Windows Firewall

Windows Firewall
	Windows Defender Firewall in Windows 10 Fall Creators Update, reporting firewall is turned off.
Other names	Microsoft Defender Firewall; Windows Defender Firewall; Internet Connection Firewall
Developer(s)	Microsoft
Operating system	Windows XP SP2 and later; Windows Server 2003 SP1 and later;
Service name	MpsSvc
Type	Personal firewall

Last updated October 08, 2023

Windows Firewall (officially called Microsoft Defender Firewall in Windows 10 version 2004 and later) is a firewall component of Microsoft Windows. It was first included in Windows XP SP2 and Windows Server 2003 SP1. Before the release of Windows XP Service Pack 2, it was known as the "Internet Connection Firewall."

Overview

When Windows XP was originally shipped in October 2001, it included a limited firewall called "Internet Connection Firewall". It was disabled by default due to concerns with backward compatibility, and the configuration screens were buried away in network configuration screens that many users never looked at. As a result, it was rarely used. In mid-2003, the Blaster worm attacked a large number of Windows machines, taking advantage of flaws in the RPC Windows service.^[dead link ] Several months later, the Sasser worm did something similar. The ongoing prevalence of these worms through 2004 resulted in unpatched machines being infected within a matter of minutes.^[1] Because of these incidents, as well as other criticisms that Microsoft was not being active in protecting customers from threats, Microsoft decided to significantly improve both the functionality and the interface of Windows XP's built-in firewall, rebrand it as Windows Firewall,^[2] and switched it on by default since Windows XP SP2.

One of three profiles is activated automatically for each network interface:^[3]

Public assumes that the network is shared with the World and is the most restrictive profile.
Private assumes that the network is isolated from the Internet and allows more inbound connections than public. A network is never assumed to be private unless designated as such by a local administrator.
Domain profile is the least restrictive. It allows more inbound connections to allow for file sharing etc. The domain profile is selected automatically when connected to a network with a domain trusted by the local computer.

Security log capabilities are included, which can record IP addresses and other data relating to connections originating from the home or office network or the Internet. It can record both dropped packets and successful connections. This can be used, for instance, to track every time a computer on the network connects to a website. This security log is not enabled by default; the administrator must enable it.^[4]

Windows Firewall can be controlled/configured through a COM object-oriented API, scriptable through the netsh command,^[5] through the GUI administration tool^[6] or centrally through group policies.^[7] All features are available regardless of how it is configured.

Versions

Windows Neptune

In the unreleased Windows Neptune, the firewall was introduced^{[ citation needed ]}. It is similar to the one found in Windows XP.^[8]

Windows XP

Windows Firewall was first introduced as part of Windows XP Service Pack 2. Every type of network connection, whether it is wired, wireless, VPN, or even FireWire, has the firewall enabled by default, with some built-in exceptions to allow connections from machines on the local network. It also fixed a problem whereby the firewall policies would not be enabled on a network connection until several seconds after the connection itself was created, thereby creating a window of vulnerability.^[9] A number of additions were made to Group Policy, so that Windows system administrators could configure the Windows Firewall product on a company-wide level. XP's Windows Firewall cannot block outbound connections; it is only capable of blocking inbound ones.

Windows Firewall turned out to be one of the two most significant reasons (the other being DCOM activation security)^[10] that many corporations did not upgrade to Service Pack 2 in a timely fashion. Around the time of SP2's release, a number of Internet sites were reporting significant application compatibility issues, though the majority of those ended up being nothing more than ports that needed to be opened on the firewall so that components of distributed systems (typically backup and antivirus solutions) could communicate.

Windows Firewall added IPv6, which was not supported by its predecessor, Internet Connection Firewall.^[11]

Windows Vista

Windows Vista improved the firewall to address a number of concerns around the flexibility of Windows Firewall in a corporate environment:^[12]

The firewall is based on the Windows Filtering Platform.
A new management console snap-in named Windows Firewall with Advanced Security which provides access to many advanced options, and enables remote administration. This can be accessed via Start -> Control Panel -> Administrative Tools -> Windows Firewall with Advanced Security, or by running "wf.msc"
Outbound packet filtering, reflecting increasing concerns about spyware and viruses that attempt to "phone home". Outbound rules are configured using the management console. Notifications are not shown however for outbound connections.
With the advanced packet filter, rules can also be specified for source and destination IP addresses and port ranges.
Rules can be configured for services by its service name chosen by a list, without needing to specify the full path file name.
IPsec is fully integrated, allowing connections to be allowed or denied based on security certificates, Kerberos authentication, etc. Encryption can also be required for any kind of connection.
Improved interface for managing separate firewall profiles. Ability to have three separate firewall profiles for when computers are domain-joined, connected to a private network, or connected to a public network (XP SP2 supports two profiles—domain-joined and standard). Support for the creation of rules for enforcing server and domain isolation policies.

