Is windows 7 firewall enough?

I've read through this thread and scanned through all the ones that were linked herein. The one thing that nobody mentioned is the fact that the Windows firewall comes pre-configured to ALLOW all outbound traffic. The links that pointed to posts that detailed how to configure rules to allow outbound traffic from specific programs/ports neglected to mention that you ALSO need to change the default allow behavior to "block" outbound connections that do not have a rule defined to allow the connection.

You can learn how to configure it here: Ensure Two Way Protection with Windows Firewall | PC Security

However, if you change the default behavior to "block" outbound connections by default, then you will need to configure a rule for each program and/or port that you want to allow an outbound connection. This will give you basically the same experience you get with ZoneAlarm... you may get frustrated because you are going to have trouble at first, until you get everything configured.

Why block outbound connections? Simple. Someone earlier posted about problems with trojans from torrent downloads. You can get trojans from many places... even from trusted websites that have been hacked. The outbound firewall blocking won't prevent the trojans from being installed on your system... but it will prevent the trojan from being able to connect to a server on the internet (which would allow it to potentially send your personal information to thieves)... and it will prevent a worm from propagating to other computers on your local network. Now, I know many of you are thinking... "But my anti-virus software should protect me from the trojan." Yes, and the operative word here is "should". However, as any computer security expert will tell you... it is best to have multiple levels of defense in case one of them doesn't catch the virus/worm/trojan/etc.

Is Windows Firewall easier and less frustrating? Yes... because it doesn't protect you from outbound connections in the default configuration. This means that you won't get those irritating pop-ups asking you if it's OK for some program to access the internet... and it also means that programs can access the internet without your permission or knowledge.

Can Windows Firewall be configured to be just as secure as third-party firewalls? Yes, it can. In fact, it can be configured to be MORE secure than some of them. However, it is not as easy to configure as a firewall like ZoneAlarm. ZoneAlarm, by default, blocks all inbound and outbound traffic. During installation, it asks you if you want to automatically configure common programs to be allowed outbound connections (e.g. Internet Explorer, Outlook, Media Player, etc). Then, when a program that has not been configured tries to make an outbound connection, ZoneAlarm prompts you and allows you to configure it to always allow or always block that program... all without having to open the Control Panel to make the change.

I don't know about you all, but I use just MS Security Essentials and Windows Defender; my computer's spotless. And while I'm a paranoid security fanatic, I found this combination perfect. Mind you, internet usage(particularly BitTorrent!) is very, very high with me; I used Kaspersky earlier, but my poor 1GB RAM just couldn't take the load, causing extremely slow computing. I removed Kaspersky, and bingo. No viruses, no adware, nothing. The CPU usage rarely goes over 60 percent.
Bottomline: Use MS Security Essentials with Windows Defender, you should have zero trouble.

thekb said:

I don't know about you all, but I use just MS Security Essentials and Windows Defender; my computer's spotless. And while I'm a paranoid security fanatic, I found this combination perfect. Mind you, internet usage(particularly BitTorrent!) is very, very high with me; I used Kaspersky earlier, but my poor 1GB RAM just couldn't take the load, causing extremely slow computing. I removed Kaspersky, and bingo. No viruses, no adware, nothing. The CPU usage rarely goes over 60 percent.
Bottomline: Use MS Security Essentials with Windows Defender, you should have zero trouble.

I ve had a couple of trojens that got by MSE, and only MBAM was able to remove them with a full scan.

I think most, if not all, security "experts" will agree that no antivirus, no antispyware, no antimalware product of any kind is 100% effective 100% of the time. And once a computer is infected, you can never be 100% sure that it's been completely cleaned regardless of what your fancy scanning tools might say.

If people are going to visit questionable websites, open unexpected email attachments, click on unknown pop-ups, give out their personal information to strangers claiming to represent some rich Nigerian prince who needs their help, then those people will get infected some day. Knowing that, why don't more people make use of the excellent imaging tools that are available? Many of them free.

Set up your computer the way you want including your antimalware of choice. Update everything. Install all of your other programs and update them as well. Before you do anything else, make a system image! Instead of wondering if all of your fancy scans really cleaned your machine, just reinstall that clean image. How hard is that?

First, Microsoft Security Essentials is an anti-virus software package. Windows Defender is an anti-spyware package. Neither of these replaces a firewall.

Second, if you had problems with Zone Alarm, it was because Zone Alarm was blocking some traffic that you wanted to allow. You could have simply configured it to allow the traffic that you wanted to allow. By using Windows Firewall without configuring it to block outbound connections, all you've accomplished is making your computer less secure by allowing all outbound connections. This is easier from a user perspective (nothing to configure and no annoying pop-up warnings), but much less secure.

I've been using ZoneAlarm since it came out 10 years ago. No BSOD's. Yes, it did have a compatibility problem with Windows 7, but that has been fixed. If you install the latest version of ZA, there is no problem with Windows 7.

Yep, no antivirus/anti-spyware/firewall is 100% perfect. That's why you need all three (plus a router with built-in firewall). When one fails, the other might catch it. Any security expert will tell you that you need multiple levels of protection.

Both Windows Firewall and ZoneAlarm can be configured to protect your computer. There are advantages and disadvantages to both.

Windows Firewall Advantages:
+Can be configured to block all outbound traffic
+Can be configured to allow outbound traffic from specified programs
+Can be configured to allow outbound traffic via specified ports
+Can be configured to allow outbound traffic to specified IP addresses/host names.

Windows Firewall Disadvantages:
-Comes pre-configured to allow ALL outbound traffic.
-Configuration is not as easy as ZoneAlarm
-Each program needs to be configured manually to allow outbound traffic (IE, Firefox, Chrome, Outlook, etc)

ZoneAlarm Firewall Advantages:
+Comes pre-configured to block all outbound traffic by default.
+Simple installation program asks you if you want to allow outbound connections from known-safe programs (like IE, Firefox, Chrome, Outlook, etc).
+When a new program attempts to make a connection, the pop-up allows you to configure the new program with a very simple Allow/Disallow/Don't-ask-me-again dialog.
+Can be configured to allow outbound traffic from specified programs
+Can be configured to allow outbound traffic to specified IP addresses/host names.
+Tracks changes to pre-configured programs. When a program is updated, ZoneAlarm knows this and will prompt you before an outbound connection is allowed from that program. This prevents programs which have been altered by a virus from penetrating the firewall without your permission.

ZoneAlarm Firewall Disadvantages:
-Annoying pop-ups until you have everything configured. This usually only happens for the first day or so.
-Cannot configure to allow outbound via specified PORTS unless you purchase the "Pro" version.