Author Topic: avast! Firewall vs Windows XP Firewall  (Read 12814 times)

0 Members and 1 Guest are viewing this topic.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83760
  • No support PMs thanks
Re: avast! Firewall vs Windows XP Firewall
« Reply #15 on: December 30, 2011, 03:31:06 PM »
I'm not sure the firewall has anything to do with encrypting the VPN communication, it just allows the traffic through, you set up the VPN and if you elect for it to be secure (encrypted) then that is done at that setup level and of it goes through the firewall (assuming that kind of connection isn't blocked by any firewall rule). Hence lukor's mistaken comment that "I don't think IPSEC on VPN is affected by turning avast firewall off" as I believe they are independent of one and other. I have never had to use of setup a secure VPN, so I'm not speaking from personal experience.

http://en.wikipedia.org/wiki/VPN
http://en.wikipedia.org/wiki/IPsec

So I'm not really sure what it is that you are waiting for ?
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.595) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: avast! Firewall vs Windows XP Firewall
« Reply #16 on: December 30, 2011, 05:27:15 PM »
Here's a bit better explanation: http://technet.microsoft.com/en-us/library/cc958037.aspx.

Main point to remember is that the only thing the firewall sees related to VPN is it's headers. The data is encrypted and transmitted in a "tunnel." Firewalls(except WIN 7) are incapable of monitoring tunnel IP traffic.
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83760
  • No support PMs thanks
Re: avast! Firewall vs Windows XP Firewall
« Reply #17 on: December 30, 2011, 07:30:49 PM »
Which is basically what I was saying in reply to Mayura's post:

<snip>
@YoKenny: Ya mate :) It's better to have both ON to be on safe side until I find avast FW able to encrypt VPN communications.

The firewall isn't responsible for creating the secure VPN connection, that is down to the VPN software being used, it is independent of the firewall.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.595) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline MayuraDeSilva

  • Sr. Member
  • ****
  • Posts: 260
Re: avast! Firewall vs Windows XP Firewall
« Reply #18 on: December 30, 2011, 10:23:21 PM »
Quote
VPN Encryption

To help ensure confidentiality of the data as it traverses the shared or public transit network, it is encrypted by the sender and decrypted by the receiver. Because data encryption is performed between the VPN client and VPN server, it is not necessary to use data encryption on the communication link between a dial-up client and its Internet service provider (ISP). For example, a mobile user uses a dial-up networking connection to dial in to a local ISP. Once the Internet connection is made, the user creates a VPN connection with the corporate VPN server. If the VPN connection is encrypted, there is no need to use encryption on the dial-up networking connection between the client and the ISP.

Remote access data encryption does not provide end-to-end data encryption. End-to-end encryption is data encryption between the client application and the server that hosts the resource or service being accessed by the client application. To get end-to-end data encryption, use IPSec to help create a secure connection after the remote access connection has been made.

Source: http://technet.microsoft.com/en-us/library/cc779919(WS.10).aspx#w2k3tr_vpn_how_rffz


Yeah guys, I believe avast! firewall doesn't interact with VPN, but IPSec has a responsibility for creating end-to-end data encryption. However in Windows XP, IPSec affected by turning off Windows FW. So I can't turn off Windows Firewall to save up resources, neither can turn off avast! firewall as it is far superior.

So I'm not really sure what it is that you are waiting for?

DavidR,

I was doubtful and wonder is there any unique feature of Win FW that avast! firewall can't be covered. If avast! firewall cover features of Win FW, then no point of having Win FW enabled. But the problem was VPN encryption and IPSec. However IPSec is compulsory as I make use of VPN connections. So I just wanna know even after turning off Win FW, avast! FW or AIS itself can handle the IPSec functionality. However now I know they are different lessons on same book ;)

Cheers...


Thanks guys... :)


Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83760
  • No support PMs thanks
Re: avast! Firewall vs Windows XP Firewall
« Reply #19 on: December 30, 2011, 10:25:35 PM »
You're welcome.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.595) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: avast! Firewall vs Windows XP Firewall
« Reply #20 on: December 30, 2011, 10:36:06 PM »
To clarify, there is a difference between "turning off" the WIN 7 firewall and disabling it. MS never recommends disabling the WIN 7 firewall service since it is needed to support IPSec and VPN transmissions if required.
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83760
  • No support PMs thanks
Re: avast! Firewall vs Windows XP Firewall
« Reply #21 on: December 31, 2011, 12:36:58 AM »
I don't believe there is a difference in disabling or switching off, I believe it is either on or off no in between. I don't see any disable option when checking the windows XP or Win7 firewalls (which I have off, using Outpost Firewall) and nothing in the help about disabling it.

