Just use simplewall or safing portmaster, no point of getting bitdefender when the reviews are mostly SEO spam and they’ll likely kept trying to upsell you to their AV. And no point paying for glasswire when simplewall/portmaster works perfectly fine
1 Like
This is a topic I am very much interested in. Frankly, I am convinced I must be searching for a unicorn, since I haven’t really been satisfied with any of the firewalls I’ve tried.
I feel like I could talk at length about it, but my impressions boil down to:
SimpleWall: What I use now, small, lean, and effective, but with a poor UI and somewhat confusing settings.
Glasswire: Excellent UI for its network monitor component and handy extra features, but with a concerning privacy policy and seemingly watered down firewall compared to SW.
NetLimiter: The rule system seemed kind of complicated and I think the notification system was worse than SimpleWall’s. I prefer a “default block all and ask me” approach, but it failed to register some apps and would block them not only without asking me, but without even registering them in the UI for me to apply rules to manually.
TinyWall: This could be good, but the “block without asking” approach is the opposite of what I want.
Comodo Firewall: Bloated with nonsense. This could be user error on my part. But I followed the link people said to use if you want only the firewall and not the antivirus bundled with it, and even then, when I opened the firewall, it still came with a quarantine and other entirely unnecessary things.
Fort Firewall: I really wanted to try this one, but you have to disable core isolation 
Windows Firewall Control: I briefly tried this. Honestly it seemed like a pretty good option, but I didn’t like it more than SimpleWall. It’s also closed source, and although you can block it, it sends some usage data back once a day.
Portmaster: Honestly, this was by far my favorite in many ways. But every time I ran it I had crippling performance issues. I participated for a while in a GitHub issue about it, but I ultimately lost hope it would be fixed (I say this with all due respect to the very talented devs who work on it!). Moreover, that’s before I even began to try to make it work with ProtonVPN, which ultimately I would have to do. And I also do not want it to touch my DNS settings, as I would prefer to blend in with other ProtonVPN users as someone using Proton’s DNS. I am aware as to this last point you can force Portmaster to use system default DNS, but the other issues preclude getting to this point.
That last bit is also what basically rules out DNS based solutions for me too, like NextDNS type stuff.
In an ideal world, I’d like to see something (1) open source (2) with a SimpleWall-like firewall (3) and a GlassWire-like UI (4) that doesn’t send back telemetry. I would not mind paying for a good option though, even a subscription fee. Its nice seeing what others have to say on the topic though, and I can only hope more options arrive and existing options continue to improve.
And don’t even get me started on the downright ABYSMAL options for a firewall on Android…
2 Likes
I appreciate your reply!
I have experience with Netlimiter Pro from a few years ago and it worked great at monitoring my download and upload speeds and limiting the speeds but I’m not sure if it would work well as a dedicated firewall?
The inbuilt Windows 10 Firewall still doesn’t work for me even when I block VLC from contacting the Internet, VLC was still able to download the most recent update… 
To me, Glasswire seems like the best option?
Edited:
I’m still hoping somone can help me with how effective a Linux firewall hardware device is when there’s a Windows 10 PC on the network that has a trojan installed and is sending personal information back to someone on the Internet???
I’m not sure how that’s possible, unless you misconfigured the built-in firewall – I just did a test blocking all outbound connections for the vlc executable and it just errored out when checking for updates without downloading anything until I removed the rule blocking it
1 Like
I’ve tried using the inbuilt Windows Firewall and it just doesn’t work for me. I’m running a genuine copy of Windows 10 Pro.
Perhaps it’s better in Windows 11 Pro???
Regarding Net Limiter:
I had a great experience with this App but I’m not sure it will be restrictive enough to work as an effective firewall.
I’m writing an email to the developers now.
I’ll report back here.
Is your rule exactly like the above? The screenshots are from win11 enterprise/edu but fundamentally, later versions of win10 are very similar to win11 so I wouldn’t expect the firewall to be dramatically different
1 Like
I think your issue might be something else that hasn’t been properly identified yet. VLC shouldn’t update automatically, it should prompt you to update when you open it, but you can reject the prompt. In fact, in the preferences menu you can disable update checks completely.
Your comments make me wonder if you have some 3rd party software managing your apps like a Microsoft Azure domain, an installation manager like Chocolatey (or some other update manager program), or if you installed VLC through the Microsoft Store (in which case it would be updated by the MS Store’s connections, which would explain why blocking vlc.exe in your firewall has had no effect.)
