Win Firewall - How does it know good from bad?

Until I went to Win 8 some years back I'd always used Zonealarm but with the advent of Win 8 and 10 advice seem to be that the inbuilt Windows Firewall was just as good so I've been using that. The one thing that's always concerned me is whether or not it actually works as well as there's never any evidence of it stopping incoming and/or outgoing traffic. Which may be a good thing anyway.

I've had a look at the advanced settings for Inbound and Outbound rules and while some of the programs I've installed have rules there are a good many I have that don't appear anywhere. Also the rules for those in the list have been determined by MS presumably but how - and always seem to be set to Allow - nothing is blocked, which could mean that I'm careful about what I install I suppose.


Does MS keep a list back home of all programs we're likely to have and then makes a unilateral decision to build a rule for them?

The thing I liked about Zonealarm was that you could set it to prompt the first time a program or service wanted access to the internet and you could make a decision to allow or block, either temporarily or permanently. I personally found this useful as there were some programs that didn't need access to the internet to run but did try to 'phone home' and I prefered to block these.

Just as an aside - I have just uninstalled a program but its network sync service is still running. Zonealarm showed this but not Windows Firewall. Now I can find the service and remove it manually.


BTW: I've run GRCs Sheilds up with and without the Firewall on and there's very little difference in the results

The rules Defender uses is updated on your system several times a day.

There is Cloud-based protection as well.

We've had no issues, and no infections, using Defender.

However, that is just one part of a multi-layered security approach.

Any firewall you use needs to be configured correctly.

Defender allows you to enable/disable firewall and connection rules, backup existing rules, and define advanced rules.

OldNavyGuy said:

The rules Defender uses is updated on your system several times a day.

There is Cloud-based protection as well.

We've had no issues, and no infections, using Defender.

However, that is just one part of a multi-layered security approach.

Not quite sure I understand that as the rules list I have never seems to change but then again who knows what goes on underneath.

Looking at the Windows Firewall state the follow is shown:-



Which I still don't see as that good.

Inbound connections blocked if they don't match a rule - yet I have programs not in that list that get through
Outbound connections with no rule allowed - pretty much anything not in the list can go out. Which explains why I had a service that wasn't uninstalled still allowed to go out.

I think I may revert to ZA but I'll also look at Bitdefender.

- - - Updated - - -

OldNavyGuy said:

Any firewall you use needs to be configured correctly.

Defender allows you to enable/disable firewall and connection rules, backup existing rules, and define advanced rules.

Yes, but it doesn't go out of its way to make that easy

It's also not that hard.

Wait till you start configuring router firewalls.

You said..."there are a good many I have that don't appear anywhere"

Then you need to add them, and determine what they can and can't do.

I would suggest doing some research on what's out there before jumping to Zone Alarm, or anything else.

AV-Comparatives -

Home - AV-Comparatives

AV-TEST -

Test antivirus software for Windows 10 - October 2020 | AV-TEST

Virus Bulletin VB100 -

Virus Bulletin :: Comparative Test Dates

SE Labs -

SE Labs

OldNavyGuy said:

It's also not that hard.

Wait till you start configuring router firewalls.

You said..."there are a good many I have that don't appear anywhere"

Then you need to add them, and determine what they can and can't do.

I would suggest doing some research on what's out there before jumping to Zone Alarm, or anything else.

AV-Comparatives -

Home - AV-Comparatives

AV-TEST -

Test antivirus software for Windows 10 - October 2020 | AV-TEST

Virus Bulletin VB100 -

Virus Bulletin :: Comparative Test Dates

SE Labs -

SE Labs

Are we talking about the same thing because your links point mostly to Anti-Virus programs whereas I'm concerned about the Firewall.

Yes, I could configure my firewall but not perhaps the average user who's potentially being left exposed.

Sam Vimes said:

Are we talking about the same thing because your links point mostly to Anti-Virus programs whereas I'm concerned about the Firewall.

There are some security "suites" that include AV/AM, firewall, web protection, etc.

I personally am not a fan.

And you should be concerned about AV and AM, as well as other points of protection -

A few considerations -

The router - strong passwords, open ports, firewall config, wifi security

The network - split between the router (WAN to LAN protection) and devices (LAN to LAN protection).

The device - strong passwords, firewall config, OS patching, AV/AM protection.

The applications - application patching, permission levels, sandboxing.

The account - Standard User or Administrator. Principle of "least privilege".

The data - Frequent disk imaging, frequent backups of volatile data between images, testing backups, storing copies offline.

You can make a checklist prefaced with "Do I use", "Do I have", "Do I do", on the appropriate line item, which makes it easy to go down that list.

A lot of people think that "security" is their computer's firewall, and real-time AV/AM.

Sam Vimes said:

Yes, I could configure my firewall but not perhaps the average user who's potentially being left exposed.

Potentially...

Depends on how you look at it.

A firewall that defaults to "Block All" can freak out a lot of less experienced users, because they're getting alerts for everything...and they have no idea if it's OK, or not OK.

Defender has a set of default rules, and many app installers do a firewall add and prompt the user (and many people answer incorrectly whether it should be Public or Private).

Bottom line is firewalls need some intervention.

There is probably no firewall for beginners.