Firewall recommendation for Win7

originaljgf · 26 Jan 2022

For many years I used PCTools Firewall Plus, and loved it. Sadly it doesn't work in Win7 (though I've read some posts that imply it does, perhaps it is quite system dependent) so currently am using the default windoze firewall, which, for me, leaves much to be desired. Glasswire was recommended, but I found it is not a firewall, just a pretty front end for the default; I used it two days and removed it ....because:

With PCTools I would get a popup, "blahblah.exe is attempting to connect to 'URL or IP' via port so-and-so", and I would have four options: allow, allow once, block, or block once. Same situation with Glasswire, I get a popup, "blahblah.exe has connected to the internet". What kind of "security" is that? Being notified after the fact!

Also, with PCTools it was a simple matter to bring up a list of all pertinent software and edit the settings with a couple of mouse clicks; as opposed to the usual MS kludge of its firewall.So, is there a firewall similar to PCTools compatible with Win7 x86?

file3456 · 27 Jan 2022

Which version are you using? I just downloaded this firewall from here which is version 7.0.0.123 and it's executable signature dates to 2011. So Windows 7 should run it.

If you're looking for an alternative to a certain software, then try AlternativeTo. Please Wait... | Cloudflare

This site covers older versions of software if they have a copy. Old versions of Windows, Mac and Linux Software, Apps & Abandonware Games - Download at OldVersion.com

Another site was Oldapp, but I don't see it anymore.

I personally use Peerblock (a very old software) and block over 862 million IP addresses. But it's not really a firewall like PCTools, Comodo, etc. By far your best option would have to be the hardware based firewall pfSense. But it's not something that tells you this program wants to do this and what have you. But pfSense has some pretty stellar options up to and including whole ASN blocking and an IDS using Snort. If you're just a home Internet user it would be over the top. If you port forward and can't use Zerotier, then I'd go pfSense.

Scan all downloads at VirusTotal. Or check the file hash. You can get a hash from a file using a program called HashTools. The general consensus is four positive hits and yo toss. But it depends on what you have, what the relations and behaviors say. Ignore the low IQ comments. LOL

I'm saying all this because seemly "goodware" can be infected via a server hack to infect the "goodware".

- - - Updated - - -

Note, that you really don't need a firewall if you have a router or modem that uses SPI (Stateful Packet Inspection). This is great to protect the inbound, but not the outbound however.

originaljgf · 27 Jan 2022

Thanks; I don't know what version I had, but used it for years in Vista. Upgraded to Win7 and was told PCTools wasn't compatible, my own research found everything from "it works fine" to "it crashes my system". If it is still reliable I'll be quite happy; especially as I've no plans for OS beyond Win7 (if I outlive Win7 I go to Linux).

Virustotal is a great site, been using them since a 6meg file was the largest they would process. It's always odd when my local AV program will flag something as suspicious or malicious, upload that file to Virustotal and their version of the same AV gives that file a clean bill of health (Kaspersky was notorious for this).

Some of your info is over my head, I'm fairly fluent with computers but not networking. My ISP is ATT uverse, fiber optic to a node about 100yards from this highrise, phone line from there to my modem, an Arris NVG589, ethernet cable to two desktops.

file3456 · 29 Jan 2022

Upgraded to Win7 and was told PCTools wasn't compatible

Who or what told you this? Windows 7?

I have that version I mentioned downloaded and have been meaning to give it a go and see what happens on my end. Having said that, do the same with that version. Who knows, it might work for you since you indicated the other didn't and it may be because of the version. I don't know.

As to the cryptic nature of my post. LOL Well. that's typical for a lot of what I say and has been for almost two decades now. I'll see if I can't shed some light on the things I was talking about that think you don't know about.

A) Executable signature.

Find a known executable like for example, Adobe.exe or something. Right click that file, chose properties, see that tab up there called Digital Signatures? This can "help" in IDing that the file is legit, but not always. It's called code signing and it SHOULD be used for EVERYTHING. Up to and including firmware for routers, IoT, you name it. About router firmware, this could help prevent crap like this and this. I see it get blocked all the time on my website. It's like Tor (the "dark web"/Onion routing) but waaaay more sneaky and robust. It's why I chose to use third-party firmware for my router of ASUS Merlin or DD-WRT.

