Windows Firewall

Last updated
Windows Firewall
Other namesMicrosoft Defender Firewall
Windows Defender Firewall
Internet Connection Firewall
Developer(s) Microsoft
Operating system
Service nameMpsSvc
Type Personal firewall

Windows Firewall (officially called Microsoft Defender Firewall in Windows 10 version 2004 and later) is a firewall component of Microsoft Windows. It was first included in Windows XP SP2 and Windows Server 2003 SP1. Before the release of Windows XP Service Pack 2, it was known as the "Internet Connection Firewall."

Contents

Overview

When Windows XP was originally shipped in October 2001, it included a limited firewall called "Internet Connection Firewall". It was disabled by default due to concerns with backward compatibility, and the configuration screens were buried away in network configuration screens that many users never looked at. As a result, it was rarely used. In mid-2003, the Blaster worm attacked a large number of Windows machines, taking advantage of flaws in the RPC Windows service. [ dead link ] Several months later, the Sasser worm did something similar. The ongoing prevalence of these worms through 2004 resulted in unpatched machines being infected within a matter of minutes. [1] Because of these incidents, as well as other criticisms that Microsoft was not being active in protecting customers from threats, Microsoft decided to significantly improve both the functionality and the interface of Windows XP's built-in firewall, rebrand it as Windows Firewall, [2] and switched it on by default since Windows XP SP2.

One of three profiles is activated automatically for each network interface: [3]

Security log capabilities are included, which can record IP addresses and other data relating to connections originating from the home or office network or the Internet. It can record both dropped packets and successful connections. This can be used, for instance, to track every time a computer on the network connects to a website. This security log is not enabled by default; the administrator must enable it. [4]

Windows Firewall can be controlled/configured through a COM object-oriented API, scriptable through the netsh command, [5] through the GUI administration tool [6] or centrally through group policies. [7] All features are available regardless of how it is configured.

Versions

Windows Neptune

In the unreleased Windows Neptune, the firewall was introduced[ citation needed ]. It is similar to the one found in Windows XP. [8]

Windows XP

Windows Firewall settings in Windows XP Service Pack 2. Windows Firewall XP SP2.png
Windows Firewall settings in Windows XP Service Pack 2.

Windows Firewall was first introduced as part of Windows XP Service Pack 2. Every type of network connection, whether it is wired, wireless, VPN, or even FireWire, has the firewall enabled by default, with some built-in exceptions to allow connections from machines on the local network. It also fixed a problem whereby the firewall policies would not be enabled on a network connection until several seconds after the connection itself was created, thereby creating a window of vulnerability. [9] A number of additions were made to Group Policy, so that Windows system administrators could configure the Windows Firewall product on a company-wide level. XP's Windows Firewall cannot block outbound connections; it is only capable of blocking inbound ones.

Windows Firewall turned out to be one of the two most significant reasons (the other being DCOM activation security) [10] that many corporations did not upgrade to Service Pack 2 in a timely fashion. Around the time of SP2's release, a number of Internet sites were reporting significant application compatibility issues, though the majority of those ended up being nothing more than ports that needed to be opened on the firewall so that components of distributed systems (typically backup and antivirus solutions) could communicate.

Windows Firewall added IPv6, which was not supported by its predecessor, Internet Connection Firewall. [11]

Windows Vista

Windows Vista improved the firewall to address a number of concerns around the flexibility of Windows Firewall in a corporate environment: [12]

Windows Server 2008 and Windows 7

Windows Server 2008 contains the same firewall as Windows Vista. The firewall in Windows Server 2008 R2 and Windows 7 contains some improvements, such as multiple active profiles. [13]

Windows 10

Changes to this component in Windows 10 are:

See also

Related Research Articles

<span class="mw-page-title-main">Windows XP</span> Sixth major release of Windows NT, released in 2001

Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and business users and Windows Me for home users, and is available for any devices running Windows NT 4.0, Windows 98, Windows 2000, or Windows Me that meet the new Windows XP system requirements.

