Windows Firewall ON/OFF

Calm down angry clown. I didnt post anything offensive. I am just NOT wanting this thread to be about anything but the fact of whether Comodo follows MS recomendations to PARTNERS(thats my source, become one and then you know). Then there is the source of Avast that I ALREADY posted in my initial description.

And simply becuase Im tired of all forum ‘guru’s’ asking us to quote sources but when we ask them they tell us “…do a search and learn to find things for yourself”…well…back at ya. And sorry, ‘user defined wiki’s’ dont count EVER as fact in the real world. I could care less if you beleive what I post here. I have been on PC’s since the corps in '91 and we didnt scrimp ANYWHERE on security…the office/position I held is STILL in the credits of the basic framework of Oracle…how’s that for a source. Yes, I am the listed Admin Cheif(91-92).

If ANYONE is taking offense, maybe they should step back and weigh there own motives, or at least pick up a box of tissues. There is nothing personally offensive to anyone. I cant change the way someone else will take it.

Capitalization IS NOT yelling. It is the method to attenuate the topic and direct the attitude of the information. Now if I was sending this as a text message from homeroom, that would be completly different.

But just for you, here is a source that you read while viewing this very thread…

Back to the thread topic…!!!

Comodo, Windows Firewall on or off?

Windows has its issues, but do you seriously think it is so poorly designed as to become unstable when the firewall is turned off? If that were the case, you wouldn’t be able to turn it off, or at the very least you would get a popup warning you of the consequences of turning it off…

Perhaps you have forgotten that the Windows firewall was added with a security update? (Win XP SP2) So you’re saying that we cannot turn this off without risking the stability of the OS that the firewall was patched into?

In fact, on Win XP, if you have the Windows firewall and another firewall active at the same time, the security center itself will warn you that you shouldn’t be running two firewalls. Odd warning there if they recommend not turning it off…

The XP firewall does not filter outbound connections.

The Windows 7 firewall does. Microsoft figured, in their infinite wisdom, that the firewall should then manage the traffic created by network discovery/file sharing, according to whether the computer is running a domain, private, or public profile. Thus, disabling the windows firewall allows network discovery/file sharing traffic through, as generally, windows firewall is set to block it - and can, because it has outbound filters.

The story is different for the two firewalls. However, setting Comodo to block network discovery and file sharing traffic should allow you to safely disable the windows firewall. Doing so will render network profiles essentially meaningless though. And I have no clue what it’ll do to Homegroup (I’ve never used the feature).

Disabling the firewall obviously doesn’t make anything “unstable.”


Edit: I was right the first time. Hooray late night mental lapses!

How about this…the process’s ALSO involved when the WinFW is running are mosre than just Network Discovery, IP protocoling, etc. IN THE PAST BEFORE WINDOWS MADE A FIREWALL you had to disable ANY third party firewalls…again this is BEFORE windows gave us ANY TYPE of their own.

If you shut down the Windows FW YOU ARE SHUTTING DOWN OTHER PARTS OF YOUR OS THAT IT NEEDS TO OPERATE CORRECTLY. You may not notice for weeks, or months and will probably blame Comodo or what ever solution you use BECAUSE you, like many other people, learn one thing and are so afraid of change that learning any new methods is IMPOSSIBLE.

The old requirement was ‘disable any third party firewalls beofre installing ANOTHER third party firewall’; since they implemented thier own IT HAS ALWAYS BEEN RECOMMENDED to AV solution providers their package NOT REQUIRE users to disbale WinFW(and its congrueint services/dependancies). Its just like if you shut ANYTHING else in windows down…if something has it as a depndancy YOU WILL BECOME UNSTABLE…and that exactly what you do by turning off WinFW…get it, probably not but there is ALWAYS hope, eh?

but once again because Melih CANNOT deal with things that are all in the control of marketing now I am asking from Comodo…not old thinking and methodology based upon when Windows had NO firewall at all…you have succedeed in ALMOST making it so I was doing EXACTLY what you are…STICK TO THE TOPIC…if you aint Comodo Im not looking for opinion. I dont know why so many of you get upset over that, but thats your bag of rocks, go kick em.

Windows Firewall ON or OFF?

Dependencies eh?

