Do you install a 3rd party firewall?

[Berryracer]

A few years ago. I remember all I needed was a good antivirus.

Nowadays it has become a trend to buy or install a security suite which includes a 3rd party firewall such as Kaspersky Internet Security, Norton Internet Security, Eset Smart Security, etc...

This makes me wonder is it really needed?

I mean isn't it just enough to leave the default Windows Firewall along with a good antivirus only?

 

[theevilsharpie]

I mean isn't it just enough to leave the default Windows Firewall along with a good antivirus only?

The Windows firewall is crap. It's better than nothing, but I would never use it in a non-secure environment unless I've configured it to block all unsolicited inbound traffic.

 

[Berryracer]

The Windows firewall is crap. It's better than nothing, but I would never use it in a non-secure environment unless I've configured it to block all unsolicited inbound traffic.

Right, better stick to my Kaspersky Internet Security then

 

[corkyg]

Windows FW is OK when used in conjunction with MSSE and Malwarebytes. I use that combo on my laptop. For my "man-cave" systems, I use Vipre.

http://www.gfi.com/business-antivirus-software/viprebusinesspapers.htm

 

[yinan]

The Windows Firewall is awesome if you configure it properly and lock it down with GPOs, and configure your edge firewall so that it is really strict on incoming and outgoing traffic.

The new firewall that I really love at home is the Astaro Home Use virtual appliance, fast and really secure.

 

[ringtail]

I run Kaspersky Internet Security.

The Windows firewall / MSE would be fine when I'm behind the security of my own router, but I travel a lot and want KIS for the untrustworthy environments on the road.

 

[manko]

Windows 7 firewall works well with Windows7FirewallControl (free version). It's an extra control panel that works like some other firewalls that popup when a process tries to connect to the network or internet, then you can allow/deny to create a whitelist and blacklist.

http://www.sphinx-soft.com/Vista/

 

[wty]

I use Symantec Endpoint Protection.

 

[Kathi201]

Try to go with Kaspersky Internet Security...hope you enjoy the services of this.

 

[silvan4now]

for me the firewall i have from Windows is enough; on the other hand there is also the one provided by Nod32 so no threat from me

 

[Berryracer]

for me the firewall i have from Windows is enough; on the other hand there is also the one provided by Nod32 so no threat from me

The one provided by NOD32? NOD32 is an antivirus only. You probably mean Eset Smart Security. In that case, that was the reason which made me ditch Eset due to the many negative reviews about its firewall being very bad and allowing most connections by default unless you set the firewall to interactive mode, which is very annoying as you will need to accept/deny ever single connection coming out of your system as if we were using a Firewall from the year 2000

 

[Steltek]

I use the 64-bit version Comodo firewall myself and have zero complaints about it.

 

[gmaster456]

I don't think I have ever used a 3rd party firewall.

 

[gevorg]

I use Kaspersky Internet Security for all virus/firewall/security needs. Windows Firewall or Security Essentials is better than nothing, but nowhere near as great as 3rd party solutions like Kaspersky.

 

[lxskllr]

I don't think I have ever used a 3rd party firewall.

I used them back in the day when I was on 56k. I didn't want stuff phoning home when I was gaming, so I blocked everything from net access. I had 200 ping on a good day, and couldn't afford to lose that to an updating program.

 

[Red Squirrel]

I don't have a software firewall, I find all the ones for windows suck. I do have a pfsense box though to try to keep track of in/out traffic as much as possible. I would have to really look at outgoing protection though, like blocking most outbound ports but the ones I need. Makes troubleshooting network issues a pain though.

 

[Dude111]

The Windows firewall is crap.

I would agree!

Who knows what MICROSOFT has deemed OK to allow w/o you knowing it!


Getting a FW not connected to M$ is the best option!

 

[yinan]

If you are that concerned set stiffer rules on your external firewall and watch the traffic. The Microsoft firewall is perfectly fine.

 

[theevilsharpie]

The Microsoft firewall is perfectly fine.

Perfectly fine?

http://technet.microsoft.com/en-us/library/cc758407.aspx

You cannot prevent a program from using the Windows Firewall API to add a port to the exceptions list. If you need to prevent this, contact the program vendor or read the program documentation to see if there is a way to disable the feature that listens for incoming traffic. This might prevent the program from using the Windows Firewall APIs.​

In other words, Windows allow programs to automatically add firewall exceptions, without your knowledge or permission, with no ability to prevent it other than to contact the program developer and have them not do that (lulz) or disable exceptions entirely (not practical if you have legitimate services that accept inbound traffic). Since the entire purpose of a firewall is to prevent the flow of unauthorized traffic, allowing programs accept inbound traffic without authorization makes the Windows 7 firewall essentially worthless. In fact, it may even be worse than worthless, as it gives users a false sense of security.

 

[yinan]

Then use a GPO to not allow local rules. Then it will not matter if programs add it or not, since the local rules will not be obeyed.

 

[theevilsharpie]

Then use a GPO to not allow local rules. Then it will not matter if programs add it or not, since the local rules will not be obeyed.

I stand corrected, to a degree. GPOs are only available in Windows 7 Pro and above, so the folks with Windows 7 Home still have a useless firewall.

