there is a lot of talk on the internet about microsoft manipulating the “‘dnsapi.dll’” and other stuff so software firewalls are unable to stop win10 from calling home.
many win10 hater claim that microsoft windows 10 can not be blocked with a software firewall.
they say the only way to block it from calling home is a hardware firewall.
because windows 10 has ways to circumvent any software firewall.
now to me this sounds like bollocks.
for one… if microsoft would do that they would create a hole for other software, right?
but can someone from comodo shine some light on this “issue”.
can someone who knows what he is talking about (best a comodo coder) explain why this is true or why it is not true.
Yeah…no unless the software firewall is badly coded or somehow doesn’t use a kernel-mode filter driver then the firewall can control all network access even the OS its self. Take CFW for example, you can create a block rule for “Windows Operating System” under application rules and any attempt from kernel-mode to make outbound connection requests will be blocked. You if really want to lock down Windows 10 you could set the firewall to custom-ruleset and remove all default application rules, and set the alert frequency to high. You could also create a specific rule for svchost to only allow out DNS, DHCP, & NETBIOS and specifically only allow DNS requests to a specific DNS server IP address.
Yeah its all speculation without any proof or evidence and these claims are made by people who really don’t know that they are talking about and haven’t bother to fully test their accusations. Its all empty assumptions and if you took a few seconds to fire up wireshark you would see what’s really going on. I also bet that most of the time the “telemetry” data that people claim to see leaking is really something else entirely for example checking the revocation status of a digital signature of an executable or the discovery of other devices on the local network.
From Windows 10 new stories from several months ago? You gotta be joking.
There are over 198 Million news stories archived on the internet. You wish to go through each one?
I’m not sure what you mean by a shadow connection but yes all network communication will be see by the firewall due to it being in kernel mode. For example, even if you were to use an application that makes use of a 3rd party NDIS protocol stack (WinPcap) that bypasses the standard TCP/IP networking stack, CFW will still block the outgoing connection if you have a rule to block it as long as the application rule is applied towards “Windows Operating System”.
Well i think i found what i meant it is Called Intel Management engine.
The engine is a piece of hardware that runs all the time and executes code independently of windows.
It has network and complete memory access. The code is obfuscated in a way it cannot be read (having an extra table in the chips to read it). In short it is a build in rootkit.
Has anyone ever thought about protecting the os from this?
