Can a Firewall work without updates?

Hi all.

I’m using 3.14 Firewall only (no AV and no D+).
If I understand well only the AV and the HIPS receive updates. So my question is: can I keep 3.14 indefinitely?
The reason is I really don’t like V4 and would like to keep version 3.

Thanks.

If you are only running the firewall, what does it matter if you install 4.0?

It’s risky to assume there are never any fixes to the firewall in application updates.

Thanks for the answer.

My problem with V4 is the “allow all outgoing” in the global rules.

As I see it, if a Firewall is properly designed it will work as long as Internet data protocols don’t change.
Please correct me if I’m wrong.

It's risky to assume there are never any fixes to the firewall in application updates.
But you can always fine tune the application rules can't you?

Then remove that rule.

No security solution can guarantee 100% protection. Even a properly designed firewall can fall to a newly discovered exploit. It’s just not a good idea to assume that the firewall you’ve been using will always be adequate as there may have been an exploit fixed that you will not have patched.

Yep.

When a program wants to access the web it will first go through Application Rules and then through Global Rules. Blocking a program is done by the application rule.

Incoming traffic first goes through Global Rules and then through Application Rules.

The logic is that a firewall should block all incoming traffic unless stated otherwise in Global Rules. For outgoing traffic the logic is that it is something we basically want to access the web, reflected in the allow for outgoing traffic, and Application Rules will block when required.

Given the above logic I see no problem with the Allow Out rule in Global Rules.

When using the default configuration all safe programs will be allowed outgoing traffic without getting notified. That frustrates a lot of people

This works as follows.

  • First of all CIS won’t make rules in the Application Rules list by default - Second, regardless of the first it will give each safe program outgoing access to the internet and will block incoming traffic for the application.
    All these program will be placed under the All Application rule and are subordinate to that rule. Changing an application’s rule while it is under the All Applications rule will not work; it will be overruled; it is subordinate

To change these two things to get more grip programs accessing the web:

  • Let the firewall make rules for safe applications.
    Go to Firewall → Advanced → Firewall Behaviour Settings → tick “Create rules for safe files”
  • To get control over individual application rules.
    Go to Firewall → Advanced → Network Security Policy → Application Rules →
    [li]Now either delete the All Applications rule (this will put CIS in Proactive/Optimum Security configuration)
  • Or move the applications you want control over to somewhere above the All Applications rule[/li]
To change these two things to get more grip programs accessing the web:
* Let the firewall make rules for safe applications.
  Go to Firewall --> Advanced --> Firewall Behaviour Settings --> tick "Create rules for safe files"
* To get control over individual application rules.
  Go to  Firewall --> Advanced --> Network Security Policy --> Application Rules -->
      o Now either delete the All Applications rule  (this will put CIS in Proactive/Optimum Security configuration)
      o Or move the applications you want control over to somewhere above the All Applications rule</blockquote>

Would those settings make V4 work as V3 does? Remember I’m not using D+.

And how to change Global Rules to resemble those of V3?

Were you using v3 with the Internet Security configuration? Then use the Stealth Ports Wizard to go back to the old situation. Go to Firewall → Common Tasks → Stealth Ports Wizard → select “Alert me to incoming connections - stealth my ports on a per-case basis” .

That will change the Global Rules back to the old v3 situation.

Thanks Eric and HeffeD.

Were you using v3 with the Internet Security configuration?
I was (am) using Firewall Security Configuration.

All in all I think I will stay with V3.