Lynk

Firewall discussion

Recommended Posts

So Emsisoft are merging EIS into EAM so no more firewall. Emsisoft says the Windows firewall does a reasonable job and protecting you and other people say no its not that good. I just want to hear from you guys what you think and to hear your input. Are you going to use a 3rd party firewall if so which one or are you just using the normal windows firewall. I'm on windows 7 by the way.

 

Thanks

Share this post


Link to post
Share on other sites

Seems like every company is trying to improve their product some how.  I think  they know what they are doing. Almost everyone is

behind a router today. If some of them have real logging, users would know all the junk being blocked. My problem is, are the combo boxes 

as effective as a separate router. Sorry, I lost a lot of trust with Microsoft utilities.

I just got a laptop that came with McAfee for a year. Talk about no settings. Only day two so have to research.

Share this post


Link to post
Share on other sites
10 hours ago, Lynk said:

I just want to hear from you guys what you think and to hear your input. Are you going to use a 3rd party firewall if so which one or are you just using the normal windows firewall. I'm on windows 7 by the way.

I use a Netgear R7000 router with Advanced Tomato firmware. It has a pretty decent firewall, and is configured by default to drop packets on ports that it's not forwarding. With good network protection at the gateway/router, a software firewall is usually redundant.

In cases where you are connected to public WiFi or using a mobile broadband card (3G/4G/LTE/etc) the Windows Firewall will be fine as long as the network is configured as "Public".

You can always use a third-party manager for the Windows Firewall if you want to make it easier to configure, or have notifications for outbound connections. Here's a list of some of the third-party Windows Firewall management tools I have seen recommended by people on SuperUser.com (in the order that I found them):

I'm sure there are plenty more tools out there which can also be used to manage the Windows firewall, so feel free to do some searching of your own as well. Also note that I did not actually test the above software, so I can't verify if any of them actually do what you're looking for.

Note that I've heard that GlassWire is also a third-party manager for the Windows Firewall, however it appears to come with its own firewall drivers, so I'm not certain whether or not GlassWire includes its own firewall engine.

Share this post


Link to post
Share on other sites
13 hours ago, Lynk said:

Are you going to use a 3rd party firewall ?

 

No.

I had used EIS since it was released. It offered no significant advantage over Windows Firewall - mostly because 99.99 % of the time the laptop was behind a home NAT router and 100 % of that entire time the system was never infected.  For public wifi usage a VPN is more relevant to security than a 3rd party firewall.

The behavior blocker monitors for suspicious firewall\port activity.  In other words, suspicious firewall\port activity triggers a behavior blocker alert.  A lot of people just see a BB alert, but do not understand that it is alerting to suspicious firewall actions.

In malware testing the BB is picking-off suspicious networking stuff.

 

Share this post


Link to post
Share on other sites

I heard of Glasswire but looks as it's pretty overlay to windows firewall. I'll have a look at those links.

I use a Router too, but always been nervous to just use Windows Firewall and that alone. I never knew that about BB that it picks up Firewall/ port activity.

What do you guys think of Comodo Firewall?

Share this post


Link to post
Share on other sites
7 hours ago, Lynk said:

What do you guys think of Comodo Firewall?

COMODO's firewall has rated highly in tests from years gone by. It has a HIPS and sandbox.  If you intend to use the sandbox along with EAM's BB you can forget it as the sandbox interferes with the BB. I've seen misbehaviors. With a CFW EAM combo you are certain to get double alerts.

You should ask Arthur (GT500) if EAM can even run alongside CFW nowadays.

 

Share this post


Link to post
Share on other sites

So when exactly do I need to switch?

Comodo stinks by the way. Another collector of personal information, with ads throw in. The so-called sandbox stinks compare to SBIE.

Share this post


Link to post
Share on other sites

I'm curious (a mental state known to kill cats and other things).

I just received the latest Emsisoft Newsletter -- Not a word about the major upcoming change to/obliteration of EMIS.

Are you guys gonna try to send out some kind of notification to your EMIS customer base or just wait and let currently uniformed customers update their EMIS on D-Day and see their EMIS firewalls disappear? "SURPRIZZZE!!! Heh-Heh."

Just Ask'n

Share this post


Link to post
Share on other sites
On 8/15/2017 at 8:10 AM, Lynk said:

I heard of Glasswire but looks as it's pretty overlay to windows firewall. I'll have a look at those links.

I use a Router too, but always been nervous to just use Windows Firewall and that alone. I never knew that about BB that it picks up Firewall/ port activity.

What do you guys think of Comodo Firewall?