Read 'em and weep. :wink:

[attachment deleted by admin]

Have a good read here:

http://www.microsoft.com/whdc/device/network/WFP.mspx

Windows Filtering Platform: Windows Filtering Platform (WFP) is a new architecture in Windows Vista and Windows Server 2008 that enables independent software vendors (ISVs) to filter and modify TCP/IP packets, monitor or authorize connections, filter Internet Protocol security (IPsec)-protected traffic, and filter remote procedure calls (RPCs). Filtering and modifying TCP/IP packets provides unprecedented access to the TCP/IP packet processing path. In this path, you can examine or modify outgoing and incoming packets before additional processing occurs. By accessing the TCP/IP processing path at different layers, you can more easily create firewalls, antivirus software, diagnostic software, and other types of applications and services.

WFP provides APIs so that you can participate in the filtering decisions that occur at several layers in the TCP/IP protocol stack. WFP also integrates and provides support for next-generation firewall features such as authenticated communication and dynamic firewall configuration that is based on an application’s use of the Windows Sockets API. This capability is also known as an application-based policy.

WFP is not a firewall. It is a set of system services and user-mode and kernel-mode APIs that enable you to develop firewalls and other connection-monitoring or packet-processing software. For example, the Windows Firewall in Windows Vista and Windows Server 2008 uses WFP.

And yes CIS Vista and higher is based on WFP so based on this still having WF active would mean dual filtering from WFP API’s that can’t improve the performance if you ask me.

Interesting reading…

So for Vista/Win 7 users, It’s the API’s (WFP) and not the firewall that are the issue. As it should be.

As paranoid as Micro$oft is about another antitrust lawsuit, I couldn’t imagine them forcing users to use their firewall by turning off necessary OS functionality when turning off the firewall… Can you imagine the industry uproar if that were the case? :stuck_out_tongue:

Is, by the way, IE still included in Vista/Seven?

Under XP, you can totally uninstall the firewall, and even windows security center alltogether, but you can’t totally uninstall IE, as it is effectively part of the OS and particularly of local explorer functions.

It is also very difficult, if not disabling windows restoration and if not using specific utilities, to uninstall a lot of junk not related to the os functions themselves (moviemaker, netmeeting…).

The difference between IE and the firewall is you can simply use another browser without IE trying to intercept anything. In fact, I have IE set as a blocked application and have never had any issues. With the firewall, it is on by default and must be turned off to avoid having two software firewalls active if you have a third-party firewall installed. I’ve yet to see any reputable source recommend having two software firewalls active. In fact as I mentioned before, the security center in XP warns against running two software firewalls. I’m somewhat curious what the security center in Vista and Win 7 says about this…

Because I was curious, I did some quick investigating. If you go straight to the horses mouth, Microsoft’s FAQ site for the Win 7 firewall tells you not to run two software firewalls. I don’t know how you can get any more definitive than that…

If I have a router with a built-in firewall, should I also turn on Windows Firewall?

Yes, because router-based firewalls only provide protection from computers on the Internet, not from computers on your home network. For example, if a mobile computer or guest computer connects to some other network, becomes infected with a computer worm, and then connects to your home network, your router-based firewall won’t be able to prevent the spread of the worm. However, a firewall running on each computer on your network can help control the spread of worms.

However, running more than one firewall program on your computer at the same time could cause conflicts. It’s best to just use one firewall program, in addition to a router-based firewall.

-Emphasis added by me-

Disabling the windows firewall renders windows firewall profiles meaningless. Windows firewall profiles are what manage whether or not your computer accepts incoming file-sharing or discovery connections. Disabling the windows firewall doesn’t actually turn anything on, it just lets stuff happen.

You can overcome this problem by blocking those connections with your third-party firewall.

People with windows Vista or 7 should understand this, as firewall profiles are actually a very upfront feature when connecting to the Internet. And, as far as I know, disabling the firewall does not disable the prompt you receive to choose a profile. People may choose a more restricted profile thinking it’s different from a less restricted profile.

Disabling the windows firewall doesn’t stop any other services from running, so the dependency being described, at least by me, wouldn’t show up there.

This is a discussion board, not your personal line to Comodo devs, and we’re all thus far on topic. Oh wait…

Grrr. You smart. I wrong. So Angry. How I play rock? grunt

Which is exactly what I would expect. Perhaps as an XP user I’m just not understanding your description, but I would sure hope that disabling the Windows firewall would render Windows firewall profiles meaningless! I won’t need any Windows firewall profiles, because I’m instituting my own profile with a third party firewall.

