The firewall is one of the most important security features in a computer environment.
In the classic sense, a firewall is set up on an appliance, such as a computer that fulfills just a single, narrowly defined task — those found in companies, public authorities, and scientific institutions, for instance. A firewall of this type monitors the connection between two networks, such as the internal LAN and the internet, to prevent against unauthorized access.
There are also personal firewalls such as the one that’s preconfigured in Windows, or available as freeware or as a paid software solution.
In contrast to a classic firewall, a personal firewall does not protect an entire network, but only the individual computer on which it is installed. It’s the barrier that prevents any harmful elements from accessing the files that you have stored locally.
The Windows firewall
Microsoft calls the integrated Windows firewall the Windows Defender Firewall. This is the most important thing to know about the Defender Firewall:
As the configuration of a firewall is a complex matter and requires a lot of prior knowledge from the user, Microsoft has defined three standard configurations for the Defender firewall.
Which of these is activated depends on the selected network profile.
If you select the public profile in the Windows Settings under “Network and Internet,” Windows seals off the computer from the outside world. In this case, the computer cannot be found on the network and it is not possible to share files and printers with other users.
If you are not connected to a domain, you can choose between two network profiles in Windows, “Public” and “Private.” If you select “Public,” Windows largely closes the doors.
Chris Hoffman / IDG
However, if you set the private profile, you can share folders, files, and printers with others and use apps for internal communication.
Windows also provides a domain profile for professional networks.
Windows Firewall in practice
The Windows firewall is active immediately after the operating system is installed and analyzes all incoming data packets to determine whether they have been requested by an application.
This is called Stateful Packet Inspection (SPI), so the Windows firewall is a Stateful Packet Inspection firewall.
However, programs such as Facebook Messenger or remote maintenance tools such as Teamviewer would not work if they were unable to receive unsolicited messages or calls. When they are installed behind a firewall, they therefore open one or more ports via which they receive incoming messages.
They also customize other firewall settings. Readjustment by the user is not necessary.
Teamviewer and other applications that react to signals from outside set the Windows firewall accordingly during installation.
Foundry
Verdict on the Defender firewall
The Windows firewall protects the computer from malware that has infiltrated another PC and now wants to spread via the network. It is therefore strongly recommended not to deactivate it.
However, at least in the default setting, it cannot prevent malware that has managed to infect one computer from trying to spread it to other PCs. Specialized firewall applications can do this better.
Firewalls from third-party manufacturers
The Comodo firewall can block applications, hide the PC in the network, and list which programs are currently connected to the internet. However, it only comes in a complete package with an antivirus program.
Comodo
If you travel a lot and use your notebook to connect to other people’s LAN and WLAN networks, you naturally have no control over the router settings.
In this case, we recommend using a third-party firewall. The Comodo Firewall, which is sold as part of the Comodo Internet Security package, is widely used. Unfortunately, the package can only be installed as a whole, and the setup also includes the Comodo antivirus program.
Once the installation is complete, click on the shield icon labelled “Protection” on the left-hand side and click on “Firewall” in the next window.
You can then prohibit or allow applications to connect to the internet, you can block incoming connections via port blocks or have them reported, you can manage your network connections and the active connections to the internet.
If you are travelling and in a foreign WLAN, for example, it is advisable to hide the ports and only allow the applications that you actually need.
In some cases, you may need to allow several program files to access the internet. You can often find information on this from the manufacturer or in the help forums on the internet.
Mobile PCs require a more comprehensive protection function than stationary computers. A more configurable and feature-rich firewall from a third-party manufacturer is recommended for them.
Sandbox for isolation
Sandboxes are a component of many personal firewalls. Under “Protection,” you can access Comodo’s sandbox function, which is called “Containment” here. A sandbox is used to run individual, selected applications in a closed memory area where it cannot cause any damage to the rest of the PC.
In a sandbox, for example, suspicious downloaded EXE files and other programs can be executed without the user having to worry about catching a virus.
You must first activate the Windows sandbox via “Programs and Features” in the Control Panel.
Foundry
Windows Pro also has a sandbox, but you have to activate it first. (It’s not available for Windows Home.) To do this, open the Control Panel and go to “Programs and Features” in the icon view. In the following window, click on “Enable or disable Windows features,” scroll down, and tick the box next to “Windows sandbox.”
After confirming with “OK,” Windows installs some files and then reboots. After logging in, you will see a window with a second Windows desktop. To test programs there, you can copy them to the sandbox using the clipboard.
You can close the sandbox window like any other window. To open it again, enter Windows Sandbox in the search field of the taskbar and press Enter.
Professional firewall for home use
Professional firewalls usually run on appliances, i.e. their own hardware, and therefore cost several thousand dollars.
However, there is a cheaper option: The free open-source firewall Ipfire is also available for the Raspberry Pi from version 4b with 1GB RAM and more.
The software can shield entire networks from the outside world, is easy to use, and even offers an optional intrusion detection system (IDS) that monitors for changes that are typically caused by malware. With IDS, however, the memory expansion should be 4GB or more.
This article originally appeared on our sister publication PC-WELT and was translated and localized from German.
