January 14th, 2006, 06:46 AM
How To Armor-Up Windows Firewall
Note: I'm aware another thread similar to this has been posted, however that one only describes mainly about configuring windows firewall. This guide gives more of a breif overview and a list of other things you can do to IMPROVE your protection with windows firewall.
With the release of SP2 for Windows XP, it came with a rather primitive firewall that the majority of the public classifies as horrible. However, it is still being used today by several people due to a few basic reasons:
-Extremely simplistic/easy to use.
-Very low memory usage.
-Comes with SP2 (on Windows XP) for free.
-Better than no protection at all.
Well if you really hate having those complex firewalls that consume a lot of resources and boggle your mind with configurations, here is a guide for you! I've done a bit of researching on a few relatively affective methods of "strengthening Windows XP's firewall", which basically involves the combination of a few simple programs and configurations. This guide is basically designed to give people a frew simple steps to setting things up to improve their defenses with Windows XP's Firewall. (Note: sorry if it seems like an advertisement [because it's not!! ] the links provided are used as resources.)
1.) Configuring Windows Firewall:
Seeing as how Windows Firewall was made to be simplistic, not a lot can be done with it. If you are planning to tightly secure your system with Windows Firewall, an easy thing to do is to simply turn it on and also check the "Don't allow exclusions" box (via Control Panel ->Windows Firewall). However, using that feature is quite blunt since you are very limited to what programs you can use. Another thing you can do is to basically manage your exceptions using rather a more of an advanced approach. Doing this can give you access to open specific ports, secure certain programs for access, ICMP access, etc. but since explaining this is relatively repetitive, been previously posted and quite in depth, you can find the entire ariticle here:
(A few good links are provided there as well. If you really want to go more in depth for Windows Firewall configuration only, then that is a good thread to look at)
The last possible thing you should do is turn on logging for windows firewall (it's defaultly turned off). Doing this is relatively simple and requires just a little browsing in the Windows Firewall configuration menu subheadings (Control Panel->Windows Firewall->Advanced->Security Logging Settings). Once you are there, check the box under "Log Dropped Packets" and the other if you want to closely monitor your network activities. Viewing these logs can be done by default with Windows' own seperate method, but it's rather primitive and inefficient. A better way to view the logs is by finding a third party log viewer. Many free ones can be found on the internet simply by using Google Search or browsing around this forum. Below I have provided a link if you'd rather not search:
2.) Getting the Advanced Features from other Firewalls:
If you want the advanced features that heavy firewalls tend to provide, there are combinations of relatively small programs you can use to substitute with Windows Firewall. They have been divided up into two sections below for easier browsing.
One of the major issues Windows Firewall has is that it does not offer any outbound control. This makes your computer vulnerable once your defenses have been broken, since threats such as Trojans can freely transmit information back to a hacker. A few good programs out there that can substitute outbound protection are listed below (they also tend to not use a lot of memory):
-Prevx1 "R" (Beta version from Prevx, which is good, but still uses quite a bit of memory)
-AppDefend/GSS Beta (Made by Ghost Security and is low memory using and an effective solution.)
-ProcessGuard (Created by Diamond CS and is not really considered outbound protection. However, it still has several similar features that can aide you.)
Having programs such as these behind your Windows Firewall (or any other inbound only firewall) ensures a relatively strong outbound protection on your computer. All three programs listed have an easy-to-use interface, so setting it up isn't hard. Most of what you need to configure is given to you in the form of alerts as the programs ask for outbound access.
(B.) Other Features:
Almost all firewalls out there today that are paid offer several, rather random advanced features, such as cookie protection, script blocking, etc. Of course, Windows Firewall lacks such luxuries, so you must substitue by using a few good programs. Below I've listed a few programs that can help give you some idea of what you can use for the advanced firewall features you want.
-CCleaner (A very thorough, good cachecleaner. Used to remove all junk files, temporary files, and other old & unwanted files hanging around in your computer.)
-This is a very flexible program for removing 'residue/junk' files due to its several options and areas that are available for your use. Your scans can also be customized each time before running.
-SpywareBlaster (By far one of the best free substitutes. It offers cookie protection for Firefox and IE, a restricted sites list, and ActiveX protection for IE. Best of all it consumes basically no resources!)
-This is a very simplistic form of protection which I find great. All you basically do is install it, update and enable all protection and its done! You can selectively remove or add new threats to be blocked in the main menu's subheadings.
-MS Antispyware (This antispyware [along with any other ones that provide thorough real-time protection] provides features such as script blocking. Not only that, but they add a defensive layer against spyware/malware/adware too! Tools like these are great for performing several security tasks.)
-Well it's basically one of your big antispyware products out there that doesn't require as much configuring. Script-blocking is already enabled, but I would reccomend you allow it to block all scripts (Located at: Options->Settings->Real-Time Protection and check the box "Block all scripts"). You will still recieve some alerts asking your confirmation to block/allow programs/scripts after doing this, but just not as many without this option enabled. Also, there are a few handy extra tools added in, such as a browser restorer, a mini-cache cleaner, and a system explorer with decent flexibility. These can be accessed through the "Advanced Tools" button/section.
-HijackThis(Allows you to MANUALLY remove threats and has several convenient tools, such as the process manager, secure uninstall tool, etc.)
-This product's purpose is relatively used for scanning, detailed log creation, and malware removal. However, this requires advanced knowledge in order for malware removal and it is best that you post in a forum for help. Despite all this, HijackThis still remains very flexible and has several tools that a unknowledgeable person can use with ease. The other tools you seek can easily be found in the Misc. Tools Section (Accessed by the button "Misc. Tools" or through the "Config" button).
3.) The Remaining Basics:
Well, as I said previously Windows Firewall isn't that great, and even with all these combinations & configurations added onto it, you are never 100% safe. So remember, there are some things you should be careful of! Windows Firewall is a relatively easy in being overwhelmed, but still provides the basic protection you need (tested on GRC with perfect results).
There are a few things to keep in mind which really apply to computer security common sense, such as:
-Use a secure web browser, such as FireFox (FF) or Opera instead of Internet Explorer (IE).
-Be cautious on where you browse and try to avoid being a target for hackers (e.g your computer is found to contain valuable information).
-Get the basic defenses, such as antispyware, or antiviruses which are available free to the public from some companies.
-Keep Windows updated, as well as all other security software you have on your computer currently.
-Watch your network closely (especially if its wireless) as they are also targetted for attacks.
Conclusion: Well I hope this helps for the people who still want the extra "oomph" in their basic Windows Firewall protection. However, I myself have stopped using it quite a long time ago and moved on towards other firewalls. This is because they are better in a lot of ways UNLESS you still prefer lower memory usage and the Windows-simple style to protection. But as said before and by several others who agree, Windows Firewall is certainly better than nothing!
P.S Feel free to post any comments or additions into my guide. I will probably edit it if I find anything I've missed. (And sorry if I've missed anything relatively big.)
Come to the dark side......WE.....HAVE......trackingCOOKIES!!