Listen. If you just want someone to say you’re right, then fine. You’re right. Windows 7 and Windows Vista work perfectly fine with the windows firewall off and a third party firewall on. It does not compromize security or stability. There. Can you read past your bottom line now?


… now that we’re passed it…

There is a caveat. Because you wouldn’t expect to see prompts, upon connecting to a new network, asking you to choose a windows firewall profile when the firewall is off. And you wouldn’t expect those profiles to be windows firewall profiles, when they’re not labeled as such.

As a matter of convenience, using windows to toggle between profiles is far easier than toggling between comodo configurations.

Sigh.

HeffeD, I’ve been agreeing with you since I first posted here. But you seem to be doing your darndest to ignore the caveat with which my agreement comes. Maybe this is all a miscommunication. Maybe a picture will help.

Here is what you get when you connect to a new network. It is in no way apparent that “network settings” means “firewall settings.” And even if you disable the firewall, you still get this window, and the feature is still present. No warnings. So, windows 7 users should be aware that the profiles they apply to various networks they connect to don’t mean anything if they disable the windows firewall.

Disabling windows firewall does break a feature of windows networking, but only because the feature is secretly attached to the firewall. The feature is really just a front end for the firewall, that sticks around even if you get rid of the firewall.

As for Windows 7 security center. It is perfectly content with running comodo along side windows firewall. There is a “note” that running two software firewalls can cause conflicts. You have to go searching for it though.

Now, I’ve spent a while searching, but all I came up with was, “using two software firewalls at the same time could cause a conflict.” I couldn’t find one case of an actual conflict, nor even one explicit hypothetical example.

[attachment deleted by admin]

I see what you are saying. Like I said before, I’m still using XP so I may not have been understanding your definition, which indeed happened to be the case.

The picture was helpful. It seems very odd that what is obviously a firewall dialog (even has a shield icon on the home and work profiles) isn’t expressly mentioned as such and continues to pop up even if the firewall is turned off. This could definitely be confusing.

As far as conflicts, I think all you are likely to see is slower internet/LAN performance because dual filtering of network traffic is going on. However, there are security sites I’ve read that say two software firewalls can actually lessen your security. I don’t recall them ever saying how this occurs.

:-TU (It’s the closest thing to a handshake offer I could find) Sorry for the snippy replies. No hard feelings?

That’s actually the UAC icon, which basically denotes that the action is administrative. It’s not related to the firewall, although the firewall icon uses the same geometry. It doesn’t show on the Public network option because that’s the profile that’s currently enabled. If I was on a Home network the shield would show on Work and Public. If UAC is off the shields likely don’t show up at all (I haven’t tried that particular combination).

Interesting. The slow connection makes sense. And I can understand conflict in the sense that you may have rules which disagree, to the extent that you may block a program even if you allow it in the other firewall. It’d be interesting to know how such redundancy actually lowers security though.

No hard feelings. :slight_smile:

OK. Not being familiar with UAC, I assumed that was a firewall designation.

Yeah, I have no idea how the redundancy could reduce security. Unfortunately I’ve been unable to find where I read that, but it was in more than one location.

Well atleast you were behind a router and that should offer some level of protection.

Excellent reasoning. Can’t say for other versions of Windows but in XP you will definitely see that message.

I have a question though as I have been using Comodo for nearly two years now but before switching I used to use zonealarm. I know back then that I never turned windows firewall off but anytime I went into the security center it said ZoneAlarm was currently on and running. I am guessing that if windows firewall is on and you install a 3rd party firewall that maybe the 3rd party firewall will take lead and not cause much of a conflict? Not sure as back in the day I never saw zonealarm cause any problems even though win firewall was on. So in this case would having windows firewall on cause any serious issues?

Agreed.

Installing Comodo Firewall on my XP SP3 machine did not turn off the Windows Firewall. However in Security Center I get the following note:

“Note: Two or more firewalls running at the same time can conflict with each other. For more information see Why you should only use one firewall.

Clicking on that link gives the following statement in the help file:

“If you want to install and run a second firewall, turn off Windows Firewall.”

Fairly clear as far as XP users are concerned.

[attachment deleted by admin]

CIS has always automatically turned off the XP firewall for me.