Clarification on blocking incoming connections?

[Uitlander]

According to Google AI:

Blocking all inbound connections on a desktop can severely limit its functionality, preventing normal internet use like browsing and file downloads by breaking the two-way communication required for them. Many applications require an inbound response to function. For example, when you download a file from a website, you send an outgoing request and receive an incoming response with the file's data.

Yet many security sites advocate doing exactly that. I'm assuming the difference lies in the precise wording. I'm interested in blocking all unsolicited incoming connections. That would include (but not limited to) any software that auto-updates by irreversible default. I do still need access to internet and the ability to do downloads. Is there a way to do this using the windows firewall, or via some other app?

 

[Alejandro85]

This is severely wrong on so many levels, that it clearly shows why AI and similar crapware cannot reasonably reply any serious question, if you care at all about the answer.

Let me digest it piece by piece.

Blocking all inbound connections on a desktop can severely limit its functionality, preventing normal internet use like browsing and file downloads

No.
This shows a lack of understanding of what an incoming connection is to begin with, and from here it only goes downhill. In fact, most home and work computers have incoming conections blocked by their routers performing NAT, and only some exposition over local network, but that won't affect internet connectivity. Browsing and file downloads will work even if all incoming is blocked. Windows firewall, by default, blocks a good portion of them.

by breaking the two-way communication required for them.

Two way communication is indeed needed, but not interrupted at all by blocking incoming connections.
The fundamental missing point is that incoming and outgoing connections means who started the connection, then, once stablished, it continues in a two-way fashion no matter what. The key is who talks first.

Many applications require an inbound response to function. For example, when you download a file from a website, you send an outgoing request and receive an incoming response with the file's data.

That's true. And that's what happens every single time you download a file or open a website, for example.
But again, "incoming" refers to who starts the connection, not who talks on it. And it's the browser who initiates it, while the webserver on "the cloud" is there just listening until someone contacts it. So, the network activity for download a file is an outgoing connection, and as such, not affected by an inbound blocking. Once again, that there is a two way talk within the connection doesn't matters (you ask for a file, the server replies with its contents). The importan thing is who talks first.

Yet many security sites advocate doing exactly that.

Because people know what they write about, unlike AI.

I'm interested in blocking all unsolicited incoming connections.

There is no difference between "unsolicited" and "expected" connections. Either you are ready to accept and deal with incoming connections or you are not. The vast majority of times, and for most home and office use, they are not needed, and almost never over internet. Maybe for a local network sharing files, but nothing beyond that.

That would include (but not limited to) any software that auto-updates by irreversible default.

Software updates are all outgoing connections.
It's you that request them (well, the software you have running, not necesarily under your consent), not the developer contacting you and pushing them onto you. Therefore you need an outgoing rule to prevent them.

I do still need access to internet and the ability to do downloads. Is there a way to do this using the windows firewall, or via some other app?

As said, blocking incoming connections won't impair any of those, by any means (be by firewall, router or whatever). Normally, in a home network with a single computer, incoming connections can be safely blocked entirely without any impact (and with an improvement in security). In a home network if you share files or other services you need to enable them in the firewall, but only on the local network. Windows firewall (or any other decent firewall) is more than capable of doing that.

Usually, the safest option for setting firewalls and similar software is to block everything and then selectively enable some services you know you use, thus giving the bare minimum permissions.