What Windows firewall are you using? (2024 edition)

Discussion in 'PC' started by Barncore, Jan 3, 2024.

Tags:
  1. Barncore

    Barncore Platinum Record

    Joined:
    May 25, 2022
    Messages:
    375
    Likes Received:
    266
    Come to think of it, this is the problem i had - the feeling that something got allowed or denied in the background without getting notified.

    I had this experience. I uninstalled WFC a year or so ago, forgetting what it was (derp). And then a few months later when certain apps would update they would automatically get blocked without a notification about it. One of the apps was the software for my Antelope interface. And discord. And another app for my watch.
    It took me a loooong time - months - to get to a point where i realized i had to reinstall WFC in order to get my interface software to work again. That was a frustrating time.

    And i guess that's the motivation behind this thread. To figure out the right firewall app to use now, so i can stick with it for the lifespan of this system.
     
  2. OBKenobi

    OBKenobi Producer

    Joined:
    Jul 14, 2012
    Messages:
    216
    Likes Received:
    104
    Comodo free. But you have to disable some telemetry tasks in Windows it creates and not use any of the cloud "features". After that it doesn't phone home and works great/fast/stable.
     
  3. mrichi

    mrichi Producer

    Joined:
    Dec 13, 2020
    Messages:
    162
    Likes Received:
    86
    I just use the internal Windows Firewall. Does everything required and, gets updated with security patches as they roll out. No extra software to manage or track.
     
  4. Barncore

    Barncore Platinum Record

    Joined:
    May 25, 2022
    Messages:
    375
    Likes Received:
    266
    The problem with that is...

     
  5. Psychoacoustic

    Psychoacoustic Producer

    Joined:
    Sep 9, 2015
    Messages:
    281
    Likes Received:
    122
    I use Simplewall. It's free and open source, it's straightforward to use and it blocks the MS Windows bullshit.
     
  6. tnc

    tnc Producer

    Joined:
    Jun 16, 2011
    Messages:
    181
    Likes Received:
    93
    Location:
    New Zealand
    1. ALL software can get disabled. Windows Firewall can't be disabled (as long as there's no 0day vulnerability to leverage admin without user knowing etc) - as long as you don't run your user as admin. If you do, you know that you should not run "unknown" software anyways and that includes batch-files and anything you haven't analyzed first.
    2. You can add your own incoming/outgoing rules to Windows Firewall both by tcp/udp/icmp and of course also by application... No problems.
    3. Not sure if you can block Windows owns' features like Windows update via Windows Firewall, but I do think you can.
    But it isn't a good idea to block updates, if you don't already have your own Windows update-servers running locally through a domain that is.
    All other calling-home features can be disabled in Windows, which is much better than to just block the traffic.

    External firewalls can't block "applications" if they are not recognizable in application layer (layer 7), which is hard/impossible to do without decrypting TLS/SSL traffic in real-time or by using other means/sources to identify what some encrypted traffic is or isn't.
     
  7. DoubleTake

    DoubleTake Audiosexual

    Joined:
    Jul 16, 2017
    Messages:
    2,296
    Likes Received:
    1,233
    One CAN just look in the normal Windows Firewall interface and find blocked programs, but it's more easier using WFC as you can sort by various columns, etc.
    Although I mentioned that i did not get a prompt to "block or allow", I have never had a situation where it allowed something without my permission.

    I only used the "block or allow" to be more accurate. The only thing I've ever had is that it blocked something and I missed the popup or forgot about it. One can set the popup for longer and also to trigger a sound.

    And using Windows firewall manually while running a lot of "alternative" software is a huge hassle.
    I did that years ago and would use almost anything to avoid that hassle.

    I did find a handy program by Sordum for allowing or blocking via firewall, but I don't use that FIREWALL APP by itself...it is actually included as an item in their Easy Context Menu. I still use WFC and enable shell integration, but also added the ''Extended" string to the registry for each , so it only shows when I use the SHIFT key.