B) ASN

Autonomous System Number. You know what an IP address is. How about a range of them? Like 192.168.1.0-192.168.1.155 or its CIDR (Classless Inter-Domain Routing) 192.168.1.0/24. Now imagine a whole bunch of CIDRS (ranges in a group) That's an ASN. Here's all the ranges for one ASN for Amazon AWS (Amazon Web Services). https://bgp.he.net/AS14618#_prefixes You'll note there are other service providers withen that ASN. What's great about whole ASN blocking in pfSense is that it covers the whole damn hosting provider, ISP, etc. So If I want to block AWS, I can block all of their ASNs, but, I have to be conscientious on the possibility of other service providers withen that ASN. Sometimes there are multiplay ASNs where legit ISPs are mixed with hosting providers and what not. So you have to weed it all out by hand at the CIDR level for blocking. This is what I do on an almost day by day basis for my website at the Cloudflare level (a reverse proxy offering a security WAF Web Application Firewall) and with a PHP (Hyper Text Pre-Processor. It's just code) based firewall at the website as well. So I have two layers of protection.

C) IDS

Intrusion detection system - Wikipedia pfSense offers this with Snort. Snort (software) - Wikipedia

D) Zerotier

ZeroTier - Wikipedia

Instead of having to port forward a port to allow your friend's to play a local network of World of Warcraft or something, you can use Zerotier. It's great because an open port is an open invitation for a hack. Same goes if UPnP (Universal Plug and Play) is on. Ever use Team Viewer? It's able to communicate right past firewalls and routers because it makes an HTTP connection straight from the software its self. No port forwarding and what have you required (well, not for very strict networks). Zerotier is like the same thing, except I use it to access to my own private Team Speak server for audio delivery from my "police" scanners (they're communication receivers). I can access my local FTP server for file transfers, etc. It's cross platform so I can do this via an App or Windows.

E) File hash.

Cryptographic hash function - Wikipedia

Basically means this long ass number is associated to this file and no other file. If one thing, just one thing changes within that file the whole damn hash number is different. So, if I calculate a hash for a file and check that hash at VirusTotal, and if that file was already uploaded to Virus Total, I'll get a virus report without having to upload the file because the hash already matches that specific file in that state that was already uploaded. The type of hash VirusTotal uses is SHA256 (some say Jamaican kush, but that's another story...). SHA256 is the same hash used for Bitcoin and maybe others, I don't know.

How do you calculate a hash for a file? Lots of software out there will do it, I use HashTools. So when I download a file (even a damn image), I compute its SHA256 hash, and then check the hash at VirusTotal (can't copy/paste anymore it seems. Have to control+V via the keyboard into the input search box). There is other software that does this with the VirusTotal API (Application Program Interface) at Github.

Now here's some real dorky stuff. I uploaded what is called a canary token (like a web bug so to speak) to VirusTotal to see who would open the file (security researchers) and found about 90% of all IPs were from China. The rest from Russia.

Interesting to note, the U.S. Cyber Command is not in this article. Maybe I need to fix that. https://en.wikipedia.org/wiki/VirusTotal

https://www.zdnet.com/article/us-cyb...to-virustotal/

https://web.archive.org/web/20181108...to-virustotal/

I think that takes care of the cryptic nomenclature.

originaljgf · 29 Jan 2022

As for PCTools, I recommended it often but several people told me it would not install in Win7; when I updated Vista to Win7 it disabled PCTools and reverted to the default firewall. In the course of dealing with other issues regarding this update another site told me PCTools was not compatible with Win7 or later, so I removed it. FWIW, PCTools was purchased by Symantec and became part of Norton Security Suite.

Thanks for the explanations; I am knowledgeable enough to get the gist of them, though not enough to apply, lol ("a little knowledge is a dangerous thing", especially dealing with computers).

Will be reinstalling PCTools once I'm sure the Simplix install went well.