Author Topic: Firewall Recommendations  (Read 4550 times)

0 Members and 1 Guest are viewing this topic.

DonZ63

  • Guest
Firewall Recommendations
« on: September 15, 2011, 11:22:36 PM »
Avast 6.0.1289, Win 7 SP1 x64, MalwareBytes Pro

I dumped Comodo because of issues I did not like one bit. I will leave it at that.

Right now I am running with Sphinx's Win 7 Firewall Control and things are running great. I am behind a Netopia 3347 with it's hardware firewall running in highest protection silent mode. NAT and stateful inspection is set on at the router.

With Avast web shield scanning outbound port 80 connections and Malwarebytes running in real time, I feel this protection is adequate. WIN 7 firewall handling all inbound protection and WIN 7 Firewall Control handling all outbound.

Have considered PrivateFirewall but really don't think I need it.

Comments, please.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: Firewall Recommendations
« Reply #1 on: September 15, 2011, 11:44:27 PM »
if you search the forum, you will that this topic have been debated about 100 times before, and that there are almost as many opinions as forum members


http://ask-leo.com/do_i_need_a_firewall_and_if_so_what_kind.html

http://askbobrankin.com/do_i_really_need_a_firewall.html


Dch48

  • Guest
Re: Firewall Recommendations
« Reply #2 on: September 15, 2011, 11:52:51 PM »
I am also using Win 7 Firewall Control and I'm satisfied with it. One correction though, it runs completely independently of the Windows Firewall and handles both incoming and outgoing connections. Even if Windows Firewall allows an incoming attempt, W7FC will still block it until you allow it there as well. Sphinx recommends leaving the Windows Firewall enabled if you are using the free version of W7FC but you can disable it if you have the paid version.

This comes from their forums. VFC is the former name of the program (Vista Firewall Control).

Quote
All VFC versions filter the traffic in the both direction (incoming and outgoing), but
VFC free can not manage system (located in c:\windows\*) applications, only VFC Plus protects all the applications including system ones.
So using VFC Free Windows built-in firewall may be used to protect system applications.

This is not the whole story though, W7FC does manage the system apps in a way but you can not edit or delete the rules it automatically creates for them. This is what the rules look like. The ones that say "enable all(read only)" are system files. You might get alarmed by the enable all part but this is exactly the same thing the built in Firewall does. It automatically creates incoming exceptions for system files that need them and allows all outgoing like it does for everything.

« Last Edit: September 15, 2011, 11:57:32 PM by Dch48 »

DonZ63

  • Guest
Re: Firewall Recommendations
« Reply #3 on: September 16, 2011, 01:11:34 AM »
Quote
This is not the whole story though, W7FC does manage the system apps in a way but you can not edit or delete the rules it automatically creates for them. This is what the rules look like. The ones that say "enable all(read only)" are system files. You might get alarmed by the enable all part but this is exactly the same thing the built in Firewall does. It automatically creates incoming exceptions for system files that need them and allows all outgoing like it does for everything.

Dch48,

I am presently using the free ver. of W7FC. I have all outbound connections allowed for the Win 7 firewall. If I add rules for outbound in the Win 7 firewall primaily for svchost.exe - Win updates and time services only, this will override the corresponding rule (invisible) for svchost.exe that W7FC generated. Is that correct?

Pertaining to the paid ver. of W7FC. It appears to be pure firewall only; no IPS, HIPS, etc. Is that correct? I also noticed that an option exists in the paid version to "Check AV hook." Is this really necessary to prevent localhost leaks as is implied? I am running avastsvc.exe as "enabled" in the free version without issue.

Dch48

  • Guest
Re: Firewall Recommendations
« Reply #4 on: September 16, 2011, 09:35:40 PM »
Quote
This is not the whole story though, W7FC does manage the system apps in a way but you can not edit or delete the rules it automatically creates for them. This is what the rules look like. The ones that say "enable all(read only)" are system files. You might get alarmed by the enable all part but this is exactly the same thing the built in Firewall does. It automatically creates incoming exceptions for system files that need them and allows all outgoing like it does for everything.

Dch48,

I am presently using the free ver. of W7FC. I have all outbound connections allowed for the Win 7 firewall. If I add rules for outbound in the Win 7 firewall primaily for svchost.exe - Win updates and time services only, this will override the corresponding rule (invisible) for svchost.exe that W7FC generated. Is that correct?