GlassWire is a monitor not a firewall, you saw those commercials (I think by life lock?) 

Windows firewall is giving  your personal information away via telemetry, don't let any one tell you different. Free is not free, you become the product. You really should be nervous, a controller wont help.

Tried Zone Alarm Pro (paid for version) and they slammed me with an ad in the Pro Veraion with key entered. No brainer got my refund.

Really nothing left as far as a firewall, because they (EAM) will catch more without. So F- ing sad.

Share this post


Link to post
Share on other sites
31 minutes ago, xeon said:

Windows firewall is giving  your personal information away via telemetry, don't let any one tell you different.

Using a 3rd-party firewall does not automatically block nor ensure blocking of Microsoft data collection.  It doesn't work that way.

Share this post


Link to post
Share on other sites
On 8/15/2017 at 11:10 AM, Lynk said:

I heard of Glasswire but looks as it's pretty overlay to windows firewall. I'll have a look at those links.

I've heard others say that it is, however I'm not sure where people get that impression. I don't see anything about that on the GlassWire website, and GlassWire has its own firewall drivers. Maybe it used to work that way, and was eventually updated with its own firewall engine?

 

On 8/15/2017 at 6:54 PM, hjlbx said:

You should ask Arthur (GT500) if EAM can even run alongside CFW nowadays.

We don't normally get complaints about compatibility issues with Comodo Firewall. If there are issues, then exclusions should be able to resolve them.

 

3 hours ago, xeon said:

So when exactly do I need to switch?

October 1st is when EIS gets automatically converted to EAM. There's a FAQ available at this link about the conversion.

 

3 hours ago, HAWKI said:

Are you guys gonna try to send out some kind of notification to your EMIS customer base or just wait and let currently uniformed customers update their EMIS on D-Day and see their EMIS firewalls disappear? "SURPRIZZZE!!! Heh-Heh."

I thought we already had, however it is possible that it will go out September 1st. I'll ask to confirm.

Regardless, all users who have not turned it off will get the notification to tell them about it when EAM/EIS checks for updates.

 

3 hours ago, xeon said:

GlassWire is a monitor not a firewall, you saw those commercials (I think by life lock?)

Where does that information come from? I can find no evidence that GlassWire doesn't have its own firewall engine, and I have seen their firewall drivers in logs and looked them up on file information services (which suggests that GlassWire does have its own firewall engine).

 

3 hours ago, xeon said:

Windows firewall is giving  your personal information away via telemetry...

While Windows 10 does send telemetry to Microsoft (and quite a bit of it), I am not specifically aware of any telemetry sent by the Windows Firewall itself. The Windows Firewall does have rules to allow the telemetry, however those rules can be disabled to block the telemetry.

Share this post


Link to post
Share on other sites

WFP = Windows Filtering Platform (which the Windows Firewall is somehow a part of). All third-party firewalls use WFP. You can't implement a firewall without using WFP on modern Windows Operating Systems.

It's possible that GlassWire is still just a manager without its own firewall engine, and they use WFP to interface with the Windows Firewall's filtering controls. They don't seem to make any definitive statement about it (at least nothing recent), however from discussions on their forums it does seem that that may be the case.

Share this post


Link to post
Share on other sites
On 8/15/2017 at 9:06 AM, hjlbx said:

A lot of people just see a BB alert, but do not understand that it is alerting to suspicious firewall actions.

The alerts that are given do not contain much information to understand most of the time I scratch my head searching what was being triggered or what is being affected. I want to understand those alerts but the logs and less information is not helping. I remember someone stating that the logs are "exhaustive" because they are quite long or abundant --something like that. Less information = less understanding. 

Share this post


Link to post
Share on other sites
On 8/17/2017 at 8:45 AM, GT500 said:

While Windows 10 does send telemetry to Microsoft (and quite a bit of it), I am not specifically aware of any telemetry sent by the Windows Firewall itself. The Windows Firewall does have rules to allow the telemetry, however those rules can be disabled to block the telemetry.

Does O&O Shut up take care of this? 

Share this post


Link to post
Share on other sites
4 hours ago, Raul90 said:

Does O&O Shut up take care of this?

As far as I know it does, however I have not verified that.

Share this post


Link to post
Share on other sites
On 8/20/2017 at 9:49 PM, Raul90 said:

Does O&O Shut up take care of this? 

No, it disables various privacy-related settings (Microsoft's own) but it does not add Firewall rules or block specific connections. You'll have to check more advanced tools for that, like W10Privacy, WindowsSpyBlocker and WPD. They are all excellent, but make sure you know what you are doing before using/applying them.

