Firewalls for 64 bit Windows 7

Peter Parker

Formerly Geronimo
Original poster
Supporting Founder
Lifetime Supporter
Sep 9, 2003
12,308
2,007
When I first went to the 64 bit version of Windows 7 I tried Zone alarm but could not even gt itt o install properly and abandoned that. I was using the 64 bit version of Comodo but got tired of the incessant popups (it never seemed to remember that I had authorized certain programs to do certain things) as soon as I abandoned it certain problems went away (slow install of certain windows updates, an inability to install a particular printer driver etc).

I have been using the firewall that comes with Windows 7 but was curious about what others might be using and what positive or negative experiences they have had.
 
Duly noted. In fact I should have mentioned both that I am pleased with the windows firewall so far and that I would primarily be interested in free alternatives. But any advice or comments would be welcomed.
 
Yeah I heard that the Windows Firewall is sufficient for most user's needs, especially since most computers nowadays are behind router based firewalls as well.
 
How much of a firewall does one need? If you are behind a NATed router, you are pretty secure from outside attacks. One really needs a strong antivirus since that is the most likely attack. A strong firewall might discover that your machine is compromised after the fact, but would probably not prevent the attack.

The only situation that might come up is if one machine on your network gets compromised and starts to assualt other machines on the network.

The most effective defense for Win7 is to have an administrator password, and not run as an administrator. Having to type in a password in the pop up dialog for admin privs keeps your machine much safer.
 
Symantec Endpoint Protection works fine on Windows 7 64-bit. It includes a firewall among other things.
 
Although I haven't used one with Win7...but I prefer the very picky firewalls that ask your for EVERY single program that tries to use the internet for the first time. You'd be surprised how many apps "call home". I denied every one of them.

I've actually been thinking of installing one on my Win7 machine since I hate the built in one.
 
If you are behind a NATed router, you are pretty secure from outside attacks. One really needs a strong antivirus since that is the most likely attack.
This is wrong on many levels:

Most successful attacks are now Internet client script based. AV solutions alone are of little help here.

AV solutions typically monitor disk files while most of these attacks are based on scripts loaded directly into memory from the Internet.

NAT offers little protection for client applications that can be programmed remotely in Java or Javascript to reach out across the Internet.
 
Although I haven't used one with Win7...but I prefer the very picky firewalls that ask your for EVERY single program that tries to use the internet for the first time. You'd be surprised how many apps "call home". I denied every one of them.

I've actually been thinking of installing one on my Win7 machine since I hate the built in one.


Which one?? 32 or 64 bit?
 
Although I haven't used one with Win7...but I prefer the very picky firewalls that ask your for EVERY single program that tries to use the internet for the first time. You'd be surprised how many apps "call home". I denied every one of them.

I've actually been thinking of installing one on my Win7 machine since I hate the built in one.

The windows 7 firewall asks whenever a new program wants to talk. You have the option of setting private network only or public. So, if you are on laptop and are on public wifi the programs you do not trust are not allowed to talk. You can go into the firewall at any time and there are 2 checkboxs beside every program. One for public network one for private (home/office). Editing is easy with the checkboxes.
 
Sunbelt's software Vipre anti-virus and firewall now works for 64-bit Windows; I have the anti-virus, but turned off the FW; I did not need it. But it seems full-featured. Vipre has been a decent security software package; and at $50 for a whole-house license, is a deal.
 
Sunbelt's software Vipre anti-virus and firewall now works for 64-bit Windows; I have the anti-virus, but turned off the FW; I did not need it. But it seems full-featured. Vipre has been a decent security software package; and at $50 for a whole-house license, is a deal.

I was going to mention this package. I am pretty impressed with it and when I am at home I keep the FW off, but it's nice to have when out and about. I like it much better than the win 7 firewall. Love the volume licensing for the home too. 3 computers or 20, one price for home.

What impresses me most is the MX-V malware component.
 
This is wrong on many levels:

Most successful attacks are now Internet client script based. AV solutions alone are of little help here.

AV solutions typically monitor disk files while most of these attacks are based on scripts loaded directly into memory from the Internet.

NAT offers little protection for client applications that can be programmed remotely in Java or Javascript to reach out across the Internet.

I took what Mike said to be that you are safe from attacks from the outside, which I agree with. If you are behind a NATed router, no-one will be able to use an obscure port to connect to your computer. Use ShieldsUp at grc.com to check this yourself.

