Using Windows Firewall to block Home-Phoning

[lopri]

I've used all 3 licenses (NIS) I purchased and I just need one more system to cover, so I figured I'd try the new Microsoft Security Essentials. Unfortunately it doesn't looks to have a firewall, so I figured I'd take this opportunity to learn how to use Window's built-in firewall functions.

The function I'd like get to work is selectively blocking applications' phone-homing behaviors. I looked at the advanced configuration in Windows Firewall (Windows 7), and it's somewhat daunting to me for a noob like me. With other firewalls I've used in the past I could simply navigate to an .exe and 'block outbound connections'.

I believe the same can be done using Window's built-in firewall, but I don't know how. Is there any tutorial, or any tips?

Thanks!

 

[lopri]

BTW the OS is Windows 7 Pro.

Edit: Do I have to create a separate (yet the same) rule for each application I want to block? That seems a little inconvenient. Can I create a rule and apply it to all the apps of my choosing?

 

[lxskllr]

I don't do outbound filtering. Try setting it to all programs, and see if you can whitelist what you want when prompted.

Alternatively, you could block 2 apps, then find where that information's kept, and add the rest in the same format. I don't know if that's possible, but it's worth a look.

Third choice is not to worry about it. If you trust your installed apps, you shouldn't need to give permission. If you don't trust them; why are they on your computer?

 

[lopri]

Thank you for the suggestions. White-listing would be practical, were I savvy enough to know what all the svchost.exe's do or some other unidentifiable (to my knowledge) executables are for. But I'll keep that in mind.

WRT the 3rd choice, well, let's face it. It's not that simple these days when all the applications want you to register, update, buy something else, or otherwise gather your usage information, etc. I don't need PowerDVD trying to access to Cyberlink server every time I insert a Blu-Ray disc, and I don't want a surprise Adobe update telling me I need to reboot in the middle of something. I think just about every other program today wants to phone-home in some manner, and it is not only annoying but also infringes on my privacy.

 

[lxskllr]

See if this page is of use to you; I just skimmed over it...

http://technet.microsoft.com/en-us/magazine/2007.06.vistafirewall.aspx

I found it with this as a Google search term...

"where are windows firewall rules stored"

 

[Lemon law]

As lxskllr points out, many legitimate applications need two way communication, therefore needing both inbound and outbound ports.

Which explains why I want a firewall with readily accessible log files. I am not worried about my legitimate applications, I want my log files to show me what illegitimate applications I don't know I have are doing.

And then even if I can't kill the illegitimate applications, I can easily block what they are doing in terms of leaking my data out to third party sources. Sometimes it takes some research to identify the IP's they communicate with, but still they can't hide from my log files.

 

[lopri]

Thank you for the link, lxskllr. It was very informative.

I still don't know if I can apply a same rule to multiple apps, though. It looks like the only way to selectively block outbound traffic is to make a separate rule for every app that I want to block.. I guess I'll have to start looking for a security suite on the cheap.

 

[balloonshark]

This guide was written for Vista's firewall but it may help.

http://www.wilderssecurity.com/showthread.php?t=239750