<span class="mw-page-title-main">Windows 2000</span> Fifth major release of Windows NT, released in 2000

Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and designed for businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officially released to retail on February 17, 2000 and September 26, 2000 for Windows 2000 Datacenter Server. It was Microsoft's business operating system until the introduction of Windows XP Professional in 2001.

<span class="mw-page-title-main">Windows Server 2003</span> Third version of Windows Server, released in 2003

Windows Server 2003, codenamed "Whistler Server", is the second version of the Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2003. Windows Server 2003 is the successor to the Server editions of Windows 2000 and the predecessor to Windows Server 2008. An updated version, Windows Server 2003 R2, was released to manufacturing on December 6, 2005. Windows Server 2003 is based on the consumer operating system, Windows XP.

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft Corporation which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software.

<span class="mw-page-title-main">Windows Messenger service</span> Local network notification service for Microsoft Windows

Messenger service is a network-based system notification Windows service by Microsoft that was included in some earlier versions of Microsoft Windows.

<span class="mw-page-title-main">Windows Vista</span> Seventh major release of Windows NT

Windows Vista is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on November 8, 2006, and became generally available on January 30, 2007, on the Windows Marketplace, the first release of Windows to be made available through a digital distribution platform. Vista succeeded Windows XP (2001); at the time, the five-year gap between the two was the longest time span between successive Windows releases.

<span class="mw-page-title-main">Windows Server 2008</span> Fourth version of Windows Server, released in 2008

Windows Server 2008, codenamed "Longhorn Server", is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on February 27, 2008. Derived from Windows Vista, Windows Server 2008 is the successor of Windows Server 2003 and the predecessor to Windows Server 2008 R2.

Network Access Protection (NAP) is a Microsoft technology for controlling network access of a computer, based on its health. It was first included in Windows Vista and Windows Server 2008 and backported to Windows XP Service Pack 3. With NAP, system administrators of an organization can define policies for system health requirements. Examples of system health requirements are whether the computer has the most recent operating system updates installed, whether the computer has the latest version of the anti-virus software signature, or whether the computer has a host-based firewall installed and enabled. Computers with a NAP client will have their health status evaluated upon establishing a network connection. NAP can restrict or deny network access to the computers that are not in compliance with the defined health requirements.

As the next version of Windows NT after Windows 2000, as well as the successor to Windows Me, Windows XP introduced many new features but it also removed some others.

<span class="mw-page-title-main">Microsoft Management Console</span> Component of Microsoft Windows

Microsoft Management Console (MMC) is a component of Microsoft Windows that provides system administrators and advanced users an interface for configuring and monitoring the system. It was first introduced in 1998 with the Option Pack for Windows NT 4.0 and later came pre-bundled with Windows 2000 and its successors.

<span class="mw-page-title-main">Quick Assist</span>

Quick Assist is a Microsoft Windows feature that allows a user to view or control a remote Windows computer over a network or the Internet to resolve issues without directly touching the unit. It is based on the Remote Desktop Protocol (RDP). It is complemented by Get Help, a feature introduced in Windows 10 that enables the user to contact Microsoft directly but does not allow for remote desktoping or screen sharing.

There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

<span class="mw-page-title-main">Security and Maintenance</span> Microsoft Windows software

Security and Maintenance is a component of the Windows NT family of operating systems that monitors the security and maintenance status of the computer. Its monitoring criteria includes optimal operation of antivirus software, personal firewall, as well as the working status of Backup and Restore, Network Access Protection (NAP), User Account Control (UAC), Windows Error Reporting (WER), and Windows Update. It notifies the user of any problem with the monitored criteria, such as when an antivirus program is not up-to-date or is offline.

Windows Vista contains a range of new technologies and features that are intended to help network administrators and power users better manage their systems. Notable changes include a complete replacement of both the Windows Setup and the Windows startup processes, completely rewritten deployment mechanisms, new diagnostic and health monitoring tools such as random access memory diagnostic program, support for per-application Remote Desktop sessions, a completely new Task Scheduler, and a range of new Group Policy settings covering many of the features new to Windows Vista. Subsystem for UNIX Applications, which provides a POSIX-compatible environment is also introduced.

