turned off, but still: windows firewall has blocked some features of this program

[Arne Helldahl]

Hello,

I currently experience some oddity with Windows Firewall in Windows XP.


My scenario:
- I use a router to connect to the internet via ADSL (the router, of
course, brings its own firewall which is enabled)
- I also have "Windows Firewall" set to "enabled" (globally)
- BUT:
In the Windows Firewall tab where you can selectively disable/enable the
Windows Firewall for individual connections/network adapters I have the
Windows Firewall DISABLED (unchecked!) for a specific connection (my LAN
connection). Since I am behind my router, there is already the router
firewall and no real need for the Windows Firewall.
(I have the Windows Firewall ENABLED for direct PPP connections which do
not use the router but just a normal modem)


Okay, hope, this is all clear and easy to understand (When I dial in via
a PPP connection, the Windows Firewall should be enabled, when I (like
most of the time) use the LAN connection and the router to connect to
the internet, the Windows Firewall should be disabled <- no check mark
for the LAN connection, just the global check mark on the first page of
the firewall settings enabling the Firewall globally).


What I do not understand, is:
Occasionally, I get Windows Firewall alert pop-ups telling me "windows
firewall has blocked some features of this program" and asking me if I
would like to block them, allow them or to be asked later again.


Why is this happening!?
Please, remember:
My LAN connection has no checkmark (is unchecked), which means that the
Windows Firewall should be disabled for this one specific connection!


By contrast, there are other times where the Windows Firewall respects
my setting (the missing checkmark for the LAN adapter):

When I have an ssh server running on my computer and also have a router
setting to grant access to port 22 on my computer I can connect to my
home PC without a Windows Firewall alert popping up! - If the Firewall
were not disabled for the LAN connection, I would, in fact, be unable to
connect to port 22 or I would need a rule to allow access to port 22.

So, there is no doubt that my setting is all right, I have the Windows
Firewall globally enabled BUT disabled for the LAN adapter.


Can anybody explain why the Firewall still _sometimes_ (for some
programs, not for sshd) thinks it has anything to allow/forbid even if I
have unchecked the specific adapter which I currently use (LAN adapter)?


And how could I find out WHAT features the Windows Firewall is going to
block (I have logging turned on but do not find anything of interest in
the log file).

By the way, one such program that triggers such an alert (unless there
is a specific firewall rule) is "qtracker" (a game server browser).
Every time I launch the program I get that alert pop-up though the LAN
adapter has no checkmark to enable Firewall settings for this specific
adapter.



Sorry for the lengthy explanation, hopefully, someone can help me here


Arne

 

[DL]

The firewall used in most routers is insufficient, and doesnt detract from
using a software firewall

 

[smlunatick]

Insufficient HOW?  Include cites.

Most "home" style router are using Network Address Translation (NAT)
to hide the LAN private IP address. This is not a true firewall.

 

[Arne Helldahl]

The firewall used in most routers is insufficient, and doesnt detract from
using a software firewall

I disagree; any hardware based solution is way better than so called
personal firewalls, especially since they create an additional
abstraction layer even above the normal Windows Firewall and may be open
to exploits.

But this is not the discussion I would like to start now...


Therefore:

Please, folks, back to my questions.



Arne

 

[smlunatick]

I disagree; any hardware based solution is way better than so called
personal firewalls, especially since they create an additional
abstraction layer even above the normal Windows Firewall and may be open
to exploits.

But this is not the discussion I would like to start now...

Therefore:

Please, folks, back to my questions.

Arne

Most low level routers that use NAT (Network Address Translation)
which is extremely limited as firewall. Only the routers that are
usually above $200 tend to have recognized certifications of known
firewall test companies.

 

[Arne Helldahl]

Most low level routers that use NAT (Network Address Translation)
which is extremely limited as firewall. Only the routers that are
usually above $200 tend to have recognized certifications of known
firewall test companies.

NAT is a very good basic protection for the average internet user. At
any rate, a way better protection than any kind of software "firewall"
which often enough has some flaws that deteriorate one's protection
instead of improving it; moreover, who really needs outbound protection
anyway? If you don't install software from dubious sources, cracks,
warez and such, why would you need to protect yourself from outbound
connections?

No, even a cheap router is way better than being directly connected
without any NAT to the internet; and heck, even the Windows Firewall is
better than any kind of third party software firewall because it
operates on a lower system level than such products and because it does
a reasonable good work for inbound protection.

My experience (and do some google searches) with so called personal
firewalls has been that they slow down your system, are crash prone,
cause blue screen errors and in the end do nothing to give you more
protection - they are nice for learning purposes and if you want to
block some unwanted update connections or even advertizing pop-ups. But
they are not suitable to increase safety.


But may I remind you that I would not like to continue this discussion?

I would welcome some good answers to my initial questions. Thanks. ;-)


Arne


But I

 

[smlunatick]

NAT is a very good basic protection for the average internet user. At
any rate, a way better protection than any kind of software "firewall"
which often enough has some flaws that deteriorate one's protection
instead of improving it; moreover, who really needs outbound protection
anyway? If you don't install software from dubious sources, cracks,
warez and such, why would you need to protect yourself from outbound
connections?

No, even a cheap router is way better than being directly connected
without any NAT to the internet; and heck, even the Windows Firewall is
better than any kind of third party software firewall because it
operates on a lower system level than such products and because it does
a reasonable good work for inbound protection.

My experience (and do some google searches) with so called personal
firewalls has been that they slow down your system, are crash prone,
cause blue screen errors and in the end do nothing to give you more
protection - they are nice for learning purposes and if you want to
block some unwanted update connections or even advertizing pop-ups. But
they are not suitable to increase safety.

But may I remind you that I would not like to continue this discussion?

I would welcome some good answers to my initial questions. Thanks. ;-)

Arne

But I

Outbound firewall protection is useful in order to see what is going
out from PCs. Also, if you have a software firewall installed, you
can protect the PC from unknown "local area" access (LAN.) A lot of
people whom get wireless routers may completely ignore the set up of
the wireless protection scheme. They leave their network wide open to
anyone who wants to hack the access.

 

[Kayman]

Outbound firewall protection is useful in order to see what is going
out from PCs.

Deconstructing Common Security Myths.
http://www.microsoft.com/technet/technetmag/issues/2006/05/SecurityMyths/default.aspx
Scroll down to:
"Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."

Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater—it’s a gimmick that only gives the
impression of improving your security without doing anything that actually
does improve your security."

Managing the Windows Vista Firewall
http://technet.microsoft.com/en-us/magazine/cc510323.aspx
(read in its entirety!)