 

[destrekor]

Perfectly fine?

http://technet.microsoft.com/en-us/library/cc758407.aspx

You cannot prevent a program from using the Windows Firewall API to add a port to the exceptions list. If you need to prevent this, contact the program vendor or read the program documentation to see if there is a way to disable the feature that listens for incoming traffic. This might prevent the program from using the Windows Firewall APIs.​

In other words, Windows allow programs to automatically add firewall exceptions, without your knowledge or permission, with no ability to prevent it other than to contact the program developer and have them not do that (lulz) or disable exceptions entirely (not practical if you have legitimate services that accept inbound traffic). Since the entire purpose of a firewall is to prevent the flow of unauthorized traffic, allowing programs accept inbound traffic without authorization makes the Windows 7 firewall essentially worthless. In fact, it may even be worse than worthless, as it gives users a false sense of security.

If you pay attention, it works out quite fine.
Makes it easy so that you don't have to dig into firewall menus and configure permissions every time you install a new program. Most that add themselves will be programs that have auto-update features (which is quite handy, imho - saves me the work), and games and other utilities that will need internet access.

Combine it with MSE or another quality anti-virus/anti-malware application, in addition to the UAC prompts of Windows 7/Vista, and you won't see any program doing this behavior on its own, without you at least getting some prompt.

However, if users ignorantly click Yes and Allow to every pop up they receive, and something goes awry, who is to blame?

On my end, alongside routers, I have kept my system very clean. And I've been on very shady websites.

Unless you get an application that, while currently is "known to be safe", auto-updates and includes serious malware in that update, nothing can alter major settings that would otherwise impact system security, without you getting any kind of prompt.
It's on the user, as always, to have the due-diligence to at least ponder any security popups that indicate settings are being changed.


Then again, I'm sort of a power user, so I know what I'm doing with my PC and know the general procedures to keep it clean, so I can afford myself the option of using the type of protection that I do. If I can go with the least resource-intensive security applications possible, and those applications (in conjunction with what I already know/do) serve me just fine, I will do so.

 

[theevilsharpie]

Combine [the Windows firewall] with MSE or another quality anti-virus/anti-malware application, in addition to the UAC prompts of Windows 7/Vista, and you won't see any program doing this behavior on its own, without you at least getting some prompt.

However, if users ignorantly click Yes and Allow to every pop up they receive, and something goes awry, who is to blame?

If you received a prompt, it wouldn't be a problem. Most software firewalls work that way.

However, the Windows firewall has an API that allows programs to automatically add rules to the Windows firewall without any user intervention, and many programs make use of that functionality. The only time Windows will prompt you to allow inbound traffic to a program is if attempts to open a port and it hasn't automatically granted itself an exception.

If you haven't done so, check out the Windows Firewall with Advanced Security admin tool and look at the list of allowed Inbound rules. I bet it's more than you suspected.

Makes it easy so that you don't have to dig into firewall menus and configure permissions every time you install a new program. Most that add themselves will be programs that have auto-update features (which is quite handy, imho - saves me the work), and games and other utilities that will need internet access.

The same facility that can be used by "programs with auto-update features" and "games and other utilities that will need Internet access" to automatically add firewall rules can also be used by spyware, keyloggers, trojans, and other undesirable software. While anti-malware applications may protect against those threats, they can't protect you against 0-day threats, and they may never detect targeted malware.

In addition to the obvious security holes, most app developers are lazy and will completely open up their application. In fact, in my list of automatic rules, only Microsoft's software bothers to limit what ports their application can use. Every other software package in the list allows everything in. If you're not protected by an upstream firewall, this can leave your applications exposed to unexpected traffic.

On my end, alongside routers, I have kept my system very clean. And I've been on very shady websites.

If you have an upstream firewall, then you've mitigated your risks a bit. However, with the increasing use of 3G/4G modems and IPv6, as well as public wireless access points, there's plenty of opportunities for computers to be connected directly to the Internet with only the Windows firewall to protect them.

Unless you get an application that, while currently is "known to be safe", auto-updates and includes serious malware in that update, nothing can alter major settings that would otherwise impact system security, without you getting any kind of prompt.

Not true, see above.

 

[gevorg]

If you pay attention, it works out quite fine.
Makes it easy so that you don't have to dig into firewall menus and configure permissions every time you install a new program. Most that add themselves will be programs that have auto-update features (which is quite handy, imho - saves me the work), and games and other utilities that will need internet access.

Ideally, a program should *ask* during installation on whether you want it to add exceptions to Windows Firewall (enabled by default is fine), but if it does it without telling, that's a big no no and why people get third party firewalls.

 

[destrekor]

I stand corrected.

However, with my browsing and PC habits, I've yet to have a problem in this regard... ever. And hell, I've been to some shady sites.


However, I've seen my Windows Firewall log plenty of times - nothing is in there that surprises me.

For people with different needs, I wouldn't hesitate to suggest other things - but for people on physical networks behind routers, depending upon actual PC usage, sometimes less is more. Either minimal users who rarely venture anywhere on the internet, or people who have good security practices and are mindful of their activities and software - really don't need much.


One note though: when I discussed prompts, I wasn't thinking only of the Firewall prompts - I know that much is dependent on a few factors (you described more than I was familiar with in that regard, btw), but also UAC prompts - before a program can even alter anything in the firewall, it has to be granted access for installation anyhow.

This much I'm a little dusty with, but can malware and whatnot slip through all of that and go straight into altering Firewall rules, without *any* interaction from the user?