Share this post


Link to post
Share on other sites

Essentially remote is everything outside of your computer. Your local network, the Internet, etc.

Share this post


Link to post
Share on other sites

> Then all blocked ports in EIS firewall rules is remote that's right?

It's not right.  If you're using the firewall to block incoming traffic then your rules (if they mention ports) would be about traffic coming in to particular ports on your machine.

If you're blocking outward traffic, your rules (if they mention ports) would be in terms of traffic being sent to particular ports on other machines.

Share this post


Link to post
Share on other sites

To be simple:

1- Inbound Connections:  all connections attempting to connect to your computer (which is called "local").

2- Outbound Connections: all connections made by processes/programs on your computer attempting to reach out to the internet or your other networked machines, etc...(which are called "remote").

  • Like 1

Share this post


Link to post
Share on other sites
17 hours ago, Gideon Sword said:

Then all blocked ports in EIS firewall rules is remote that's right?

In most cases ports are blocked for remote hosts so they can't access local services on your computer, however there are some exceptions to this (for instance certain types of ICMP traffic, used on Windows for pings and traceroutes, are blocked for applications running on the local computer as is NTP).

 

6 hours ago, Gideon Sword said:

I ask for this ports in picture what is local or remote just left is ports. If is need enter in both then is ok but need right way for Windows Firewall create rule.

In your screenshot, the Direction is set to "IN/OUT", which means both inbound and outbound.

Share this post


Link to post
Share on other sites

I'm afraid I don't know the answer to the Windows Firewall setting, ports-wise.  But note that in your WF rule screenshot you have the wrong protocol - it needs to be UDP not TCP.

Share this post


Link to post
Share on other sites
3 hours ago, JeremyNicoll said:

I'm afraid I don't know the answer to the Windows Firewall setting, ports-wise.  But note that in your WF rule screenshot you have the wrong protocol - it needs to be UDP not TCP.

I read from a2rules.ini file from EIS and configure to Windows Firewall if you tell me is wrong then EIS is no good configure ????

Share this post


Link to post
Share on other sites

@Gideon Sword   What I'm saying is that you posted two screenshots - one of an EIS rule, one of a Windows Firewall rule.  The EIS one was for protocol UDP.   The Windows Firewall one was set to TCP.    As I said, I don't know the answer to the ports part of your question, but you need to get the Protocol values correct as well.

Share this post


Link to post
Share on other sites

Here in text what I have done.

From EIS get this parameters

Type=GLOBAL
Protocol=TCP
Resolution=BLOCK
Direction=IN
NetworkType=PUBLIC
Name=Windows Services (TCP)
Ports=9,13,17,19,113,135-139,389,445,1002,1024-1030,1720,1723,2869,1433-1434,3389

In Windows firewall have generate rule this

netsh advfirewall firewall add rule name="Block Windows Services (TCP)" dir=In action=Block profile=Any program="Any" protocol=TCP remoteport=Any localport=9,13,17,19,113,135-139,389,445,1002,1024-1030,1720,1723,2869,1433-1434,3389 remoteip=Any

And my question was from line from EIS Ports=..... does it fit in my created rule for windows firewall in line where is localport=.... or need to remoteip=...

Share this post


Link to post
Share on other sites
14 hours ago, Gideon Sword said:

Is right way settings here or need change ports to remote in windows firewall?

I'm pretty sure it goes in the remote field, however if you want the rule to work the same as it did in EIS then put it in both local and remote (according to the screenshot you posted here at least).

  • Thanks 1

Share this post


Link to post
Share on other sites

If I have to change settings/rules in the Windows Firewall, I use the default Microsoft interface for doing so. Generally I leave the Windows Firewall off, and rely on a hardware firewall instead.

Share this post


Link to post
Share on other sites

@GT500Relying on a hardware firewall only makes sense if you take it with you when you venture away from your home, or leave your computer behind.  Or, I suppose, only ever use your computer in other places you trust...  

Share this post


Link to post
Share on other sites

I switched from EIS to EAM on three machines. There are over 270 apartments in this complex + a few other homes and businesses around the area.

I lost count of the amount of wireless networks using Inssider on 2.4 gigs and 5 gigs may have a problem with this Comcast equipment.

Sort of concerned about some wise ass playing games. Don't know if a firewall will even help in this situation..

Share this post


Link to post
Share on other sites
22 hours ago, JeremyNicoll said:

@GT500Relying on a hardware firewall only makes sense if you take it with you when you venture away from your home, or leave your computer behind.  Or, I suppose, only ever use your computer in other places you trust...  