In computing, Microsoft's Windows Vista and Windows Server 2008 introduced in 2007/2008 a new networking stack named Next Generation TCP/IP stack, to improve on the previous stack in several ways. The stack includes native implementation of IPv6, as well as a complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration settings that enables more dynamic control and does not require a computer restart after a change in settings. The new stack, implemented as a dual-stack model, depends on a strong host-model and features an infrastructure to enable more modular components that one can dynamically insert and remove.

Wireless Zero Configuration (WZC), also known as Wireless Auto Configuration, or WLAN AutoConfig, is a wireless connection management utility included with Microsoft Windows XP and later operating systems as a service that dynamically selects a wireless network to connect to based on a user's preferences and various default settings. This can be used instead of, or in the absence of, a wireless network utility from the manufacturer of a computer's wireless networking device. The drivers for the wireless adapter query the NDIS Object IDs and pass the available network names (SSIDs) to the service. The service then lists them in the user interface on the Wireless Networks tab in the connection's Properties or in the Wireless Network Connection dialog box accessible from the notification area. A checked (debug) build version of the WZC service can be used by developers to obtain additional diagnostic and tracing information logged by the service.

Windows XP and Windows Vista differ considerably in regards to their security architecture, networking technologies, management and administration, shell and user interface, and mobile computing. Windows XP has suffered criticism for security problems and issues with performance. Vista has received criticism for issues with performance and product activation. Another common criticism of Vista concerns the integration of new forms of DRM into the operating system, and User Account Control (UAC) security technology.

Some of the new features included in Windows 7 are advancements in touch, speech and handwriting recognition, support for virtual hard disks, support for additional file formats, improved performance on multi-core processors, improved boot performance, and kernel improvements.

Network Level Authentication (NLA) is a feature of Remote Desktop Services or Remote Desktop Connection that requires the connecting user to authenticate themselves before a session is established with the server.

References

  1. Lemos, Robert (August 17, 2004). "Study: Unpatched PCs compromised in 20 minutes". CNET . CBS Interactive.
  2. "Troubleshooting Windows Firewall settings in Windows XP Service Pack 2". Support. Microsoft. October 19, 2004. Archived from the original on October 20, 2004.
  3. "Network Location Awareness". TechNet . Microsoft. November 2, 2007.
  4. "Internet Connection Firewall security log". TechNet . Microsoft. January 21, 2005. Archived from the original on November 10, 2008.
  5. "Appendix B: Netsh Command Syntax for the Netsh Firewall Context". TechNet . Microsoft. December 17, 2004.
  6. "User Interface: Windows Firewall with Advanced Security". TechNet . Microsoft. January 20, 2009.
  7. "Deploying Windows Firewall Settings With Group Policy". TechNet . Microsoft. December 17, 2004.
  8. "Windows Firewall". Windows . Microsoft. Archived from the original on June 11, 2011. Retrieved 2015-11-30.
  9. "Manually Configuring Windows Firewall in Windows XP Service Pack 2". TechNet . Microsoft. February 2004.
  10. "Deploying Windows XP Service Pack 2 using Software Update Services". TechNet . Microsoft. August 18, 2004. Factors to consider when using SUS to deploy Windows XP SP2
  11. "To configure IPv6 Internet Connection Firewall". TechNet . Microsoft. February 2, 2006.
  12. "The New Windows Firewall in Windows Vista and Windows Server 2008". TechNet . Microsoft. January 2006.
  13. "What's New in Windows Firewall with Advanced Security". TechNet . Microsoft. October 26, 2009.

Notes

  1. ^ These multiple vulnerabilities were fixed by Microsoft over the course of several months; Microsoft security bulletins MS03-026, MS03-039, and MS04-012 cover this in more detail.