Windows Firewall: Is It Enough?
Leak Testing: Windows Firewall has failed leak testing done by security researchers. This means your data can leak through the firewall to the outside. You obviously don’t want people to be able to find out what’s in your computer, so you should be using a firewall that does not leak. If you'd like to find out how your current firewall performs against leak tests, head over to Matousec’s Proactive Security Challenge website.
That said, even if a firewall passed the leak tests, it does not mean that it is enough. You need to know if a firewall can block port scans, unsolicited requests and hacking attempts or attacks to your network.
Exploits, Bad Packets and Port Scans: If you check DShield’s Top 10 Reports (DShield monitors and analyzes firewall logs submitted by a community of volunteers to alert us as to whether a particular network is compromised or being attacked by hackers or if the current internet attacks are being caused by worms, bots and other type of malware), you will see which ports are actively receiving attacks and the top 10 IP addresses that are the source of attacks. So how do you know if these attacks can affect you; should firewall software be able to help you against these threats?
If the system is infected, Windows Firewall in XP will fail to block any outside connection being use by the malware. Because XP’s firewall does not offer outbound monitoring it is not enough to protect you because you’ll never know if malware is using your connection to infect others. Your ISP will be alerted and you should receive a notice (if they able to identify which computers in their network has become infected and spreading or distributing malware or infecting other computers without their knowledge).
Windows Firewall in Vista might be able to protect if you enable the outbound protection. However, if there is security vulnerability in Windows components or services which the firewall depends on to run or operate, you might not be able to get better protection until a security update is released and has been applied to fix the problem.
Take as an example this incident: Blaster and Sasser worms took advantage of the security flaws in RPC service in Windows. Microsoft has improved Windows Firewall and continues to release security update which is why it is important to keep our system up-to-date. The past is in the past, you might say… but you’ll never know when vulnerability will be found again, which services in Windows will be affected and who will be impacted. This issue has been fixed long ago, but I still believe the windows firewall is not enough protection on its own.
Not all firewall software, including Windows Firewall in XP and Vista, can pass a port-scanning and exploits test. It depends on which ports are opened and if you have vulnerable applications. It’s a good idea to try a Port Scanning or Exploits test using Shields Up! or PC Flank.
Controls: Many applications that require internet connection should be monitored by firewall software. The importance of using a rule-based firewall is you will have control over which ports any application can use to communicate. Example: A browser requires Port 80 to communicate to the internet using HTTP protocol. If you have a rule-based firewall, you can use it by allowing only a particular or set of ports to be used by your browser. Then you can create other firewall rules that will block other ports or connections that you believe are not needed. Windows Firewall in Vista will let you create inbound and outbound firewall rules but not Windows XP, for it only has inbound protection.
Self-Defense: Windows Firewall in can be easily terminated or stopped by other applications. This was documented by many security researchers including Matousec. People who have Windows Vista and Windows 7 with UAC enabled have better luck from unwanted termination of the firewall because you will receive an alert if any malicious application tries to disable or terminate the firewall service or processes.
Tips: Always check if your firewall can pass leak test and port scanning. Also, make sure that the firewall software that you are using does not have un-patch vulnerabilities. Using vulnerable firewall software will not keep you protected against the known issues.