Windows Firewall (old school internet connection firewall or ICF) is what is protecting most of us. More people are concerned with an antivirus and may opt one from a third party vendor.For most of them a firewall is something what comes with windows.
A firewall can either be software-based or hardware-based and is used to help keep a network secure (in this case a workstation/pc). Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. Windows firewall is a software based firewall that protects the workstation it resides on.
During the xp days windows firewall (ICF) didn’t have the ability to block the outbound connection, while it provided fair bit of protection for the pc by blocking incoming connections ( that are not in the allowed rule).
Windows firewall had a complete makeover when windows vista was released and gradual incremental evolution when time took us through windows 7 and windows 8.
The firewall blocks/allows are based on the predetermined rule set. There are rules for inbound connections and outbound connections separately or can be for both. We can block/allow both the inbound connection and outbound connection in Windows firewall based on rules. For the Inbound connection when the Windows firewall is set to “block” (which is the default setting) and then an application needs inbound connection we are notified and yes we can allow or deny based on the common sense.
For outbound connections its a completely different story, windows firewall lets you block outbound connection but will not give a notification , when an application needs internet access. So initially when you set the outbound connections to block , its like all the applications (applications that are not already explicitly allowed by a outbound rule) are forbidden to go out, its actually a daunting task to go to the windows firewall advanced setting (which is surprisingly powerful) and select an application and open the communication door for it.So Microsoft’s answer keep the door opened! Yes the default setting for your windows firewall is Allow all. Microsoft took this decision , so that it will be less intrusive to the user.
On Screenshot below the outbound connections are set to “block”, which is not the default windows firewall setting.
Firewall is like a security officer at the gate and will allow only those people that are in his list to go out. But there is a security manager that is us , who decide whom to let through based on request. In windows firewall there is no request so the manager is now in the sweet spot to find and make the list.
Why do we need outbound filtering?
Reflecting increasing concerns about spyware and viruses that attempt to “phone home“. Outbound rules came into place in windows firewall from windows vista onwards. Notifications are not shown however for outbound connections on windows firewall.
Phoning home, in computing, refers to an act of client to server communication which is undesirable to the user and/or proprietor of the device or software. It is often used to refer to the behavior of security systems which report network location, username, or other sensitive data to another computer.There are many Malware applications that “phone home” to gather and store information about a person’s machine. Then there are legal phoning home , that is when applications try to validate its serial with a server each time the application is opened.
It is just not about phoning home or application validating or anything , ability to get notified when an application tries for an outbound connection/and having visibility gives user more control and informed about what is happening with his workstation.
How to Block outgoing connections and get notified?
Some will go in the direction of getting a third party firewall. Installing one will mostly disable your windows firewall.
There are products like
1) Checkpoint’s Zone Alarm Firewall
2) Comodo Firewall
3) Internet security suites from antivirus vendors like avira,avast etc (end of thinking capacity)
The above mentioned products will be in command when you so with the third party route. I am not commenting on how good they are, but some of the above mentioned definitely have followers.
My route is a much leaner solution , if you are after this , only this feature of the ability to get notified and to have visibility to outbound connections that makes you feel that you are in control of the windows pc.
Windows Firewall Control:
Windows firewall control (WFC) is a front end to our beloved Windows Firewall , Its using the firewall api’s provided by microsoft to offer just what we need. By going the WFC way offers a much needed leaner solution. Its our windows firewall itself that protects us. Microsoft will also be looking after your windows firewall as part of patches(windows update). Just that we will be notified so we can easily create rules for better protection.
Windows firewall control is from Binisoft. The software is under active development which is what makes this attractive.
You can follow the development how it has been unwinding @ http://www.wilderssecurity.com/showthread.php?t=293143&page=67
In the first page of the thread you can see Alexandru Dicu’s (the creator of Windows Firewall Control) humble beginning . Being his first project in c# and now grown into the best front end for windows firewall. Thanks Alex.
Using the amazing WFC :
It runs in the system tray and allows user to control the Windows firewall easily.
High Filtering - All outbound and inbound connections are blocked. This setting blocks all attempts to connect to and from your computer. No communication whatsoever. Its just like pulling the Ethernet cable.
Medium Filtering - Outbound connections that do not match a rule are blocked. Only programs you allow can initiate outbound connections. This setting is our favorite part. that changes the windows firewall setting from outgoing to blocked from the allow status. This is just what we need.
Low Filtering - Outbound connections that do not match a rule are allowed. The user can block the programs he doesn’t want to initiate outbound connections. This is our Windows firewall default setting now.
No Filtering - Windows Firewall is turned off. Avoid using this setting unless you have another firewall running on your computer.
Recommended System Rules:
The setup will create some recommended rules at installation Internet Control Message Protocol, Windows Time Service,Windows Update. The rest will learned based on how you respond to the notifications.
Learning Mode/ Notifications:
This provides notifications for outgoing blocked connections. Four modes are available:
High - Display notifications for all outgoing connections that were blocked by Windows Firewall, including System and Svchost.exe
Medium - Display notifications only for regular programs, without notifications for System and Svchost.exe.
Low - Automatically allow digitally signed programs without notifications, but show notifications for unsigned programs.
Disabled - Notifications are disabled.
Notifications we get :
The feature we longed for , for the windows firewall..
Here is the notification i got for firefox, when i first opened it. Allow the program to access internet, done… a new rule is created. How easy is that.
If you want to be more specific in the port you open / restricting to a particular remote ip,protocol etc you can click “customize this rule before creating it” , that way you have even more of a tighter rule.
One intuitive interface where we can search, see the firewall rules at a single glance. This view gives sufficient information to satisfy us completely.
Managing rules in WFC is a breeze, compared to what can be achieved with windows firewall.
Getting Windows Firewall Control:
We can get the Windows Firewall Control from http://www.binisoft.org/
Follow the Development evolution @ wilders : http://www.wilderssecurity.com/showthread.php?t=293143&page=67