Windows firewall, why does it suck, exactly?
Windows firewall, why does it suck, exactly?
Ok, on my Windows computer I use the Windows firewall, just because I only use Windows to play some games once in a while, so don't see a need for anything else.
Thing is, that every time I mention that I use it, someone always says something along the lines of "awwww man windows firewall SUCKS!! so buggy and full of holes!"
So....why does it really suck? The only reason that I think it's bad is because it can create trouble sometimes when allowing applications to pass it. But nothing more then that. So, is it really that bad? can it really be bypassed as easy as people say?
And are there any other reasons to why people hate it so much?
Thing is, that every time I mention that I use it, someone always says something along the lines of "awwww man windows firewall SUCKS!! so buggy and full of holes!"
So....why does it really suck? The only reason that I think it's bad is because it can create trouble sometimes when allowing applications to pass it. But nothing more then that. So, is it really that bad? can it really be bypassed as easy as people say?
And are there any other reasons to why people hate it so much?
"The best place to hide a tree, is in a forest"
I just rather not use the firewall that came with the OS, I just trust another third party to monitor the OS. When I did use it, I thought it was too easy - it doing all the work for me, and yet not explaining what it did.
I like comodo.com.
DNR
I like comodo.com.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
well, the earlier versions (before SP2) REALLY sucked because there were loads of bugs, so it couldn't even be called a real firewall.
ok, the later versions seem to be better, but still outgoing connections can not be processed (what a surprise, users might block traffic to MS).
also the possibilities in packet processing are very limited compared to iptables....packet size, flags set, etc,...all this can't be utilized for rules in the MS firewall.
the maybe biggest problem is the fact that TCP/IP is still nothing but an application in MS and not implemented in the kernel like on *nix, and because of this the risk of potential flaws is much bigger.
there must not be even a flaw in the firewall app itself, a flaw in the underlying applications could make the whole firewall useless, on a *nix system there must be a kernel bug to make the firewall exploitable.....which is much more unlikely than a bug in an application, and such bugs are usually also much harder to exploit (at least it's nothing the average skiddy can do).
ok, the later versions seem to be better, but still outgoing connections can not be processed (what a surprise, users might block traffic to MS).
also the possibilities in packet processing are very limited compared to iptables....packet size, flags set, etc,...all this can't be utilized for rules in the MS firewall.
the maybe biggest problem is the fact that TCP/IP is still nothing but an application in MS and not implemented in the kernel like on *nix, and because of this the risk of potential flaws is much bigger.
there must not be even a flaw in the firewall app itself, a flaw in the underlying applications could make the whole firewall useless, on a *nix system there must be a kernel bug to make the firewall exploitable.....which is much more unlikely than a bug in an application, and such bugs are usually also much harder to exploit (at least it's nothing the average skiddy can do).
- Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
I like to have a look at the logs from my firewall. In windows as far as I know that is not possible. It just sits there doing its job but I need more than that. Especially if I want to experiment with stuff. For instance I once put a windows box with ZoneAlarm on my LAN and port scanned from my linux box also on the LAN just for fun. ZoneAlarm of course showed me the logs of the event. No such thing is going to happen with the windows firewall. So I guess for experimental purposes the windows firewall is useless.
We will either find a way, or make one.
- Hannibal
- Hannibal
Under Control Panel > Windows Firewall > Advanced tab the windows firewall is located at C:\WINDOWS\pfirewall.log. Of course you can change this to you're liking. All you'll need is something like Notepad or Wordpad to view the log file. That's simply for windows XP. I wouldn't know how to do it for Vista.
Lyecdevf wrote: They put a lot of thought into security but forgot about the rest!
Actually I think that if you call Microsoft and ask them about the security in Vista, they'll answer ".....what?"
Anyway....
So, before SP2, was there any known exploits in the Windows firewall? and are there any now?
"The best place to hide a tree, is in a forest"
bad_brain wrote:one or two can be found here.
^^
wow, damn xD
Well, I most likely wont have to use the Windows firewall anymore soon anyway, since my Linux gaming tests are going excellent at the moment ^^ (check Linux board).
But, those vulnerabilities, would those pose a threat today? (not that I have an updated box, so I'm most likely in the danger zone, but I don't usually boot into Windows if it's not for Photoshop or gaming business)
"The best place to hide a tree, is in a forest"
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
hm, the last vulnerabilities are from february 2008, but I haven't checked how serious they are.....I would say better the windows firewall than none at all. in most cases flaws in the firewall are used for DoS or to evade the firewall for following attacks against an underlying service.
the main problem is all that phone-home stuff which can't be blocked, so I don't recommend to use free *cough* software, at least not when being online....
the main problem is all that phone-home stuff which can't be blocked, so I don't recommend to use free *cough* software, at least not when being online....