The most inportant things to keep yourself from being infected are:
  • Always update Windows, IE, Firefox, Chrome, Flash, PDF reader, etc. If you don't update, vulnerabilities will be used to infect you.
  • Always be aware of what you are doing. If a web page tells you you need to update Flash, type adobe into the address bar and do not click the link on the webpage to update flash.
  • Look at the url to verify you are at the website you think you are at. (youtube.com not youtube.sorta.com)
  • Do not download from or run programs from sites you are not confident of.

The windows firewall should be pretty good. I found a review of some free firewalls here: Top 5 Free Windows Firewall. If you want to try out a full powered coorporate firewall for free, Astarto (Astaro Internet Security - Simplifying Network, Mail & Web Security) offers their firewall free for non-commercial home use. I have never tried it, and I believe you would need a separate box just to run the firewall.
 
You'd be surprised how many apps "call home". I denied every one of them.
There is a danger in denying every one of them: many of these Internet access requests come from important program components (e.g. Java, Adobe plugins, etc.) checking for version updates, including urgent security patches. If you don't allow programs to check for updates, then your system may not be up-to-date and you might be running a much higher risk.

Most of the virus infections that affected my relatives, friends and colleagues in the past couple of years came through unpatched plugins (particularly, outdated Flash plugins), and could've been avoided if the up-to-date versions were installed.
 
I took what Mike said to be that you are safe from attacks from the outside, which I agree with.
That's fine for thwarting individual hackers, but the most dangerous threats come through browsers and browser helpers (hence your advice to keep the clients up-to-date).

Even with the latest browsers, socially engineered scripts are awfully good at getting otherwise safe users to panic and open up a can of whoop-ass on themselves.
 
There is a danger in denying every one of them: many of these Internet access requests come from important program components (e.g. Java, Adobe plugins, etc.) checking for version updates, including urgent security patches. If you don't allow programs to check for updates, then your system may not be up-to-date and you might be running a much higher risk.

Most of the virus infections that affected my relatives, friends and colleagues in the past couple of years came through unpatched plugins (particularly, outdated Flash plugins), and could've been avoided if the up-to-date versions were installed.

I don't deny the ones that are supposed to use the internet. But if I'm using some app that converts say movie files. I don't need it calling home. It's my internet connection and I'm going to control what uses it. If I wanted the app to call home I'd hit the check for updates button or go to their website.
 
I don't deny the ones that are supposed to use the internet. But if I'm using some app that converts say movie files. I don't need it calling home. It's my internet connection and I'm going to control what uses it. If I wanted the app to call home I'd hit the check for updates button or go to their website.
That's fine, if you know what you are doing and if you have discipline to check for updates manually on a regular basis, at least once a month. Unfortunately most of the users out there don't do that on a regular basis, or don't even know how to do that. (How do you manually check for Flash plug-in patches, for example?) So, for most computer users out there it would be safer not to block the outgoing Internet traffic (applications "calling home"), rather than block it completely and risk not having security updates installed. That's my point.
 
I took what Mike said to be that you are safe from attacks from the outside, which I agree with. If you are behind a NATed router, no-one will be able to use an obscure port to connect to your computer. Use ShieldsUp at grc.com to check this yourself.

The most inportant things to keep yourself from being infected are:
  • Always update Windows, IE, Firefox, Chrome, Flash, PDF reader, etc. If you don't update, vulnerabilities will be used to infect you.
  • Always be aware of what you are doing. If a web page tells you you need to update Flash, type adobe into the address bar and do not click the link on the webpage to update flash.
  • Look at the url to verify you are at the website you think you are at. (youtube.com not youtube.sorta.com)
  • Do not download from or run programs from sites you are not confident of.

The windows firewall should be pretty good. I found a review of some free firewalls here: Top 5 Free Windows Firewall. If you want to try out a full powered coorporate firewall for free, Astarto (Astaro Internet Security - Simplifying Network, Mail & Web Security) offers their firewall free for non-commercial home use. I have never tried it, and I believe you would need a separate box just to run the firewall.

I found that article too. Several of those firewalls are not 64 bit and two are amoung the ones I mentioned having problems with.
 
As with most things Microsoft, if you know what you are doing the windows 7 firewall works great. But, it does depend on you knowing if something is fishy and disapproving of the network connection. It does not automatically try to recognise a virus or malware attempting to call home, it will just ask you instead.
 
Top