Questions about Windows Firewall

cmmtch · 20 Oct 2012

Hi,

I've been a ZoneAlarm Pro (firewall only) user for the last 11 years, at the time I started with ZA the Windows firewall was lacking many features and ZA was among the top firewalls. My ZA subscription expires in Nov and I would like to move to the Windows brand of firewall.

Right now I use MSE, MalwareBytes, and SpywareBlaster along with ZA. I haven't ever used the Windows firewall and am considering changing to it. My questions would be has it improved over the years, does it block outgoing traffic, is it user friendly configurable if something needs to be allowed in or out? If Microsoft is offering a comparable product I would rather use it than a third party application.

I know all things like this are personal preference but I am asking for opinions, all are welcome, thanks to all who reply.

Jacee · 20 Oct 2012

You can learn about Windows firewall here: How to Configure Windows Firewall on a Single Computer

Alejandro85 · 20 Oct 2012

In Win7, the built-in firewall is MUCH better than in XP. I think it now deserves at least a try, unlike in XP where everyone was forced to disable it. I'm using it now and, while still far from the best, it's good enough for most needs. A quick resume out of my mind:

Pros:
-Built-in with Windows, no additional downloads or extra fees
-Extensive configuration options in the advanced mode
-Filter incoming and outgoing connections
-Filter by origin/destination IP, port, program and network type

Cons:
-Quite insecure by default, unless you enable outgoing blocking
-Somewhat hidden configuration options. The advanced screen in administrative tools is THE setup area, while the control panel applet is totally useless
-LACK of notifications for blocked outgoing connections, and non-working for incomming.

DavidE · 20 Oct 2012

With Windows 7 I've only used the built in firewall and haven't had any problems in 3 years.
I also use a router firewall.
I read about TinyWall, a free front end for the Windows firewall.
I haven't tried this yet, but here is a SF thread you should check out (with the link to TinyWall):
PC Tools Firewall discontinued. Looking for replacement.

alikhan · 21 Oct 2012

Windows Firewall has improved, though it still isn't considered to be as effective as the industry leader Comodo . It all depends on what you do while online, and what you're likely to encounter.

logicearth · 21 Oct 2012

I never understood the reason people need outbound blocking. If you don't want your computer to access the internet, disconnect it. As it is, what most people need is inbound blocking which the built in firewall handles. But what is better, sit behind a router (or modem with a built in firewall) that blocks all inbound traffic that was not established from within the network. Pretty much all consumer routers do this making expensive software firewalls like ZoneAlarm absolutely useless, does nothing productive but waste CPU cycles. (The router is already blocking all inbound traffic not established from within the network.)

cmmtch · 21 Oct 2012

logicearth said:

I never understood the reason people need outbound blocking.

My reasoning for outbound protection is a trojan, worm, virus, or malware could be generating outbound traffic to a server to then use your box for DDOS attacks, hundreds of spam emails, etc...

Pretty much all consumer routers do this making expensive software firewalls like ZoneAlarm absolutely useless, does nothing productive but waste CPU cycles. (The router is already blocking all inbound traffic not established from within the network.)

My router/modem is a 3600HGV (ATT Uverse internet Gateway) For me ZA (firewall only) at $24,95 per year isn't expensive, it doesn't seem to affect my PC performance. I'm most interesting in getting other users opinions and experiences with the Microsoft firewall. I have been leaning toward using the windows firewall since I installed Win7 in spring of this year.

I do go to sites that would be considered the "wrong side of the tracks" sometimes, I don't do torrents or P2P.

Thanks to everybody that has replied so far :) All that reply to this thread will get rep.

logicearth · 21 Oct 2012

cmmtch said:

My reasoning for outbound protection is a trojan, worm, virus, or malware could be generating outbound traffic to a server to then use your box for DDOS attacks, hundreds of spam emails, etc...

You are better off removing them from your computer by keeping your anti-malware application updated. A firewall on your computer is not really going to do anything to prevent malware (which probably has root access) from doing what it wants, including bypassing the firewall's restrictions.

* I handle corporate sized networks and security of those networks. Outbound protection, never found useful other then a headache.

Alejandro85 · 21 Oct 2012

logicearth said:

I never understood the reason people need outbound blocking. If you don't want your computer to access the internet, disconnect it. As it is, what most people need is inbound blocking which the built in firewall handles. But what is better, sit behind a router (or modem with a built in firewall) that blocks all inbound traffic that was not established from within the network. Pretty much all consumer routers do this making expensive software firewalls like ZoneAlarm absolutely useless, does nothing productive but waste CPU cycles. (The router is already blocking all inbound traffic not established from within the network.)

You're completely wrong about the outbound block. It's the most important aspect of a software firewall, because precisely of the NAT routing. For incoming protection, as you say, NAT router or hardware firewall will do most of the job. But note that it does NOT blocks possible attacks from intranet, which are commonplace in corporative environments with many users.

But why does anyone needs outgoing protection? It's not simply a matter of unplug the computer, but the security aware user will most likely want selective connectivity. That is, certain things are allowed and some others don't. An example, a web browser should be allowed outgoing traffic on ports 80 and 443, but likely another program (virus?) trying to "phone home" on port 80 and steal sensitive data, for example a keylogger, must be blocked. Also, some programs open connections when they don't really need to, wasting bandwidth. Outgoing software protection is a good option to prevent those, even at the expense of the CPU cycles, which I think are well spent.

logicearth · 22 Oct 2012

Malware, can utilize a third-party like your browser that is allowed though your firewall to send its message. Malware that has root access can also bypass firewall restrictions. Second, outbound blocking does not protect from intranet attacks nor is it needed, the built in firewall for Windows already blocks inbound connections that are not established.