In fact if you open the XP or win7 Firewall there is only Turn the windows firewall on of off.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.595) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6712
  • Trust only what you test yourself!
Re: avast! Firewall vs Windows XP Firewall
« Reply #22 on: December 31, 2011, 03:24:29 AM »
This is getting a little off topic...but, if a user has an active third party firewall (OA Free, Private Firewall Free or Outpost Firewall Free) wouldn't that cover VPN and IPsec pretty well?  ???

Just asking.  :)
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83760
  • No support PMs thanks
Re: avast! Firewall vs Windows XP Firewall
« Reply #23 on: December 31, 2011, 04:31:11 AM »
The VPN and IPSec are independent of your firewall, I have the XP firewall disabled as I have Outpost Pro and for me the IPSEC service is still started automatically and running, see image.

So this kind of negates what Mayura mentioned in in his post above on switching off the XP firewall.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.595) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7464
  • No soporte por PM.
Re: avast! Firewall vs Windows XP Firewall
« Reply #24 on: December 31, 2011, 04:56:45 AM »
@ DavidR

This may not be related to all the topic above, but still, even if I deactivate Windows Firewall trough security center, I got Firewall service running and automatic in services.msc. So, should I also stop that service if running a third party firewall ?
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83760
  • No support PMs thanks
Re: avast! Firewall vs Windows XP Firewall
« Reply #25 on: December 31, 2011, 01:43:19 PM »
Generally the third party firewall should take care of whatever needs disabling, with the known exception of the avast! Internet Security firewall as it is compatible.

If you actually read what that service name says "Windows Firewall/Internet Connection Sharing (ICS)" it is also required for Internet Connection Sharing (ICS), so perhaps that is why it is still enabled.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.595) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7464
  • No soporte por PM.
Re: avast! Firewall vs Windows XP Firewall
« Reply #26 on: December 31, 2011, 02:14:02 PM »
Thank you. That's what I thought.
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83760
  • No support PMs thanks
Re: avast! Firewall vs Windows XP Firewall
« Reply #27 on: December 31, 2011, 02:17:07 PM »
You're welcome.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.595) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: avast! Firewall vs Windows XP Firewall
« Reply #28 on: December 31, 2011, 03:27:13 PM »
Note the bold section below. Again, turning off the Win firewall via the Security Center is perfectly fine when using a third party firewall. However, never disable the firewall service if you plan on using IPSec.

Dusty Harper [MSFT]
Microsoft Corporation

2,060 Recent Achievements 10 2 0 Proposed Answerer I Forums Replies III Forums Answerer II Dusty Harper [MSFT]'s threads View Profile Microsoft Corporation2,060 Moderator
   
2Sign In to Vote 

If you decide to turn off the Windows Firewall, you need to make sure you disable it  in the proper manner, otherwise you will have persistent filters affecting your traffic.  In the Windows Firewall control panel (firewall.cpl), make sure you select 'Turn Windows Firewall on or off' and select 'Off (Not Recommended)'.  Alternatively you can use netsh.exe and run

'Netsh.exe AdvFirewall Set CurrentProfile State Off'.

MPSSvc is a required service for IPsec Policy to continue to function.  It also just happens to house Windows Firewall functionality as well.  If using IPsec, do not turn off this service.  Additionally if you do not turn off Windows Firewall, and just stop this service, you will be hit with Windows Firewall's persistent policy (hence the reason to disable the firewall as stated above).

Not also that there is a period of time when you start your machine and TCPIP.sys is loaded until the BFE service successfully starts.  This is known as boottime.  This period of time will enforce any boottime filters on the box, but will stop enforcing them when BFE starts successfully.

You can programmatically add filters to Windows Firewall to explicitly allow the traffic you are seeing blocked.

http://msdn.microsoft.com/en-us/library/aa366453.aspx is a good place to start for this.

I hope this helps.

 
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8