. The security centre just states it as not active but you can still apply WF rules, like your WFH blocking of LOLBins and they will work with CF installed.

1724596459322.png
 

Decopi

Level 8
Verified
Oct 29, 2017
361
Out of 10 recommendations (professional or amateur) about using more than one firewall at the same time, 9 unequivocally confirm that NO more than one firewall should ever be used on a system. For people who do not understand this, I respectfully suggest that they should not be selective, and do not seek only those opinions that fit their beliefs, be objective, and inform yourselves by looking for all the correct information.

Also, for average users, it is irresponsible to induce an average-Joe to use several firewalls at the same time (when he doesn't even know how to use one firewall alone). You have to be responsible when writing opinions, remembering that out of 10, what works for 1 user generally does not work for the other 9 users.

Finally, it is not true that Windows Firewall by default is insecure. That premise is a fallacy, which starts from the mistake of not understanding the meaning of “default” for Windows. I repeat, it is not true that what works for 1 user here in MT, works also for billions of users outside MT. The Windows firewall is 100% customizable, and can block 100% of any kind of IN or OUT connection, there is not the slightest need for a third party firewall. If the Windows default is not based on “block everything”, that has nothing to do with security issues, because the Windows “default” is based on “usability”. Security and usability always is a trade, hardening security always implicates less usability (which doesn't apply to average-Joe).
 

Jonny Quest

Level 22
Verified
Top Poster
Well-known
Mar 2, 2023
1,135

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,672
Out of 10 recommendations (professional or amateur) about using more than one firewall at the same time, 9 unequivocally confirm that NO more than one firewall should ever be used on a system. For people who do not understand this, I respectfully suggest that they should not be selective, and do not seek only those opinions that fit their beliefs, be objective, and inform yourselves by looking for all the correct information.
Majority is not always right, especially when they use the same source. A firewall is not an AV. Everyone literally uses multiple firewalls, like routers and other devices, WF is just the last one.
Even a single firewall is like multiple firewalls, when it filters network packets and then apps, like Comodo Firewall, packet is simply held/blocked till it is inspected by the next firewall/user.
The Windows firewall is 100% customizable, and can block 100% of any kind of IN or OUT connection, there is not the slightest need for a third party firewall.
Yes, it can block anything and any app or malware with admin rights can remove those rules at will. According to MS, it is not a vulnerability, it is by design, it is all about endpoint security. 🤷‍♂️
 
Last edited:

Decopi

Level 8
Verified
Oct 29, 2017
361
Majority is not always right, especially when they use the same source. A firewall is not an AV. Everyone literally uses multiple firewalls, like routers and other devices, WF is just the last one.
Even a single firewall is like multiple firewalls, when it filters network packets and then apps, like Comodo Firewall, packet is simply held/blocked till it is inspected by the next firewall/user.

Hi @TairikuOkami !
I never said "the majority is right". I said to seek all the correct information, avoid selectivity.
I also said that "default" for Windows means usability, because is focused at average-Joe. To focus at usability and security at the same time demands a complex recommendation (and subjective opinions about particular settings/configurations generally don't apply to average-Joe).
Routers and Windows Firewall are complementary (precisely) because Windows "default" is based on usability (routers deals with IN connections, while WF deals with OUT). Same logic applies to single firewall built by small internal firewalls, all they are coordinated to work as one single major firewall. When more than one single firewall is installed, they are not coordinated.

PS: Windows is incredible customizable, it's possible to convert Windows into a blocker where is possible to block almost everything (including commands trying to disable the firewall). We don't see that in real-life, because Windows is focused on usability.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,545
Comodo Firewall doesn't technically disable WF when installed. The security centre just states it as not active but you can still apply WF rules, like your WFH blocking of LOLBins and they will work with CF installed.

Thanks. So, using two firewalls installed in Windows is possible. But, I agree with @Decopi that it is not recommended for most users (we already use 2 firewalls because the basic firewall is in the router).
 

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
621
Routers, at least the type found in homes will only block inbound, which any old firewall will do by default. What's more important is ability to block outbound, and Windows firewall, as well as most 3rd-party firewalls can be configured to do so. Even the simple built-in firewall in Linux can block outbound, but it can not do so for selected applications. The rules apply to all applications seeking outbound access. Still, it's better than just using inbound blocking only.

The problem faced for most people who want to use outbound filtering, is do they know how to set up the rules to restrict applications to:

  1. Protocol
  2. Remote Port(s)
  3. Remote IP address(es)
I would bet that most people allowing an application outbound freedom will simply allow out to: Any, Any, Any. This is obviously not the most restrictive, which would be to allow the selected application to only what is necessary, but at least as long as they have Block and Alert/Don't Alert for any process attempting outbound access that a rule does not exist for is still better than no outbound control at all.

Btw, using a multiple firewall setup consisting of a router and application firewall is perfectly fine, and I'd go so far as to say recommended, as the router will block all kinds of unnecessary Internet "noise" from reaching the application firewall. The router is just separate hardware which has no interaction with the OS. The problem is trying to use two or more application firewalls together. Not a good idea.
 
Last edited:

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,672
I would bet that most people allowing an application outbound freedom will simply allow out to: Any, Any, Any.
MS sure made it difficult by forcing store apps to change location with each update. I tried the feedback, but instead of addressing the issue, they attacked me for posting my spam email. 🙄
 

Attachments

  • capture_08252024_182028.jpg
    capture_08252024_182028.jpg
    482.1 KB · Views: 74

Decopi

Level 8
Verified
Oct 29, 2017
361
MS sure made it difficult by forcing store apps to change location with each update. I tried the feedback, but instead of addressing the issue, they attacked me for posting my spam email. 🙄

With your permission, it would be interesting to separate topics:
1. Usability
2. Security
3. GUI

Usability is the focus for average-Joe, and in this case it is NOT recommended to install more than a single firewall + router.

Advanced users looking for +security = -usability, can customize the Windows Firewall. And also they can block commands that disable the firewall. In Windows it is practically possible to block almost anything you want to block.

But considering that Windows focuses on “usability”, the firewall GUI is not user-friendly. In that case, some third-party firewalls are useful! @TairikuOkami, I consider you one of the most knowledgeable people on this subject, and I always thank you because I have learned a lot with you. But IMHO, these third-party firewalls are NOT better than WF in terms of security, they serve only as a better GUI, and just few third-party firewalls have good GUI (Comodo Firewall is full of bugs, and does not even allow to customize Windows Services or Svchost etc etc etc).
 

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
621
But IMHO, these third-party firewalls are NOT better than WF in terms of security,...

Interesting, because I remember many years ago during Windows Vista days, I would sometimes pm, in another forum, a firewall expert who said that Windows firewall did an excellent job in terms of the way it handled and inspected packets for abnormalities, better than most 3rd-party firewalls. In fact he was disappointed with the way most application firewalls did so. Too bad he stopped participating in the forum long ago.
 

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,672
Usability is the focus for average-Joe, and in this case it is NOT recommended to install more than a single firewall + router.
Average Joe has no say here, because he does not even know, if he has AV installed, let alone a firewall.
They usually only care about a firewall to deal with a single issue, like blocking an app, tracking. Like this:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top