Windows Firewall Rules. What we know from books.

Windows FirewallWindows Firewall is a built-in security tool you would never regret to have, even if you do not know what it is and what for. It is designed to protect your computer from hackers attacks from outside, that is not always solely Internet — local network (LAN) could be also an area where you want to be alerted. Firewall can also protect, if some malware is already planted and trying to communicate out of your machine. The latter is very unlikely though, that is once your machine is infected, the virus would most probably find a way to break silently through the firewall. I once already explained how to configure  Windows Vista firewall to filter outbound traffic [article link “Tweak Windows Firewall”]. Since then I expect Windows 7 firewall to be even more convenient and maybe more functional, let’s check.

Let’s see what we can learn from popular books. Let’s start with Windows 7. The missing manual. By David Pogue, Published by O’Reilly Media, 2010. At first it gives a nice definition of the firewall: “The firewall acts as a gatekeeper between you and the Internet. It examines all Internet traffic and lets through only communications that it knows are safe; all other traffic is turned away at the door.” But then on page 363 it describes the outbound versus inbound topic, where to my big surprise I see the following: “Windows Vista didn’t have an outbound-blocking firewall at all.” That’s wrong, Vista had almost the same firewall that Windows 7 has. Good suggestion for the errata, I think. But anyway, the author is right about the firewall: outbound-blocking feature is turned off by default. Why? “The theory is that if your PC is locked down tight enough with antivirus software, antispyware software, and an inbound firewall, you won’t get any infection that could send outbound signals in the first place.” That’s a fair explanation, but a bit too general for a book like that. Otherwise, there is a good guide in the book of how to tweak Windows firewall. One good point I would like to quote: “there’s no harm in having both a hardware and software firewall in place. In fact, having the Windows Firewall turned on protects you from viruses you catch from other people on your own network (even though you’re both “behind” the router’s firewall).” The book gives an interesting link to Microsoft TechNet library article Windows Firewall with Advanced Security Getting Started Guide, where you can learn a lot of interesting stuff. For example, I was wondering why my Avast Internet Security 5.0.677 did not disable the Windows Firewall once it has it’s own. As it turned out, that is a new feature in the Windows Firewall that it coexist with third party firewalls:

“Windows Firewall with Advanced Security consists of a set of services that provide much more than the traditional firewall. IPsec connection security rules, network service hardening, boot time filters, firewall filters, and stealth filters are all services provided by Windows Firewall with Advanced Security in Windows 7 and Windows Server 2008 R2. Because multiple firewall programs can be problematic due to conflicts, if you install a third-party firewall program, you need to turn off the Windows Firewall. In previous versions of Windows, turning off the firewall meant also disabling all of the related services. If the third-party program does not provide all of the same functionality, then you might be unintentionally exposing your computer to threats for which you no longer have protection. In Windows Server 2008 R2 and Windows 7, Windows Firewall with Advanced Security enables more specific disabling of its features through published application program interface (API) calls. When a third-party firewall program is installed, the installer can disable only those portions of Windows Firewall with Advanced Security that conflict with the services that are provided by the third-party program. Other Windows Firewall with Advanced Security services are left enabled, and continue to help protect your computer.” That’s very interesting, I would like to find how these API calls are designed.

Now let’s look though the next book — Windows® 7 Secrets by Paul Thurrott and Rafael Rivera, published by Wiley Publishing in 2009. As a big secret the authors tell us on page 262 the following: “In contrast to antispyware applications, never run two firewalls at the same time, as they will interfere with each other.” That really contradicts with what we have learnt from Microsoft a minute ago. The book gives only a general overview of Windows Firewall anyway.

Here’s my guide of how to enable outgoing filtering for Windows Firewall.

Leave a Reply