Firewall considerations: disabling Windows firewall or not etc...in Win7

Avast Free Antivirus / Premium Security
1

What I always did:

  • when running Comodo firewall, I always as a rule disabled Windows Firewall for obvious reasons (earlier versions of CFP did that automatically during the setup btw)
  • noticing at the same time that leaving Windows firewall on wasn’t really problematic. There has been changes since XP but globally Vista and Seven versions, when left with the default settings, are rather light and very unlikely to conflict with another firewall.

Anyway, I recently switched to Avast 5 new firewall. The purpose of this thread is not to discuss this new FW functionality but something that’s been stated, may be by Vlk, not sure, ie Windows Firewall should be left turned on because it performs non-firewall tasks that are important for security, ie IPSec…

Now as I was, just a few minutes ago, browsing Wilders Security forums, I found that interesting link in a thread there:
http://technet.microsoft.com/en-us/library/cc755158(WS.10).aspx

…meaning basically that disabling the (ms) firewall itself in Windows Seven doesn’t disable the extra security features associated with it:

Coexistence with third-party firewalls

Windows Firewall with Advanced Security consists of a set of services that provide much more than the traditional firewall. IPsec connection security rules, network service hardening, boot time filters, firewall filters, and stealth filters are all services provided by Windows Firewall with Advanced Security in Windows 7 and Windows Server 2008 R2. [b]Because multiple firewall programs can be problematic due to conflicts, if you install a third-party firewall program, you need to turn off the Windows Firewall[/b]. [b]In previous versions of Windows, turning off the firewall meant also disabling all of the related services[/b]. If the third-party program does not provide all of the same functionality, then you might be unintentionally exposing your computer to threats for which you no longer have protection. In Windows Server 2008 R2 and Windows 7, Windows Firewall with Advanced Security enables more specific disabling of its features through published application program interface (API) calls. When a third-party firewall program is installed, the installer can disable only those portions of Windows Firewall with Advanced Security that conflict with the services that are provided by the third-party program. Other Windows Firewall with Advanced Security services are left enabled, and continue to help protect your computer.

I don’t think I should add anything :wink:

edit: this is valid for Windows 7 and Windows Server 2008 R2 (due to firewall versions and behavior)

2

no feedback ??? ::slight_smile:

3

I’d say it’s a question mainly for Lukor - who is currently on vacation, and still will be for a while, so there might not be any feedback for some time.

4

We have tested extensively with the Windows Firewall turned on, and concluded that there are no conflicts. The Windows firewall works a bit differently (is hard-wired to the TCP/IP stack in Windows) and running the two in parallel shouldn’t be a problem in any way. So we keep it on.

This decision was actually motivated by some discussions we had with the network guys in Redmond.

Thanks
Vlk

5

the main reason I posted this is because the info I got and posted was found on a very recent Microsoft web page, probably written by some Redmond guys as well. I already stated that Windows firewall wouldn’t conflict with another firewall, I know that and I saw that. But keeping it activated in Windows Seven when there’s another firewall installed is, as stated by some other Redmond guys, useless (refer to my first post here for that).

6

Hi Vlk
I think this does not apply for Windows XP
http://technet.microsoft.com/en-us/library/cc755158(WS.10).aspx
I understand it so that the Windows XP Firewall is better to switched off if Avast IS is installed
The windows help says that should be turned off the Windows Firewall when you install another Firewall

See also my posting here
http://forum.avast.com/index.php?topic=55978.msg472785#msg472785

I’m a member of the german Avast-Forum and I will post it there because the WinFW is not automatically disabled after Avast IS installation and sometimes users are confused

7

Hi,

Given that most/ all of you seem to know what you’re talking about, could you please have a look at my post from March 8th regarding this issue? I’m still running AVAST! with it’s Firewall turned off and have had no re-ocurrence of unduly high CPU/RAM usage… :wink:

Thanks a lot