Firewalling Your Computer

[SmoothOper]

I recently upgraded my computer to windows 8, and it came with a built in firewall. I though finally they got something right, but though it is incrementally better, it's still old skool kludged, I mean foo barred. The blocking of incoming connections is shipped enabled and works pretty well it blocks, all incoming connections and has notifications setup, but the outgoing connections not so much. First of all if you enable it, it doesn't notify when it drops a connection, like the incoming firewall. Secondly if you get a third party notifier like windows notifier firewall (WNF). If you make specific rules, especially for all the programs that are loaded as windows services(svchost.exe), which could be just, about anything, don't seem to follow the rules, and continuously pop up a message for connecting. For example if I allow Dnscache, which is a harmless program, it keeps notifying me that it can't get through, though I have explicitly given it a rule to allow it. And whenever I set a block for BITS(the windows file transfer, it keeps asking me. Its almost as if windows is ignoring the firewall rules.

Has anyone else figure out a good strategy for managing these things. I think ideally I would just block everything except my mail client and web browser, however windows keeps phoning home, from windows store to windows update, to the bing task bar.

I think I should be able to manage the firewall, so that I don't have to install an Intel owned McAfeee cpu sucking anti malware process.

[DrStraw]

Sounds like the best strategy would be to install Linux.

[paK0]

I'd say turning it off and using your routers firewall seems like the easiest solution.

[SmoothOper]

Sounds like the best strategy would be to install Linux.

I think you can lock down a linux box, but it isn't like it is just as much of pain to manage.

[SmoothOper]

I'd say turning it off and using your routers firewall seems like the easiest solution.

The windows 8 firewall has some features that are nice if they weren't kludged and foo barred, for example I can alow or block not just ports and ip addresses but also specific applications, though the ability to block specific services(dlls) is falls short. It appears to be possible, but doesn't seem to work, consistently.

[RobertJasiek]

If W8 is halfway like W7, open extended firewall settings and there must be some log file enable option. Use it, then configure the firewall accordingly.

[SmoothOper]

If W8 is halfway like W7, open extended firewall settings and there must be some log file enable option. Use it, then configure the firewall accordingly.

I tried that, but for some reason the log was empty, maybe I have to figure out how to give the firewall logger permission to access the log file? wtf

http://www.nextofwindows.com/tracking-f ... ewall-log/

[Boidhre]

I'm not exactly clear as to why you actually want to do any of this. Or micromanage to this extent. Dr. Straw's jest may be quite correct here, if you want this level of fine control why on Earth are you using Windows?

[SmoothOper]

I'm not exactly clear as to why you actually want to do any of this. Or micromanage to this extent. Dr. Straw's jest may be quite correct here, if you want this level of fine control why on Earth are you using Windows?

I write software, I don't make hardware software purchasing decisions at companies, but it would be nice if I didn't have to constantly worry about my computer being hijacked, however there was a flake named Bill Gates, and he thought it would be great if grandma's new fangled phonograph, had all these programs calling home, or if you put a thumb drive in a computer it would auto run viruses...

[RobertJasiek]

If that is your concern, here are ideas beyond the firewall:

http://home.snafu.de/jasiek/windows_sec ... ncept.html

[SmoothOper]

If that is your concern, here are ideas beyond the firewall:

http://home.snafu.de/jasiek/windows_sec ... ncept.html

That is pretty cool thanks. On vista I was using the user directory encrypted files, which seemed to be fairly secure, but it seems I had to turn it off to install hardware and some software. Maybe the UAC on win 8 is better. I kind of bumped into some issues on my Cygwin directory, setting groups and users there doesn't seem to mesh with the windows UAC. Maybe I just need to get familiar with it. It kind of bothered me that there were all these different accounts that seemed to have default privileges.

[SmoothOper]

It seems that the solution to my original problem is to manually create the rules for the services. It seems that WFN isn't creating them correctly, and I noticed that there is an extra level of security built in for firewalling windows services, so I suspect therein lies the kludge. WFN is still pretty handy though, because I can look up the services, when I know they are trying to connect. It is still difficult to figure what the services are and why they want to connect out, but I guess that is why they call Seattle, mud town, cause its as clear as mud. Yeah, yeah, I know security double talk says they can't release that information, or they would have to kill us yadda yadda yadda. Pimply faced kids could do a better job of writing an operating system, oh wait...

[SmoothOper]

It seems that there are also windows "hidden" firewall rules that permit certain types of access, and what was confusing, is that windows firewall notifier(wfn) evidently blocks those, if I add the blocking rules then WFN figures out to stop notifying me when it blocks those applications from connecting. voodoo I say VOODOO! I suppose the WFN documentation could be a little more clear the prefix WSH(windows hidden) for the rules was just a little vague, but it is nice that it finds and blocks those. It appears the primary culprit was the windows key management software that likes to dial out every half an hour. The windows event logging is really annoying, because it just keeps logging the legacy netbios local area network pings, so you have to wade through that and can't find any of the events that you were looking. Why they didn't have the event viewer find or filtering search the ip field I don't know, I can only suspect people would actually be able to secure their box if they had that information.