Well, in my case the computer never leaves home. If I think I'll need it remotely, then I start up SSH and VNC servers on the computer, and forward the SSH port in the router so that I can remotely connect to the SSH server from my phone and tunnel the VNC session over SSH.

Interesting side note: Almost as soon as you forward the SSH port to a live SSH server, you'll see failed login attempts in the logs. Generally that means your router's SSH port was already being probed automatically by some sort of script (probably something like Mirai or BrickerBot).

 

16 hours ago, Ken1943 said:

I lost count of the amount of wireless networks using Inssider on 2.4 gigs and 5 gigs may have a problem with this Comcast equipment.

Too much wireless communication in the area can be a problem. Best course of action is to use a channel that is as far away from what others are using as possible, and make sure you're WPA passphrase/password is fairly long and complex to avoid people trying to brute force it.

 

16 hours ago, Ken1943 said:

Sort of concerned about some wise ass playing games. Don't know if a firewall will even help in this situation..

The video game kind of games, or the "someone monkeying with your network" kind of games?

Share this post


Link to post
Share on other sites
4 hours ago, GT500 said:

Interesting side note: Almost as soon as you forward the SSH port to a live SSH server, you'll see failed login attempts in the logs. Generally that means your router's SSH port was already being probed automatically by some sort of script (probably something like Mirai or BrickerBot).

When you have such a SSH server running, is it able to block incoming requests on more than just them not knowing a password?  For example (since they must be (?) from the real IP address that is trying to get in) can you block on regions, or count failed attempts from that specific IP address?   I presume that like everything else, there's good and bad SSH server implementations, too.  How does one find a trustworthy one?

Share this post


Link to post
Share on other sites
On 9/9/2017 at 7:29 AM, JeremyNicoll said:

When you have such a SSH server running, is it able to block incoming requests on more than just them not knowing a password?  For example (since they must be (?) from the real IP address that is trying to get in) can you block on regions, or count failed attempts from that specific IP address?   I presume that like everything else, there's good and bad SSH server implementations, too.  How does one find a trustworthy one?

I actually didn't even bother checking the SSH server configuration for that functionality. It was a free version of a premium SSH server for Windows, and had limited features. Normally I would just configure the firewall to only forward the SSH port for specific IP addresses (AdvancedTomato and Tomato by Shibby have an option for "Src Address" for every port forwarding entry), however at the time I wasn't that concerned. It would have taken a ridiculous amount of time to brute force my password. ;)

 

On 9/9/2017 at 8:56 AM, Ken1943 said:

Someone trying to get into my wireless  'game' !

Usually if you have a reasonably long WPA 2 passphrase/password configured (a minimum of 25 characters, preferably made up of completely random numbers, uppercase letters, lowercase letters, and symbols if they are supported) will keep people out. Secure encryption protecting the network with a secure password is generally considered the best way to protect a wireless network.

Most routers also have MAC address filters so that you can restrict what devices can connect to the network, although technically it isn't difficult for someone to spoof the MAC address of your wireless card if they manage to figure out what it is, so this is usually considered an ineffective method of securing a wireless network.

You can't really hide the existence of a wireless network these days, as just about everything will show you networks with hidden SSID's now, so this makes the WPA 2 encryption and a strong password extremely important.

Share this post


Link to post
Share on other sites

Arthur: Emsisoft has omitted the most important information of all to EIS users: how do we turn on Windows Firewall; what settings to use; when do we do it?

  • Like 1

Share this post


Link to post
Share on other sites

 

On 9/12/2017 at 6:24 AM, cma6 said:

Arthur: Emsisoft has omitted the most important information of all to EIS users: how do we turn on Windows Firewall; what settings to use; when do we do it?

The Windows Firewall's service will revert to "Automatic Start". So in worst case, after the update, if it doesn't (and Windows should warn you that the firewall isn't "on"), just reboot  :) 

You can look at it by: 

1- on Windows 10, open Windows Defender Security Center ( just called Windows Security Center on Windows7/8) and check if Windows Firewall is On (green mark, see screenshot 1), you can click on it to see more details.

2-  opening the Task Manager > go to Service tab > look for the Windows Firewall Service called "MpsSvc", check if it is running. Screenshot 2.

3- In Control Panel, look for Windows Firewall, click on it, marks should be green (from here, you can click on advanced settings, then you will be redirected to the advanced settings where you can create/modify/delete rules on the various profiles). See screenshot 3. 

 

 

 

1.jpg
Download Image

2.jpg
Download Image

3.jpg
Download Image

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.