Software Firewall for Windows?

Good morning,

I’ve been researching this topic for a long, long time and I still haven’t been able to find a good answer. I’ve read all about people using old PC’s to install a “Firewall Linux Distro” and this sounds great in theory but how is this helpful if a Windows PC on the network has installed an App that has a trojan attached with it that can send information about the Windows user like every keystroke that the user enters to the trojan’s author online?

It seems like so much work to build a hardware device like a Firewall Linux Distro or a specially configured router if it only takes one malicious App on a Windows PC to destroy everything.

I use the inbuilt Windows Firewall, but this rarely seems to work as even when I have set it to block VLC from connecting to the internet VLC still seems to be able to get updates and the Christmas icon appears when it comes close to Christmas… Adobe Acrobat Reader is also able to get updates even though I’ve blocked it in the inbuilt Windows Firewall.

It seems VERY important to install a trustworthy software firewall on all Windows’ PC’s?

How is this not discussed more?

Thank you for reading my question.

I personally use Simplewall (https://www.henrypp.org/product/simplewall) which is, like the name implies, a simple to use firewall. It’s great and I often have problems with programs not working until rember I might need to give them internet access.

Another, more “modern”, alternative I’m watching but haven’t tried yet is Portmaster (https://safing.io/). It does things a bit differently as I understand it but I haven’t looked into it much yet.

Maybe one or the other will be of use to ya.

I appreciate your reply!

I’ve been looking at this for a long time and it seems like the best software firewall available for Windows PC’s.

(Forgive me if I’m not supposed to post URL’s: GlassWire Network Security Monitor & Firewall Tool Features)

I recommend you to natively manage Windows Firewall. Windows Firewall is based on Windows Filtering Platform, and simplewall is based on Windows Filtering Platform, too. So, basically, what you are doing is just replacing Windows’s native firewall, Windows Firewall, with simplewall. Replacing one firewall with another.
Sure, simplewall is much better [than that miserable and crippled Windows Firewall], but what’s even better is to manage the already existing Windows Firewall natively. This eliminates any potential interference that may arise due to having two firewalls (I personally never had any interferences or problems using simplewall, but I’m unaware if there could be problems in some use-cases, for example), and it’s just a “clean” approach.

Best tool to manage Windows Firewall natively is Windows Firewall Control. It is just as lightweight and simple as simplewall. There are no other decent solutions for managing Windows Firewall natively. The app I linked is closed-source, however the developer is very active on this forum:
Windows Firewall Control (WFC) by BiniSoft.org | Wilders Security Forums

There are some little controversies with simplewall. Online virus scans detect some malware, however highly likely they are just false positives:

VirusTotal scan of simpewall
Hybrid Analysis scan of simplewall

Moreover, simplewall still doesn’t have any digital signature, and the developer doesn’t have knowledge how to sign their software, while this information is publicly accessible. Lack of a certificate is not very important, though desirable.

I also dislike the developer’s attitude, and hence dislike the developer himself:

1
2
3

I get it that a lot of people created issues asking about malware (which are highly likely just false positives) in his GitHub simplewall project throughout the years, but it is his duty and responsibility to explain to the users of his project that simplewall doesn’t have any malware and that malware detections are false positives. If he has grown sick and tired of having to deal with all these malware-related GitHub issues, the solution would be for the developer to take his time to explain everything in detail and thoroughly only once, in one of these malware-related issues, and then, in the future, when some user creates a yet another malware-related issue, the developer could just put a link to their explanation and close the issue. No problems. He didn’t do that, however.

By answering with “i dont care” you basically say that “I don’t give a single f*** about you, the user of my application”. It is unprofessional, unethical, disrespectful to the user, negligent, and, after all — rude. I personally don’t want to use a software from such a developer. I like his firewall, however. It’s very light on resources and very simple. Windows Firewall Control is very light and simple, as well. Both are good programs. But I recommend Windows Firewall Control for the reasons I mentioned in my first paragraph.

And I partially disagree with anon82677111. They said:

Simplewall does not add anything new that cannot be done with the standard Windows firewall.

Windows Firewall lacks the most important usability feature which almost all people expect from a software firewall: the ability to manage connections interactively, that is: the ability to block everything by default and have Windows Firewall prompt you to allow/block connections on the first connection [of an application]. Windows Firewall can’t do that without relying on a third-party software.

I have tested Portmaster in the past and it took lots of resources, is very feature-full, and if OP just wants a simple firewall — Portmaster is a bad option. It is bothersome and takes a lot of time to manage, and it has lots of advanced features which the OP may not need. One can use Portmaster if they have an explicit need for Portmaster’s advanced features.

Thanks, I wasn’t aware of Windows Firewall Control. I’ll have to check it out. I’ve been using TinyWall for a couple years and find it simple and effective, but perhaps I’m missing something? Perhaps there are some concerns with it or the developer similar to Simplewall that I’m not aware of?

No, his app is good, so go ahead if you want to use it. Both Windows Firewall Control and simplewall are good, so use what you prefer. I don’t think simplewall has malware, but I just don’t like the developer’s harsh attitude and maladjusted, maybe even sociopathic behavior:

1
2
3
4 and 5
6
…and so it goes.

I’ve used simplewall myself before I settled on Windows Firewall Control, because I prefer to manage the native firewall that Windows already has, not replace it.

I had used some software firewall in the past but I found them not very user friendly and it was easy to mess with the entire windows system firewall.

I actually use Portmaster now and contrary to @3QVvxrhnYZ I find it a nice and easy option that just works. It is user friendly from basic to advance use if you need advance features, also it doesn’t mess with windows firewall settings.
The block lists can prevent microsoft telemetry too.
I don’t find it resource hungry, it’s just not a minimalist firewall and it’s open source and actively developed.