    Easy Context Menu will do the same, with the SHIFT key arrangement,too, and I have two menus set to only show with Shift Key, and 2 personal menus (for Media stuff and for Handy Tools) that i created.

    Easy Context Menu is the best thing I've found for managing this stuff.
    https://www.sordum.org/7615/easy-context-menu-v1-6/
     
  8. bluebone

    bluebone Member

    Joined:
    Feb 25, 2023
    Messages:
    33
    Likes Received:
    18
    Location:
    saturn
    +1 for tinywall
     
  9. Barncore

    Barncore Platinum Record

    Joined:
    May 25, 2022
    Messages:
    375
    Likes Received:
    266
    This youtube channel is pretty useful...

    They recommend Comodo for a firewall:

    It seems very advanced, and a lot of popups. But some people might like that.

    And this firewall called Portmaster that stops Windows spying seems interesting to me:


    It's free too. Seems a little resource intensive though, judging by youtube comments.

    While i'm here, i found the following videos to be extremely insightful, thought i'd share:



    I'm tempted by the free version of Portmaster for the sake of blocking all that Microsoft spying in Win11. Seems like a good project too. I like the GUI and functionality. But after reading a bunch of user comments it seems that it's quite resource hungry, which has kinda put me off. So I think what i'm gonna do is use the Malwarebytes WFC as the firewall, and then just block the Microsoft spying stuff using that O&O Shutup app. Prob makes more sense to turn it off at the source rather than block it anyway, resource usage-wise.

    I might demo Portmaster though just in case i quite like it.
     
    • Interesting Interesting x 2
    • List
  10. BuntyMcCunty

    BuntyMcCunty Rock Star

    Joined:
    Nov 13, 2019
    Messages:
    594
    Likes Received:
    338
    Location:
    Liverpool
    Historically, I've used Malwarebytes and Tinywall and was very happy with both of them.

    Couple of weeks ago, I switched to Netlimiter and I like that as well. Netlimiter seems like it has more power and flexibility than either of the other two. There's a crack on Github.

    I like it because it has a lot more granularity than Tinywall or Malwarebytes had. Particularly when it comes to Windows system connections.

    Also tempted by Portmaster, but the free version sounds underpowered and I don't want to spend $4/9 a month.

    I also use a Pihole to block all those dogshit spy sites/advertisements. I like the PiHole because it's not just about my computer any more. There's my wife's computer. My phone. My wife's phone. Our ipads. Kindles. Fitbits. Smart TVs. Tivo. Over the Xmas, there were over 20 different IP's on my home network. PiHole did sterling service in blocking the trackers.
     
    Last edited: Jan 4, 2024
    • Interesting Interesting x 2
    • Like Like x 1
    • List
  11. evolasme

    evolasme Producer

    Joined:
    May 11, 2013
    Messages:
    373
    Likes Received:
    133
    Location:
    somewhere different almost every night
    im like you my internet machine is a MAC and have always used Little Snitch NetLimiter works just like it but different GUI but still easy. it is its own program i have Windows firewall off which you can turn off in setting i do still get a notice telling me its off I just hvent gotten round to disabling that as of yet. its light weight and customizable for the level of notifications and rules are set for both in and out wich is nice. between that and Host file im pretty locked down when i do take the machine on line. normally normally when im working my NIC is off and i just deactivate net limiter... nice thng too is if i do turn on my NIC net LIMITER turns back on automatically so i never get caught with my pants down so to speak
     
    • Interesting Interesting x 1
    • List
  12. Audio-Sneeze

    Audio-Sneeze Noisemaker

    Joined:
    Mar 6, 2016
    Messages:
    18
    Likes Received:
    3
    [Ted Talk]

    Yes you are correct, all software can be disabled, but if you have it setup correctly, if it gets disabled, it kills your internet. With Portmaster, it handles DNS for you and works together with Windows Firewall. If it gets disabled somehow (which I havent seen it do), all internet will be killed and any "other" connections will simply be blocked by Windows Firewall.

