Emsisoft and Windows Firewall: Your questions, answered.

  • September 19, 2017
  • 7 min read
windows-firewall-preview


From (very) humble beginnings in a Windows XP Service Pack update, the Windows Firewall has evolved into a capable security tool. Today, its performance is on par with – if not better than – any modern third-party desktop firewall on the market.

In light of this, and after a lot of careful consideration, the Emsisoft team made a very conscious decision to rely on the Windows Firewall moving forward, which ultimately led to us merging Emsisoft Internet Security with Emsisoft Anti-Malware. This will allow us to concentrate our efforts on building a bulletproof product while using our Behavior Blocker technology to further strengthen the already rock-solid Windows Firewall.

To put it simply, using Windows Firewall in conjunction with Emsisoft Anti-Malware will provide better protection for our users, and that is our number one objective above all else.

Since our announcement of the Emsisoft Internet Security and Emsisoft Anti-Malware merger, we have received a lot of positive feedback. However, we also got a lot of questions. We want to take the time to answer the most frequently asked questions in a bit more detail:

So are you going to remove the firewall completely?

The answer to that question is not as simple as it may seem at first. Firewalls are usually divided into two parts: A so-called packet filter, which usually deals with incoming packets and is therefore often called an inbound firewall; and an application filter that deals with applications wanting to access the network or internet, which is why it is often also referred to as an outbound firewall. Emsisoft Anti-Malware has always had an application filter as part of its Behavior Blocker and that will continue to be true. The difference between the outbound firewall in Emsisoft Anti-Malware and Emsisoft Internet Security is that the former makes decisions autonomously, while the later, at least in theory, allowed you to also use your manual rules. In practice, the default for Emsisoft Internet Security was to automatically allow all outbound connections and the majority of all our users never changed it.

Why did you make the change? Was Emsisoft Internet Security less secure than the Windows Firewall?

No.

All firewalls on modern versions of Windows are based on the same technologies provided by Microsoft. In addition, inbound firewalls in particular are incredibly straightforward to implement, as they only block or allow access based on simple rules. That is why there is absolutely no difference in protection provided between any of the inbound firewalls on the market, including the Windows Firewall.

However, the Windows Firewall does have some benefits:

But there are also a couple of disadvantages, which is where Emsisoft Anti-Malware 2017.8 comes in:

To sum things up, for inbound filtering, the Windows Firewall is just as solid a choice as any other firewall product on the market, including Emsisoft Internet Security. It provides better compatibility and is easier to use for the majority of users. Its drawbacks mostly revolve around its outbound filtering capabilities, which are perfectly complemented by the enhanced Behavior Blocker that is part of Emsisoft Anti-Malware 2017.8 and later.

Where can I find the new Windows Firewall Fortification options?

The new options are part of the Emsisoft Anti-Malware Behavior Blocker. As such, you can find them under Protection/Application Rules:

emsisoft-firewall-fortification-options

In addition, whenever the Behavior Blocker sees any application it doesn’t know to be trustworthy attempting to create new firewall rules or change the firewall status, it will attempt to auto-resolve the situation by blocking the attempt:

emsisoft-firewall-modification-alert

If you have auto-resolve disabled, it will simply ask.

Where can I find the “advanced configuration possibilities” you talk about? My Windows Firewall only has a couple of options!

The default dialog to configure the Windows Firewall can be incredibly deceptive at first. The advanced configuration dialog is stashed away behind an innocuous looking link in the normal Windows Firewall configuration dialog:

windows-firewall-advanced-settings

Windows Firewall dialog with link to Advanced settings

Clicking that link will expose the real configuration of the Windows Firewall where you have full access to all the rules it adheres by.

That looks awfully complicated. Are there easier methods?

There exist a slew of additional applications that sit on top of the Windows Firewall and attempt to enhance it by making rule creation and management easier. Some of the most popular are:

That being said, we think that the majority of users probably won’t find these tools to be necessary. That is also why we decided against creating our own Windows Firewall front-end and focus our development efforts on improving the complementary and enhanced technology in our Behavior Blocker instead.

So what do you recommend I should do?

We strongly believe that the combination of Emsisoft Anti-Malware and the Windows Firewall is the best option for almost every user. For the past 12 years while developing our product, we used this exact combination in all of our internal performance evaluations of our technology. Our malware research team works hard to make sure that even the most advanced threats are blocked immediately across all our products.

So yes, Emsisoft Anti-Malware blocks the same malware that Emsisoft Internet Security blocks out of the box – no configuration, paying extra or jumping through hoops needed.

If you do feel the need to make sure that certain legitimate applications can’t access the internet, the Windows Firewall does offer the ability to do so via its Advanced Settings. If you find that method to be too inconvenient, going with one of the many front-ends may be an option for you.

We do know that a small minority of Emsisoft Internet Security users believe that the Windows Firewall must have backdoors implemented by Microsoft to allow them to spy on their users. In all our research, we haven’t found one and neither have hundreds of other security professionals that constantly review Windows for possible backdoors and vulnerabilities.

We also think it is important to keep in mind that every single firewall product for Windows Vista and later uses the very same frameworks to implement packet and application filtering. There is no difference between the Windows Firewall, Emsisoft Internet Security and any other third party firewall from a technical point of view. If Microsoft were to backdoor their products to allow unhindered communication, this backdoor would probably be part of the Windows Filter Platform or the NDIS Lightweight Filter Framework, which are the underlying technologies all firewall products are built upon, and affect every firewall product equally.

If you still prefer to use a firewall product other than the Windows Firewall, we recommend you contact the software company creating your new firewall product of choice beforehand to ask them whether they implement their own firewall or rely on the Windows Firewall as well. Most firewalls and internet security suites dropped their own implementation in favour of the Windows Firewall many years ago. So we suggest you ask them first to make sure you don’t end up with a Windows Firewall front-end instead.

Do you have more questions? Post them in the comments and we’ll answer them.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have an excellent (malware-free) day!

Sarah

Sarah

Malware analyst at Emsisoft. Cryptolocker hitting so many people in 2013 was what really piqued my interested in malware, and especially ransomware.

What to read next