Thank you for the links and info. The guy is indeed a rude asshole. And looks like it’s time to start looking over the firewall options more thoroughly.

Thanks y’all!

I’ve just re-installed Portmaster, and you’re right: it’s doesn’t take 10-15% of my CPU as it was long ago. When idling, it’s 0%, as should be. Seems like they’ve fixed it, good. Anyway yeah — it’s not a minimalist firewall at all, it has too many additional features I don’t need. Account, subscriptions, SPN, some network monitoring features (like, from which country does the connection come), and the UI is too cluttered (some network graphs/charts, lots of sorting options) — just “ugh”. It’s not only a firewall, but a network monitoring tool + a firewall, and Portmaster’s landing page mentions that it’s a network monitoring tool, too. It’s quite advanced though, but I don’t like that it wants to be several tools at once. Especially when some of their features are locked behind a paywall. There are better tools for network monitoring, for example. Not for me. I personally need a dumb “yes/no” firewall. Windows Control Firewall and simplewall are both perfect for that.

It’s not possible to mess with WF via simplewall, because they don’t interact with each other. As for Windows Control Firewall, I don’t think it’s possible too, and even if anything happens, you can just reset all the settings via the application itself. You can even restore the state of WF as it was before the installation of Windows Control Firewall.

Thanks for the recommendation, I just today created an account and saw that this is the latest topic

i understand what @3QVvxrhnYZ is saying that Portmaster comes with a lot of features, but it is designed to not be opened and just run on its own - with regular filter list updates and so on.

yes we do offer advanced features behind a pay wall, but everything privacy is free for everyone!
and a good business model is important to keep the software actively developed and aligned with the users.

What i don’t like about windows firewall UI applications like simple wall is that they can’t restrict apps, as you said its an yes/no per app, not an yes but without trackers or Facebook or…

and the addition of secure DNS is a plus in my book

I of course am biased here so take my comment with a grain of

I would love to see Portmaster listed on PG in the secure DNS section

Checking out Windows Firewall Control and it looks like it has been acquired by Malwarebytes who states: “…not to worry—we will maintain, support, and keep Binisoft products free for everyone in the short term.” Ah well. https://www.binisoft.org/

No, everything you’ve said is valid x)

As for the browser, blocking trackers can be achieved simply by setting a DNS like NextDNS or AdGuard.
As for the desktop apps— I agree, that’s where Portmaster can help. If one has some desktop app installed which comes with commonly used trackers, then Portmaster’s filters can block them, without blocking the app’s connection entirely. It’s not my use-case, however, as I don’t have any apps that have trackers, and I entirely block internet access for the apps that ask for it but don’t need it to function. + I have a DNS with filtering set in the router, so filtering happens on the router level for all devices (another home solution for tech-savvy tinkerers is to use Pi-hole), so Portmaster’s local filtering is redundant for me.
As I said, one can use Portmaster if they need its advanced features, and not a dumb “yes/no” firewall, as Windows Firewall Control or simplewall.

That whole Malwarebytes acquisition case, and telemetry-concerns related to it, have been addressed by the developer:

1
2
3
4

And a quote from here:

WFC is on GitHub but on a private repository, not available to public.

As for the minimal telemetry: WFC can be blocked from accessing the internet [when it asks for it for the first time] by WFC itself, so no telemetry is possible:

wtc1099×21 2.01 KB

The following data is sent once a day to Malwarebytes: program version, os version, os architecture (x64, x86), os language (english, german, etc), filesystem (ntfs, fat32), process run as administrator or not, computer is joined into a domain or not, machine id. No personal data is collected. These are used for statistics data to see how many users of WFC exist. Depending on the number of existing users, WFC will continue to receive new features or not. A reduced number of installations will probably stop the development of WFC, a large number will probably continue the development.

I second Simplewall, it’s quite effective and really easy to use. I was not aware of the attitude of the developer but I don’t think we should be making decisions based on that. If the product works and is getting maintained properly, that’s all that matters.

For example, the folks at Portmaster have been extremely nice and patient with their users. I got the Pro subscription way back when it was in the kickstarter phase, but unfortunately I never really liked it for similar reasons that @3QVvxrhnYZ mentioned: awkward interface hard to make sense of, needs a lot of setup and tuning, random connection issues, etc. Sorry @Raphty

It should be noted that Simplewall wrongly breaks Windows Update by default.
Be sure to enable it again: GitHub - henrypp/simplewall: Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.

edit: apparently fixed

edit edit: maybe not, double check it

No, by default simplewall doesn’t interfere with Windows Update. Recently I’ve done several fresh Windows installations, and likewise several fresh simplewall installations. By default everything works normally. If there was such an issue in the past — it got fixed most likely.

This is my setup here.
I have Simplewall as a simple whitelist program to allow programs to access the Internet if needed. It’s really fast and light.
I have Portmaster running as a more advanced filter similar to how Glasswire or Adguard Desktop works. I can see which websites or IP addresses programs send info to and shut them off from there. However, Portmaster really is resource-heavy, and has some funky behavior with Hyper-V VMs. Have had to restart my PC many times after shutting down and starting up Portmaster again due to the network adapter just going kaput

Why use two firewalls? Why just not use Portmaster (as you need its features) for blocking internet access for apps?

If the product doesn’t have an equivalent and it is something which is needed, then yes it probably shouldn’t affect the decision of whether to use it or not.

But when there are similar tools available and the developer’s response to “hey why does your program show up as a virus” is literally"i don’t care", then it sure as hell is a factor. It is unprofessional and erodes the users trust in the developer. Which in the case of FLOSS is everything for people like me that know next to nothing about programming.

@SkewedZeppelin
Just to be clear, it was turned off on my (up to-date) version, so should I turn it on or not?