Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Windows Defender Firewall Critique Part 2
Message
<blockquote data-quote="Andy Ful" data-source="post: 1102156" data-attributes="member: 32260"><p>The main assumption in this thread is the ability to run malware with high privileges. It is true that under this assumption, one can dismantle Windows Firewall, but also any software Firewall, AV drivers, and services. There are well-known methods to do it.</p><p></p><p>Most InfoStealers inject the code into system processes (like Svchost) - they can hardly be controlled (at home) by manually adding the firewall rules. The practical method is applying Network Protection with a blacklist of malicious domains and C2 servers. Unfortunately, the Windows built-in default protection does not include Network Protection.</p><p></p><p>Generally, all Firewalls (in reasonable settings) from home AVs are insufficient to protect users against info stealers. Even the Comodo Firewall is insufficient without applying auto containment, and such a setup is very similar to the protection based on the file reputation where the untrusted files are simply blocked. The main protection here is file reputation (or file whitelisting) and not the Firewall.</p><p></p><p>Of course, some 3rd party Firewalls can provide stronger protection without much tweaking, but they can also cause more problems than the default Windows Firewall.</p><p>A nice comparison for business AVs can be found in the MRG Effitas "360° Assessment & Certification" tests, in the sections "Real Botnet" and "Banking Simulator" (Eset and Malwarebytes on top).</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1102156, member: 32260"] The main assumption in this thread is the ability to run malware with high privileges. It is true that under this assumption, one can dismantle Windows Firewall, but also any software Firewall, AV drivers, and services. There are well-known methods to do it. Most InfoStealers inject the code into system processes (like Svchost) - they can hardly be controlled (at home) by manually adding the firewall rules. The practical method is applying Network Protection with a blacklist of malicious domains and C2 servers. Unfortunately, the Windows built-in default protection does not include Network Protection. Generally, all Firewalls (in reasonable settings) from home AVs are insufficient to protect users against info stealers. Even the Comodo Firewall is insufficient without applying auto containment, and such a setup is very similar to the protection based on the file reputation where the untrusted files are simply blocked. The main protection here is file reputation (or file whitelisting) and not the Firewall. Of course, some 3rd party Firewalls can provide stronger protection without much tweaking, but they can also cause more problems than the default Windows Firewall. A nice comparison for business AVs can be found in the MRG Effitas "360° Assessment & Certification" tests, in the sections "Real Botnet" and "Banking Simulator" (Eset and Malwarebytes on top). [/QUOTE]
Insert quotes…
Verification
Post reply
Top
