Welcome
Welcome to vistafirewallcontrol

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today!

Malware Protection

Malware Protection

Postby Alice Springs » Mon May 22, 2017 11:45 am

Since System and Host Processes for Windows Services are in the EnableAll zone in W10FC Free, do I need to upgrade to protect Windows 7 from malware attacks?
Alice Springs
 
Posts: 43
Joined: Wed May 10, 2017 10:59 am

Re: Malware Protection

Postby VistaFirewallControl » Tue May 23, 2017 10:57 am

Malware protection is a bit different subject beyond pure network connectivity protection (firewall)
So a malware related decision is rather independent and up to you.
If you feel your system can be weak in terms of malware, you should have an anti-malware related system running and updated.

In the terms of network connectivity protection with WxFC Free (with system apps enabled) we recommend using Windows (native) Firewall (WF). In spite of it's hard to configure for outgoing connection, WF will protect you against unwanted incoming connections by default (WF policy/rules review is recommended though)
VistaFirewallControl
Site Admin
 
Posts: 1479
Joined: Fri Mar 27, 2009 11:25 am

Re: Malware Protection

Postby Alice Springs » Tue May 23, 2017 12:06 pm

The reason I asked this was because I read on your website:
If you accidentally obtained a fresh malware installed, the program may be not detected by an antivirus. The antivirus database updates are fast and regular typically, but the update can not be immediate. Windows 10 Firewall Control is nearly the only way to detect and stop the malware activity.

I think I it would be better if I used the Plus or Network/Cloud versions. Since I do not have a network, only a single computer and no other devices, the only thing that the Network/Cloud version would add (if I read correctly) is HostProcess individual instances protection.

Does Windows 7 have individual instances of HostProcess?

Thank you for helping me make a decision of which version I should try.
Alice Springs
 
Posts: 43
Joined: Wed May 10, 2017 10:59 am

Re: Malware Protection

Postby Alice Springs » Tue May 23, 2017 12:25 pm

I should add that what I really need is not preventing infections, but knowing if my system has been infected. As long as I know this I can always restore a previous, non-infected, system image.
Alice Springs
 
Posts: 43
Joined: Wed May 10, 2017 10:59 am

Re: Malware Protection

Postby VistaFirewallControl » Tue May 23, 2017 12:47 pm

>If you accidentally obtained a fresh malware installed, the program may be not detected by an antivirus. The antivirus database updates are fast and regular typically, but the update can not be immediate. Windows 10 Firewall Control is nearly the only way to detect and stop the malware activity.

That's true when already got a malware. Its activity will be detected by the firewall as a new application most probably, so you will notice that.
The firewall can prevent from malware obtaining as well, but for that purpose more flexible rules will be required (so rather Plus version). You should understand some basics to configure the rules properly. Any firewall in the final analysis is a tool to configure, not a single click "protect me" solution. Any firewall is as good as the filtering rules inside.


>I think I it would be better if I used the Plus or Network/Cloud versions.

For sure if it's affordable.

>Since I do not have a network, only a single computer and no other devices, the only thing that the Network/Cloud version would add (if I read correctly) is HostProcess individual instances protection.


Not only. Net/Cloud allows per-user rules settings generally
So (say so) InternetExplorer for userA can have permissions different from InternetExplorer for userB

>Does Windows 7 have individual instances of HostProcess?

Individual HostProcess instances based implementation starts from WindowsXP or even sooner.
So Windows7 have at least 4 of them.

>Thank you for helping me make a decision of which version I should try.

If you are the only user of your PC and do not need to distinguish HostProcess instances, probably Plus is the right choice.

>I should add that what I really need is not preventing infections, but knowing if my system has been infected. As long as I know this I can always restore a previous, non-infected, system image.

So the firewall with strict rules definitions and periodic auditing of what was allowed finally.
VistaFirewallControl
Site Admin
 
Posts: 1479
Joined: Fri Mar 27, 2009 11:25 am

Re: Malware Protection

Postby Alice Springs » Tue May 23, 2017 1:30 pm

>Not only. Net/Cloud allows per-user rules settings generally

Thanks for the info. I am the only user, so that does not pertain.


>Individual HostProcess instances based implementation starts from WindowsXP or even sooner.
>So Windows7 have at least 4 of them.

>If you are the only user of your PC and do not need to distinguish HostProcess instances...

I don't know enough to know what distinguishing HostProcess instances would accomplish. Would you please explain.


Thank you once again.
Alice Springs
 
Posts: 43
Joined: Wed May 10, 2017 10:59 am

Re: Malware Protection

Postby VistaFirewallControl » Tue May 23, 2017 2:05 pm

>I don't know enough to know what distinguishing HostProcess instances would accomplish.

HostProcess is a friendly the name of svchost.exe (ServiceHost).
So it hosts a lot various system native services (about 10 in Windows7 and probably more in Windows 8/10).
Every service is responsible for its specific operation.
For instance the Server service provides with ability to share disks and printers to other computers.
The WorkStation service allows connecting to the shares.
WindowsUpdate service is responsible for Windows updates.
etc

Every such service will be listed in TaskManager and you can see them all as svchost.exe processes.

Different svchost processes/instances are launched in the name of different users (User Name column of TaskManager shows that)
WxFC can't distinguish every process/instance individually, but distinguishes users launched the instances.

So the user SYSTEM will have several instances of svchost, users as NETORK SERVICES, LOCAL SERVICE have them too.
WxFC Net/Cloud can set permissions for such instances groups individually.

Some of the by-user svchost group are not network active, for instance svchost instances belonging to LOCAL SERVICES user are not network active, they local by definition.
Oppositely NETWORK SERVICES owned by svchost are network active.

What per-user permission can do for you.
You can disable network operations of svchosts from LOCAL SERVICES.
If the case something odd happens with an svchost for LOCAL SERVICES, it will disabled from the network by the firewall.
You can also set different permissions for svchosts for SYSTEM and NETWORK SERVICES,
so manage shared disks access independently from Windows Update for instance.

The svchosts per-user grouping may vary from one Windows version to another.
The above is just the original principle.
WxFC Net/Cloud includes (and may apply automatically) some reasonable presets for different per-user HostProcess/svchosts instances.

So in general the above gives you a more fine grain control over the native system activity.

Hope that helps
VistaFirewallControl
Site Admin
 
Posts: 1479
Joined: Fri Mar 27, 2009 11:25 am

Re: Malware Protection

Postby Alice Springs » Tue May 23, 2017 2:52 pm

>Hope that helps

It helps very much.

>>I think I it would be better if I used the Plus or Network/Cloud versions.
>For sure if it's affordable.

It's affordable, so I am going to I am going to purchase the Network/Cloud version as soon as I have posted this.
Alice Springs
 
Posts: 43
Joined: Wed May 10, 2017 10:59 am


Return to What is VistaFirewallControl, features

Who is online

Users browsing this forum: No registered users and 0 guests

suspicion-preferred