Also, if it’s the little Christmasy things that bother you, those are probably built directly into the VLC app and get activated at certain times of year, not triggered through app updates. Try putting your PC in airplane mode and setting your system clock to Dec 25th to see if it appears (or conversely, set it to sometime in June to see if it goes away).
2 Likes
I’ve switched between Tinywall and Simplewall for years, if not a decade. I originally liked that simplewall had a pop-up (I think), but apparently that’s gone. Simplewall, without a popup, is more confusing than Tinywall. I like that Tinywall blocks by default so that something bad doesn’t get an opportunity. I thought simplewall was the same, but apparently not. I installed Creality Print and was surprised it could access the Internet easily. I then tried creating a rule, unsuccessfully. I then posted it on their Github and I can confirm the developer is a class A asshole. If I can’t trust a developer, can I trust their firewall? I’ve permanently removed simplewall from memory and eventually all my computers. Now it’s between Tinywall and Portmaster. It seems Portmaster is still having some growing pains but I’m very happy with Tinywall. Unlike simplewall, you can actually see a list of connections, and blocked apps. If an app isn’t working, you can easily find it in the list and unblock it. Finding a particular app in simplewall is a nightmare.
1 Like
I appreciate your reply!
This issue is really serious and remains unsolved so I’m going to retry the in-built Windows 10 firewall on my Windows 10 Pro PC.
I appreciate your reply!
You’re correct that my VLC doesn’t automatically update, but since it’s able to check for updates that means that it can access the Internet otherwise it would give an error like “Not connected to internet”.
I don’t have any 3rd party software managing my Apps as I’ve tried to keep my Windows 10 PC as lean as possible.
I’m 99% sure I didn’t install VLC from the MS Store but I installed VLC so many years ago now…
Also, if it’s the little Christmasy things that bother you, those are probably built directly into the VLC app and get activated at certain times of yea
[/quote]
Okay I see!
I just assumed that VLC was accessing the Internet and being told to add that “Christmas thingy” to my VLC App!
I really used to think having a dedicated Linux distro firewall would be a great guardian, but now I know that it would only take one single app on one of my Windows PC’s to have a backdoor that connected to someone on the Internet to destroy the security of my whole home network.
It just seems so easy for a Windows app to send off a user’s personal information to the Internet…
That’s a general problem with unsandboxed apps. On Linux it’s not different. If you use a sudo account for everyday use, it’s even easier for malicious apps to manipulate firewall rules than on Windows.
2 Likes
I appreciate your reply!
What’s the best way to sandbox an App in Windows 10 Pro?
This may be helpful for others: It’s worth paying extra for Windows 10/11 Pro over Home Edition because it gives the user more control over what data is sent to Microsoft.
Edited:
I’m looking at this now but I’m not sure this is what Privacy Guides Community recommends: Windows Sandbox - Windows Security | Microsoft Learn
Not using Windows.
1 Like
I appreciate your reply!
Woah, I just checked the recommendations for ‘Operating Systems’ and you’re right! There’s a recommendation for all the major OS’ except for Windows!
Edit:
Is the official sandbox App from Microsoft not even worth using???
The only official recommendations are Linux and Android (GrapheneOS, DivestOS), however there are knowledge base articles about other OSes. A windows one might be coming soon based on the work of a few users on this forum. However, I would recommend using Linux, as many things are compatible nowadays or can be run using Wine. If you still need windows, you could always dual boot and Distros like Fedora make Linux easy and painless to use.
1 Like
I appreciate your reply.
I’m just really surprised that there is no sandbox recommendation for Windows since it has by far the highest market share.
Keeping inline with staying with Microsoft products, the sandbox App/Feature from Microsoft must be the best for Windows?
Edit:
Does anyone have experience with the Microsoft Sandbox App?
Is it safe for me to install that Microsoft Sandbox App located here?: Windows Sandbox - Windows Security | Microsoft Learn
According to this,
there are different types of firewalls, but forum members are comparing them as if they were alike, or that a simple firewall is as good (“it just works”) as the opposite.
Some allow or deny apps, etc., from accessing the net or other devices. Others look at the data passed and then drop those that don’t meet certain criteria, and so on.
If it’s simply default-deny, and you have to figure out what to allow, then how do you know that you’re doing the right thing? If it checks things like digital signatures, then how do you know that approved apps aren’t passing along malware?
2 Likes
I appreciate your reply!
Welcome to the community!
I’m examining Glasswire again and they now offer their Android software firewall for free with all the premium features: