Windows 7: does the firewall download the rules set via update

Hi
i have Windows 7 32bit

i would love to ask a question about the firewall

does it download rules set (made by microsoft to be more fase) via update module?



thanks

Hi drugo - I am not exactly clear on what you are asking here. But, here is a resource with some FAQs about firewalls in Windows 7 Firewall: frequently asked questions.

Please let me know if this helps at all. What do you mean by "Does it download rules set (made by microsoft to be more fase) via update module?"

Cheers,
Cassandra
Microsoft Windows Outreach

I think that drugo was wondering where Windows Firewall gets is Rules from (similar to Norton Internet Security using LiveUpdate).

As I understand it, Windows Firewall is essentially hard-coded with fixed rules, configurable only by the user allowing/not allowing programs to access the Internet.

The windows firewall does not patch or update regularly like antivirus apps do or 3rd party firewalls like Mcaffee etc. do. The reason has to do with the difference in the way windows firewall operates. Windows firewall is only meant to keep things OUT. It protects your computer by refusing incoming data packets that have not been requested. There is no outbound filtering or any additional features such as virus protection. For most people who maintain their system in other ways, this is MORE than sufficient.

OTOH, if you want to know when one of your applications is trying to obtain access to the outside world so you can stop it, then you will have to install a third-party firewall and configure/maintain it. In addition many 3rd party firewalls have application integrity monitoring, some have advanced features such as spyware protection and virus protection. Because of such features, such firewalls need to update regularly.

Agreed. Windows firewall does not update its set of rules -- implementation of which is at the discretion of the user if I understand correctly. In other words, it's configurable but by the user and not from/by Windows Update.

thanks!
i thouhgt Windows 7 could download ruleset for the firewall

^I am pretty sure that's not the case drugo.

This is quite a nice read about the new features in Windows 7 Firewall.
What's new in the Windows 7 Firewall?

I doubt in that since Windows built-in firewall creates rules with a very broad range - in case to avoid any conflicts by user side.
For example, you have installed torrent software (uTorrent), in uTorrent settings you have set "port used for incoming connections" eg. 43210 port (or other random port). But Windows Firewall rule looks like this (screen shot)


- it opens All Ports.

So Windows Firewall opens full port range for applications even if in using is only one port for security reasons.
Of course you can (you should) manually edit this settings, but you should do this for all application (if you know what port each application using).. it's a lot of work because by default Windows Firewall set up that and don't ask you about it.

For instance in case of other software firewall Look 'n' Stop it will be in that order:
1. You installing uTorrent
2. You starting uTorrent application [FW ask you about Internet connection by this application, you can allow/block this event with "remember my decision" box)
3. Now you configure uTorrent (set up port 43210 for incoming connections in uTorrent)
4. You try to download a file using uTorrent - uTorrent shows you yellow flag
5. You look at Firewall (Look 'n' Stop) logs tab and you see that connection on port 43210 are blocked by firewall
6. So... you have to create rule where your computer act as server and where you allow for incoming/outgoing connections on port 43210 on your machine (screen - please note that in this case port used was 64392: http://www.wilderssecurity.com/attac...1&d=1271255989 ).
7. For security reasons you can also select application for this rule - so when uTorrent will be disabled this rule will be also disabled, but when you start uTorrent application rule will be enabled until you close uTorrent.

As you can see the 3rd party software firewall rule based like Look 'n' Stop gives you much more control and security. Of course there are other software firewalls on the market, called "application based firewalls" (they are much more easier for novice users or users they are not much know about networking) and all steps above are done automatically by 'inteligent' firewall, so this is up to you what kind of firewall you will chose.

HTH,
Creer

That's good to know, Creer.

One question though - why not set the (local?) port number in the Window Firewall window?

Yes, you should do that, but since you install and first run eg. uTorrent, you get only one simple notification from Windows 7 FW:


When you ticked Private networks or/and Public networks and clik Allow access button then automatically Windows create two separate rules for TCP and UDP connections:
http://www.sevenforums.com/attachmen...e-win_fw_7.png

If you don't edit these rules it will be as it is - for All Ports.
Please keep in mind that these rules are only active when uTorrent is started:

So it's not fully secure since you don't need to have open all full range of ports for incoming connections during uTorrent activity.


BTW. check if you have rules in Windows 7 firewall for your browsers like Firefox, Opera or IE in Outbound tab.