Windows 7 and 3rd party firewall - disable windows firewall?

Soldato
Joined
5 Jul 2007
Posts
2,571
Location
NZ
Back in the XP days if I installed a 3rd party firewall like Comodo I would disable the built in XP firewall too.

Is the same true for Windows 7? Install the firewall and disable the built in one to remove confilicts?
 
Do you use your routers own firewall too?

Tbh, your routers own hardware firewall + Windows Firewall is all you really needed from my experience.

Coupled with a decent anti-virus software like Avast or MSE, then you shouldn't need 3rd party firewall software.
 
Last edited:
You really don't get conflicts with security software, it's just a waste of resources to use more than one.

If you don't need application control then stick with the W7 firewall.
 
I know in theory you shouldn't need a software firewall when you have a router, but a year ago when using AVG my parents machine managed to get a rootkit keylogger installed. It went straight past AVG and the only thing that notified them it was there was a Comodo firewall popup saying an application was connecting to the internet in a weird way. They rang me and I remoted in and found it hidden away.

Have since moved away from AVG and onto Avast/MSE but you can never be too careful these days. I'm after application conrol hence the 3rd party solution.
 
AVG was the problem then as the firewall notified you. It would have gotten through firewall or no firewall, it was AVG's fault that it didn't pick it up. A better AV program like Avast or MSE as you mentioned should have stopped it.

You can install a 3rd party firewall and disable Windows Firewall, but it will only slow the system down more than it needs to.
 
The Windows 7 firewall can be configured to block all outgoing connections not matching a rule,

if9191.jpg


The problem is that by default there are no pop-up notifications for outgoing connection attempts. There's a free Firewall Control add-on which comes in 32- and 64-bit flavours that can provide this utility.

http://www.sphinx-soft.com/Vista/order.html
 
AVG was the problem then as the firewall notified you. It would have gotten through firewall or no firewall, it was AVG's fault that it didn't pick it up. A better AV program like Avast or MSE as you mentioned should have stopped it.

You can install a 3rd party firewall and disable Windows Firewall, but it will only slow the system down more than it needs to.

Thanks for the advice people. I've installed Comodo now on Windows 7 and don't notice any performance drop.

With regard to Nymins saying the firewall wouldn't stop things, thanks to Comodo last time it stopped the keylogger uploading any of the log files. Without it the keylogger would never have been noticed. I'd rather run the firewall as a secondary defence against outgoing stuff than rely on just the AV program as none of them are 100%. Good AV and a good firewall is the best defence!

Cheers for the link to the Win 7 firewall config program. May have to have a look into that at some point :)
 
AV and firewall do two completely separate jobs, I think the concept of an "Internet Security Suite" has blurred the line for many.

And it's always worth having a local software firewall whatever the situation. If it's there - turn it on.
 
I have been using Windows Firewall (with outbound connections blocked) coupled with Windows Network Monitor on W7. Network traffic is also viewed on a sidebar gadget. The firewall is configured manually and I can capture and analyse network traffic accordingly (this is where I notice a lot of IPV6 traffic).

Comodo was ok when I was on Vista but tended to fail to start on several occasions, plus I wanted ot keep it simple on the new OS by keeping 3rd party products to a minimum.

So far I have had no issues and I more or less know exactly what comes in and what goes out from a network perspective.
 
Thanks for the advice people. I've installed Comodo now on Windows 7 and don't notice any performance drop.

With regard to Nymins saying the firewall wouldn't stop things, thanks to Comodo last time it stopped the keylogger uploading any of the log files. Without it the keylogger would never have been noticed. I'd rather run the firewall as a secondary defence against outgoing stuff than rely on just the AV program as none of them are 100%. Good AV and a good firewall is the best defence!

Cheers for the link to the Win 7 firewall config program. May have to have a look into that at some point :)

Thats good, but what i was saying that the firewall didn't stop the keylogger getting there in the first place. Its good that it picked it up. Eventually. But it shouldn't have even got in. The AV software you were using wasn't up to scratch and didn't stop it from being downloaded or tell you that it was downloaded.

By the sounds of things, it was a user issue coupled with bad AV software. The keylogger should have never gotten through unless the user downloaded it.
 
I have been using Windows Firewall (with outbound connections blocked) coupled with Windows Network Monitor on W7. Network traffic is also viewed on a sidebar gadget. The firewall is configured manually and I can capture and analyse network traffic accordingly (this is where I notice a lot of IPV6 traffic).
Are you referring to Network Monitor 3.3?

Do you permanently capture/log network traffic while the PC is on, and how do you go about identifying a rogue program attempting to make an outbound connection?
 
Are you referring to Network Monitor 3.3?

Do you permanently capture/log network traffic while the PC is on, and how do you go about identifying a rogue program attempting to make an outbound connection?

Yes thats it -it was a little early when I posted so not 100% :)

I do not capture all of the time. I only capture if I suspect that there is something wrong or I see visual traffic on the network meter gadget (not the best aid I know). I am also behind a Linksys router providing a basic hardware firewall.

For example: when my system was freshly built and all apps installed I kept seeing 1.656KB of outbound data every few seconds. I ran netmon and captured this and identified SSDP: Request, M-SEARCH * - basically this was the SSDP service working with the UPNP Host device service and sending out a discovery broadcast. Nothing to worry about but disabling them would not allow my PS3 to see my PC.

If you have a capture but you are unsure of the data then you can Google the results in the description column. There seems to be a lot of IPV6 traffic too.
 
Back
Top Bottom