a few security questions. firewall,antivirus software.Backgroundtraffc

[Marie SWE]

EDIT:

solved as insoluble


--------------------------------------------



Hey again.

Yes, I know this is a win7 forums, but I got no answer in eightforums, so I am going to try my luck in here.

I notice that win8.1 has much more background traffic on the network than win7.. So I wonder if any of you know about a good third-party firewall that can block outgoing domain names and IP addresses. It don't need not be a free firewall, even if free tastes good.
as example: example.com or *.example.com or 10.0.0.0 or whole net range: 10.0.0.0-10.0.0.255
And I want to specify the rules on one program or on five programs, or on all programs.


I have a hardware firewall to protect my computers against incoming attacks.


I'm also looking for an antivirus / malware program that can protect my file system. That doesn't take too much system resources.


I'm not really interested in some "all in one security solution". I would prefer if the programs is separated, if possible.


I also wonder how to completely disable IPV6 in win 8.1 (I don't have IPV6 capability to my ISP) I see lots of activity with ipv6 addresses in the resource monitor. Even that I have checked IPV6 on my network card properties.
Tried this: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\
Name: DisabledComponents Type: REG_DWORD Value: FF (IPv6 disabled)
But I can still see traces of ipv6 addresses in resource monitor.


Best regards Marie

 

[axe0]

Are the advanced options in Windows Firewall not sufficient?

 

[file3456]

I'd check out something like a thin client or a nettop and use Pfsense or Sophos firewall. Then I'd monitor SNMP via some application at the router level. If this is beyond your compression, then try Comodo firewall. But I haven't used that in years so I can't tell you if it's worthwhile and problem free now.

 

[Marie SWE]

Are the advanced options in Windows Firewall not sufficient?

No, windows firewall does not provide a good overview, it lacks real-time monitoring capabilities, the logs are not sufficiently detailed. I did found a third-party program that uses the windows firewall which provided reasonably good overview. But I still miss some features. that combined with privatefirewall gave a half decent solution.. but not the perfect one I'm looking for. And it gets messy when you need multiple programs for one task.

 

[Marie SWE]

I'd check out something like a thin client or a nettop and use Pfsense or Sophos firewall. Then I'd monitor SNMP via some application at the router level. If this is beyond your compression, then try Comodo firewall. But I haven't used that in years so I can't tell you if it's worthwhile and problem free now.

I have a hardware firewall that monitors the traffic within the network. The problem is that I can only see which computer the traffic belongs to. I can't see if computer1, computer2, computer3 etc. if it is symantec or avast or firefox etc or if it is a zerodays malware or spyware that connects to the internet.
I ran in to the wannacry the virus 1 week before it was discovered.
luckily, it was on my windows XP computer that i have total monitoring on, so it didn't had the chance do any harm and it couldn't spread internally in my network as my software firewall blocked the traffic, even that the computer had complete admin access in my network.
That taught me how important it is to have full internal monitoring within each computer to have a chance to prevent zeroday's virus/malware/spyware

 

[file3456]

Then I'd look at Comodo. Many, many years ago I used Zone Alarm and they may have improved. You can see what is going out on the net with CurrPorts. CurrPorts: Monitoring TCP/IP network connections on Windows

As to Wannacry, I believe that used port 445 or something and that shouldn't be a factor if your router blocks that port. In your router the default username and password should not be default, you shouldn't use UPnP and not use port forwarding unless you need it and if the application that needs port forwarding can be changed to use a port well above 30,000 I'd use that.

 

[Marie SWE]

Then I'd look at Comodo. Many, many years ago I used Zone Alarm and they may have improved. You can see what is going out on the net with CurrPorts. CurrPorts: Monitoring TCP/IP network connections on Windows

As to Wannacry, I believe that used port 445 or something and that shouldn't be a factor if your router blocks that port. In your router the default username and password should not be default, you shouldn't use UPnP and not use port forwarding unless you need it and if the application that needs port forwarding can be changed to use a port well above 30,000 I'd use that.

I thank you for the link, the monitoring program but the log is better in malwarebytes windows firewall control.

Zone Alarm were okay several years ago when it was 32bit OS(up to winXP), but zone alarms are now worse. everything goes towards more user-friendly and where the programs don't need to integrate with the user. and everything goes more towards internet security solutions where antivirus, firewall etc it all is nice integrated in one. So it is not possible to take a firewall from one and an antivirus from one other program
What I am looking for is something that is equal or much better than what the sygate firewall pro 5.5 was. everything in the same programs.. advanced firewall rules, logs, backtrace, stealth mode, options to set time for how long an attacking ip number should be blocked etc. etc.

I just mentioned wannacry as an example of when it was a zeroday's problem. today, all antivirus software protects against wannacry and winupdate patches are sent via winupdate from winXP and newer windows systems.
The big problem is just when you get a new zerodays attack, then you have absolutely none protection through all the fancy antivirus programs you can have installed and so on. It's then that it is important to have internal monitoring, so you have a chance to shut down the operating system before too much damage can occur.

I have no router. when it comes to my hardware firewall, all incoming ports are closed. Outgoing ports are not blocked/locked, when I have some programs that randomizes outgoing ports for specific traffic.
My servers is blocked in the firewall so they doesn't have internet access and only four of my computers has server access.

So it seems as i may need at least four programs to almost do one old programs job.
I'll just might be forced to continue to use my xp computers outwards and continue to have my Win7 and Win8 computers isolated from internet. :shock:

I have been trying to find good win7 programs for many years. I had little hope that something had turned up now under win8 and win10 generation, but it seems that the market doesn't have that kind of demand on total control and monitoring anymore.

So I probably just has to realize, that what I want doesn't exist.

But I thank you for taking the time to try to help me.