Pertaining to the paid ver. of W7FC. It appears to be pure firewall only; no IPS, HIPS, etc. Is that correct? I also noticed that an option exists in the paid version to "Check AV hook." Is this really necessary to prevent localhost leaks as is implied? I am running avastsvc.exe as "enabled" in the free version without issue.
I don't understand something here. You don't have to allow any outgoing connections in the standard Windows 7 Firewall. They are all allowed by default unless you have gone into the advanced and very complicated settings, something I don't plan on ever doing. The rules created by W7FC for system files are not invisible at all. You can see them clearly in the interface. As I understand it, if you have a block rule in either the standard firewall or W7FC, it will take precedence over anything else.

There is no form of HIPS in W7FC. As for the other questions, I have no idea since I don't concern myself with such advanced things. I'm perfectly happy with the defaults of both the standard Win 7 Firewall and the free W7FC.

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6700
  • Trust only what you test yourself!
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

DonZ63

  • Guest
Re: Firewall Recommendations
« Reply #6 on: September 17, 2011, 02:01:16 AM »
Thanks, Dch48 for the input. I might download the full ver. of W7FC and play with it. Do you have to uninstall the free ver. or will it overlay the free ver.?

Also read an interesting discussion on their forum about how they recommend "beefing up" the svchost.exe - win updates rule to include MS server IPs. Looks like no one can find a way to bullet proof Win Updates.

Also, PrivateFirewall does look interesting but appears to be very "chatty" on the alerts.

cavehomme

  • Guest
Re: Firewall Recommendations
« Reply #7 on: September 21, 2011, 04:45:08 PM »
I have a similar setup with Avast and MB Pro, but I had some issues which caused me to just use MB Pro on demand. Browser speed was affected and I think it may be something to do with the website blocking feature interfering with the web shield...possibly. Will play more when I can find the time.

Re firewalls, I use and highly recommend PrivateFireWall. Yes it is a bit chatty at first but if a user prefers they can simply put in training mode overall for 7 days, or alternatively train each application alert assuming that you are sure your PC is already clean and that you are been alerted by a valid application. All firewalls with HIPS are similar in this respect of having many alerts at the beginning, but PFW is nice with the training mode.

Comodo was a nightmare and I stopped using it after several years of hoping that they would improve it.

The smartest firewall with HIPS that I have used is Kaspersky as part of the Suite. It is a great suite if you have a recent (2 years) PC. I have a laptop 18 months old and noticed some drag with KIS.

sded

  • Guest
Re: Firewall Recommendations
« Reply #8 on: September 21, 2011, 05:25:00 PM »
I like Private Firewall also and use it on one of my Vista machines as an alternative to OA.  I have become less enamored with HIPS except as a way to score well on things like Matousec.  The attachment shows the items the HIPS in OA can check on an individual process basis; Comodo D+ has a similar list.  Depending on how the Avast! Behavior Shield is actually configured by Avast!, the second attachment shows that it can perform very similar functions although not on an individual process basis.  I think that if the OA list of items were incorporated into avast! as answers to the items in the figure ("malware like behavior", "unauthorized modifications") for untrusted programs, I would get very similar results.  But avast! can go beyond just giving me popups that I then need to figure out-unless I am running a Utube test and already know popup=malware. My wifes computer is configured with just Avast! and the W7 firewall-never any problems with security, and she is pleased to be rarely bothered by popups.  I used that configuration also until the OA beta for W7 was available.
A HIPS can be a good way to understand a little better what your processes are actually doing, if that is important to you.  And if you commonly let malware in, that can be useful.  But when I look at the Avast! BeS (and similar functions on the WRSA beta) I get the strong impression that HIPS is OBE (except for the UTube hobbiests, of course.  And Matousec. ;) ).  "HIPS usability improvements" seems like an advertising slogan to try to keep it alive for more of the users with some performance compromises.
« Last Edit: September 21, 2011, 05:52:42 PM by sded »

angelmar

  • Guest
Re: Firewall Recommendations
« Reply #9 on: September 21, 2011, 05:26:49 PM »
I have avast internet security suite and it works well.
Before, i had comodo and my wifi printer did not work with my computer with windows 7.
I chose the average level with the avast firewall and everything work.
The only one problem was with my computer with vista 32 bits, i had to reinstall the printer driver and it was ok.
I think that the free firewalls aren't very easy to use and does'nt work well.