Windows Firewall is not so bad, keep in mind that majority of the firewall tasks nowadays are handled by the router. The software routers on devices, are just to block internal threats, which also doesn’t commence if the network is set to “home” type.
In this case there is no filtering applied between devices.
Of course, programmes are controlled, but with good security software (and being picky what’s being downloaded/installed), users will not be running suspicious and malicious apps — so blocking/allowing traffic is a waste of time. Furthermore, rules “per app”, “per protocol” are not as effective as IPS or secure DNS.
Users can argue that LOLBins can be abused. They can, but the abuse doesn’t come magically “from the sky”, malicious code needs to be ran.
To improve security, I suggest the following checklist is covered:
1. Try to deploy IPS, ideally on a router level. For example Asus with Merlin firmware supports deployment of Suricata IDS. Some routers have built-in IPS.
@Divergent can provide more information how Suricata can be deployed on a router level.
2. Deploy secure DNS, particularly one that blocks very new websites. NextDNS and Control D are perfect.
3. Ensure devices have proper botnet/system-wide malicious connections protection — Microsoft buit-in tools do not provide this security. However, the secure DNS will partially help in this direction. But it won’t help when the system tries to connect directly to IP addresses, not to domains.
