How "fool-proof" is the built-in Firewall of Windows?

Discussion in 'Windows 10' started by rms_returns, Jul 14, 2016.

Tags:
  1. rms_returns

    rms_returns MDL Novice

    Jul 9, 2016
    14
    1
    0
    #1 rms_returns, Jul 14, 2016
    Last edited: Jul 15, 2016
    We have all been using the built-in firewall through the control panel, set the in/out permissions and consider ourselves safe, but how fool-proof is it?

    For example, I had noticed in the past (a few years ago) that some apps can change or alter those rules. Once I had installed VirtualBox and it added its own firewall rule to allow itself internet access (both in and out). However, I removed those rules, but when I upgraded VirtualBox to a newer version, it recreated those rules again!

    This led me to the question, how safe is the firewall really? If any app can add/substract the rules, then what good use is the firewall. Suppose, somebody writes an app that adds a firewall rule to allow a free access, then do everything they want (like create a botnet, etc.) and then remove that rule. What will happen then? Will such event even be recorded somewhere to later prove that the app did it?
     
  2. MrMagic

    MrMagic MDL Guru

    Feb 13, 2012
    5,725
    3,743
    180
    You told Windows you trusted Virtual Box by Ok'ing the UAC prompt you got before it let you install it

    You probably wouldn't do that for malware

    And I'm not certain, I don't use VB, but it's possible during set up it asks if you want it to create automatically, firewall rules
     
  3. rms_returns

    rms_returns MDL Novice

    Jul 9, 2016
    14
    1
    0
    k. That means apps that don't ask UAC prompts won't be able to alter the firewall? That makes me feel somewhat better, but even then, is there an Event Log or something written when an app actually does modify the rules?

    (I clearly remember that VB did not ask my permission regarding internet access rules at that time. However this was an early 3.x version, I have found that later 4+ versions of VB didn't change the firewall rules).
     
  4. MrMagic

    MrMagic MDL Guru

    Feb 13, 2012
    5,725
    3,743
    180
    Apps that don't ask for UAC are not installed at an administrative level (With Administrator privileges) , which is required to make administrative changes, such as changing firewall rules

    Have a look in event viewer for logs
     
  5. rms_returns

    rms_returns MDL Novice

    Jul 9, 2016
    14
    1
    0
    Thanks, I've found it here:

    technet.microsoft.com/en-us/library/ff428140(v=ws.10).aspx

    The events are actually found in Application and Services Logs=>Microsoft=>Windows=>Windows Firewall With Advanced Security=>Firewall.

    My doubts are now cleared :cool:
     
  6. rms_returns

    rms_returns MDL Novice

    Jul 9, 2016
    14
    1
    0
    k. So does that mean that granting Administrative privilege on the UAC prompt will provide something like the root access in the linux world? Meaning that the program can do just about anything it wants including formatting the hard drive and wipe off the partitions?
     
  7. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,542
    60
    Yeah, it's basically the Windows equivalent of "sudo".
    However, it's important to note that UAC is only really secure in its highest setting ("always notify"). The other settings grant silent auto-elevation to some of Windows' own executables, which is less annoying, but could potentially be exploited by malicious apps. That's the tradeoff between security and convenience.
     
  8. sebus

    sebus MDL Guru

    Jul 23, 2008
    5,892
    1,778
    180
    And then there is common sense... (or lack of it in some cases I seen)
     
  9. ThomasMann

    ThomasMann MDL Addicted

    Dec 31, 2015
    912
    141
    30
    Interesting thread, thank you...

    Is the "Allowed Programs" a way to see ALL "apps" that have admin priviledge?

    F.e. do I need to allow Nvidias Shield streaming?
     
  10. rms_returns

    rms_returns MDL Novice

    Jul 9, 2016
    14
    1
    0
    #11 rms_returns, Jul 15, 2016
    Last edited: Jul 15, 2016
    (OP)
    If you are talking about Windows Firewall, then no. It doesn't grant the app admin privilege, but only allows it to pass through the firewall. Admin privilege is a different thing where you right-click the app and click on "Run as Administrator" (or in case of some setup/msi installation files, that happens automatically as they try to perform some privileged tasks like changing the firewall rules and you get a UAC prompt).

    As a general rule, you don't allow any program admin privilege unless you face any issues and specifically know that allowing that privilege is going to solve that issue.
     
  11. PhaseDoubt

    PhaseDoubt MDL Expert

    Dec 24, 2011
    1,448
    278
    60
    Given you can easily turn it completely off, it's not fool proof at all. It does a reasonable job of keeping things out, but has always done a poor job of monitoring, inspecting, and limiting outbound communication.

    As to fool proof things in general, as soon as they build a fool proof anything, along comes a better fool.