• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

A good (free or cheap) firewall for Windows

T

thewhat

Member
What I need to do:
1. stop some programs from phoning home ("checking for updates")
2. allow programs like browsers only outgoing connections, not incoming
3. stop system processes from dangerous incoming connections
4. block threats from other PCs on the local network (if they get infected)
5. not bloated, no bs, stable

I've tried a few freeware firewalls and I liked Windows 7 Firewall Control the most. Does almost everything I need. Except:
- the free version allows all the traffic, including incoming, for system processes
- the free version cannot allow Firefox just the 127.0.0.1 incoming connections, which makes Firefox take very long to start
- the paid (Pro) version is not very cheap, since I need it for at least 2 PCs and I think it has a challenge/response authorization, which I don't like
- with the Pro version when running torrents, I either get a bunch of popups because of some torrent related system connections or I completely disable popups for system connections and risk to not see important messages


I would also like to know if it's even important to block system processes from receiving incoming connections. Do systems ever get infected that way?
If it isn't, I might just stick with the free version.

EDIT: After reading this, I'm inclined to use the Free version of W7FC along with the built in Windows firewall (for blocking dangerous incoming system connections). But please feel free to post any thoughts or suggestions.
 
Last edited:
Windows firewall, and that's it. If you can't trust programs on your computer, uninstall them. If you can't trust computers on your own network, fix them. Windows firewall for everything else.
 
lxskllr said:
If you can't trust programs on your computer, uninstall them.
Click to expand...
Well, I trust the programs I use, in the sense that I don't think they are themselves malicious. But I do fear that they might have some vulnerabilities, which can get exploited by others. That's why, for example, I only allow browsers outgoing connections. And I want to block some programs going online, if this is not part of what they are meant to be doing. If I can do this and still get all the functionality, great. And for most programs, I surely can.
 
That's closing the gate after the horse has left. I'd say if you can't trust a program with net access, you can't trust it at all. Checkout mechBgon's security guides. You'll do better following that, than worrying about programs checking for updates.
 
lxskllr said:
That's closing the gate after the horse has left. I'd say if you can't trust a program with net access, you can't trust it at all.
Click to expand...
You stated that earlier and I gave you a reply. If there's something specific you still disagree with, please point it out.

Also, when we're talking about PCs on the (local) network, they are mostly out of my control. I don't trust them completely, but I don't want to stay offline either.


lxskllr said:
Checkout mechBgon's security guides. You'll do better following that, than worrying about programs checking for updates.
Click to expand...
Ok, but let's discuss firewalls in this thread.
 
I've actually used Comodo for a while and it's way too bloated/heavy for my taste. (At least compared to something like W7FC.) Even when selecting "firewall only" during install, there are several things that need to be disabled after, to leave just the firewall functionality (if it's even possible to do that completely).
As a "firewall+some other elements" security package it's alright, tho. But it's not what I'm looking for.
 
thewhat said:
What I need to do:
1. stop some programs from phoning home ("checking for updates")
2. allow programs like browsers only outgoing connections, not incoming
3. stop system processes from dangerous incoming connections
4. block threats from other PCs on the local network (if they get infected)
5. not bloated, no bs, stable
Click to expand...

1. If the program requires Internet access you can't reliably stop this. If you don't want things updating themselves and they won't let you control it, stop using them.
2. Browsers shouldn't have any listening ports so they can't get new, incoming connections.
3. Can you define dangerous?
4. That's what A/V is for. You can't determine if an incoming connection is a threat without something looking for certain fingerprints. And most threats come in unrelated connections like RPC or SMB/CIFS so you can't just blindly block that if you want file sharing and such to work.
5. That rules out pretty much all 3rd party software.
 
thewhat said:
I've actually used Comodo for a while and it's way too bloated/heavy for my taste.
Click to expand...
For what you stated that you want to do, and how much you want to pay, Comodo is what you want. Yes, it's a bit complicated, but that's necessary: software cannot anticipate your desires.

Yet...
 
thewhat said:
What I need to do:
1. stop some programs from phoning home ("checking for updates")
2. allow programs like browsers only outgoing connections, not incoming
3. stop system processes from dangerous incoming connections
4. block threats from other PCs on the local network (if they get infected)
5. not bloated, no bs, stable
Click to expand...

I have to agree with lxskllr. No 3rd party firewall App, that includes "free", "no bloat", and "stable" in its description, could appease all those, some things just take leg work.

1. Turn Auto update feature off in all of your apps. The option can be hard to find at times but it is there. If you can't find it look harder. If its just not there it is probably not an App you can trust.
2. Is just not possible without a time machine to take you back to a 1994ish version of the internet.
3,4,5. All taken care of by Windows Firewall+AV (Assuming your not using a no longer supported vs. of windows. Including Vista-sp1, XP-sp2 and anything older)
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top