    As long as you set your DNS to 127.0.0.1 in your network card (loopback), that feeds into Portmaster. Its also a self-verifying program, which most other Firewalls, or even VPN programs dont do.

    I'm in the mindset that external firewalls (at the very least OpenWRT on your router), OPNsense/pFsense in addition to application firewalls are the best way to go.. but not everyone wants to go that deep into nerd land.

    IMHO, the danger with windows firewall is that Windows can add/remove/enable/disable rules without the user knowing/realizing, even without those prompts that are supposed to display.

    If you want a fun way to disable all the phone home stuff, look into this project, and of course, create a system restore point before experimenting with any of the templates. In addition to the project below, my previously linked suggestion to Portmaster has DNS filtering where it blocks lots of the phone home URLs by default.

    https://ameliorated.io/

    If you wanna go even DEEPER into nerd land, look here:

    https://github.com/HotCakeX/Harden-Windows-Security

    [/Ted Talk]
     
    • Like Like x 1
    • Interesting Interesting x 1
    • List
  13. Barncore

    Barncore Platinum Record

    Joined:
    May 25, 2022
    Messages:
    375
    Likes Received:
    266
    How's the latency with Portmaster (free version)? Does it make the internet go slower? Does it make audio software go slower?
     
    • Like Like x 1
    • Interesting Interesting x 1
    • List
  14. fishnose

    fishnose Producer

    Joined:
    Oct 9, 2021
    Messages:
    252
    Likes Received:
    130
    I've used Webroot SecureAnywhere for all my security needs for 20 years.
    Unobtrusive, very small footprint, does a stellar job.
    The only time I ever have to think about it is to turn it off when I use a Keygen, then I switch it back on.
     
    • Interesting Interesting x 1
    • List
  15. Audio-Sneeze

    Audio-Sneeze Noisemaker

    Joined:
    Mar 6, 2016
    Messages:
    18
    Likes Received:
    3
    No, if anything it makes your DNS faster. If you pay for the SPN, its not that noticable, but of course, there is SOME latency. You can tune the SPN for speed, or privacy (less hops, more hops) or turn it off per app, if you get the SPN. Its pretty sweet and worth the free download to test your results :)
     
    • Interesting Interesting x 1
    • List
  16. Stewart Daniels

    Stewart Daniels Kapellmeister

    Joined:
    Aug 20, 2023
    Messages:
    59
    Likes Received:
    52
    After disabling Windows Defender...

    Comodo Firewall (Just the FW, no antivirus)

    Portmaster -this sh8t is insane. it's like uBlock Origin (Filter Lists) and a firewall combined.
     
    • Interesting Interesting x 2
    • Like Like x 1
    • Winner Winner x 1
    • List
  17. Audio-Sneeze

    Audio-Sneeze Noisemaker

    Joined:
    Mar 6, 2016
    Messages:
    18
    Likes Received:
    3
    Yeah, its my new go to. Great for seeing which programs call home, and how they do so, etc. If you "block" by default, you can just sit there and look at all the urls upon opening, etc :D
     
    • Interesting Interesting x 1
    • List
  18. Dr. Black

    Dr. Black Producer

    Joined:
    Jun 20, 2023
    Messages:
    274
    Likes Received:
    102
    Location:
    @
    None. 10+ years of non shitty so called virus-scanner.
    The best DAW is one made without.
    A Clean Machine = without any internet and scanner...
    Only scanner is to clean up software.
    Revo Uninstaller.
     
    • Interesting Interesting x 1
    • List
  19. Choosename

    Choosename Platinum Record

    Joined:
    Nov 24, 2023
    Messages:
    515
    Likes Received:
    217
    Location:
    Milky way
    Love LuLu, hope you find something like it for windows
     
    • Interesting Interesting x 1
    • List
  20. Dr. Black

    Dr. Black Producer

    Joined:
    Jun 20, 2023
    Messages:
    274
    Likes Received:
    102
    Location:
    @
    I use Linux with Hardware Firewall.
     
Loading...
Loading...