Windows Server 2008 and Windows 7

Windows Server 2008 contains the same firewall as Windows Vista. The firewall in Windows Server 2008 R2 and Windows 7 contains some improvements, such as multiple active profiles.^[13]

Windows 10

Changes to this component in Windows 10 are:

The change of name to Windows Defender Firewall that occurred in the September 2017 update, known as the Fall Creators Update (codename Redstone 3).
Firewall service (mpssvc) cannot be stopped anymore.

Related Research Articles

Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and business users and Windows Me for home users, and is available for any devices running Windows NT 4.0, Windows 98, Windows 2000, or Windows Me that meet the new Windows XP system requirements.

Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and designed for businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officially released to retail on February 17, 2000 and September 26, 2000 for Windows 2000 Datacenter Server. It was Microsoft's business operating system until the introduction of Windows XP Professional in 2001.

Windows Server 2003, codenamed "Whistler Server", is the second version of the Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2003. Windows Server 2003 is the successor to the Server editions of Windows 2000 and the predecessor to Windows Server 2008. An updated version, Windows Server 2003 R2, was released to manufacturing on December 6, 2005. Windows Server 2003 is based on the consumer operating system, Windows XP.

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft Corporation which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software.

Messenger service is a network-based system notification Windows service by Microsoft that was included in some earlier versions of Microsoft Windows.

Windows Vista is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on November 8, 2006, and became generally available on January 30, 2007, on the Windows Marketplace, the first release of Windows to be made available through a digital distribution platform. Vista succeeded Windows XP (2001); at the time, the five-year gap between the two was the longest time span between successive Windows releases.

Windows Server 2008, codenamed "Longhorn Server", is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on February 27, 2008. Derived from Windows Vista, Windows Server 2008 is the successor of Windows Server 2003 and the predecessor to Windows Server 2008 R2.

Network Access Protection (NAP) is a Microsoft technology for controlling network access of a computer, based on its health. It was first included in Windows Vista and Windows Server 2008 and backported to Windows XP Service Pack 3. With NAP, system administrators of an organization can define policies for system health requirements. Examples of system health requirements are whether the computer has the most recent operating system updates installed, whether the computer has the latest version of the anti-virus software signature, or whether the computer has a host-based firewall installed and enabled. Computers with a NAP client will have their health status evaluated upon establishing a network connection. NAP can restrict or deny network access to the computers that are not in compliance with the defined health requirements.

As the next version of Windows NT after Windows 2000, as well as the successor to Windows Me, Windows XP introduced many new features but it also removed some others.

Microsoft Management Console (MMC) is a component of Microsoft Windows that provides system administrators and advanced users an interface for configuring and monitoring the system. It was first introduced in 1998 with the Option Pack for Windows NT 4.0 and later came pre-bundled with Windows 2000 and its successors.

<span class="mw-page-title-main">Quick Assist</span>

Quick Assist is a Microsoft Windows feature that allows a user to view or control a remote Windows computer over a network or the Internet to resolve issues without directly touching the unit. It is based on the Remote Desktop Protocol (RDP). It is complemented by Get Help, a feature introduced in Windows 10 that enables the user to contact Microsoft directly but does not allow for remote desktoping or screen sharing.

There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

Security and Maintenance is a component of the Windows NT family of operating systems that monitors the security and maintenance status of the computer. Its monitoring criteria includes optimal operation of antivirus software, personal firewall, as well as the working status of Backup and Restore, Network Access Protection (NAP), User Account Control (UAC), Windows Error Reporting (WER), and Windows Update. It notifies the user of any problem with the monitored criteria, such as when an antivirus program is not up-to-date or is offline.

Windows Vista contains a range of new technologies and features that are intended to help network administrators and power users better manage their systems. Notable changes include a complete replacement of both the Windows Setup and the Windows startup processes, completely rewritten deployment mechanisms, new diagnostic and health monitoring tools such as random access memory diagnostic program, support for per-application Remote Desktop sessions, a completely new Task Scheduler, and a range of new Group Policy settings covering many of the features new to Windows Vista. Subsystem for UNIX Applications, which provides a POSIX-compatible environment is also introduced.

In computing, Microsoft's Windows Vista and Windows Server 2008 introduced in 2007/2008 a new networking stack named Next Generation TCP/IP stack, to improve on the previous stack in several ways. The stack includes native implementation of IPv6, as well as a complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration settings that enables more dynamic control and does not require a computer restart after a change in settings. The new stack, implemented as a dual-stack model, depends on a strong host-model and features an infrastructure to enable more modular components that one can dynamically insert and remove.

Wireless Zero Configuration (WZC), also known as Wireless Auto Configuration, or WLAN AutoConfig, is a wireless connection management utility included with Microsoft Windows XP and later operating systems as a service that dynamically selects a wireless network to connect to based on a user's preferences and various default settings. This can be used instead of, or in the absence of, a wireless network utility from the manufacturer of a computer's wireless networking device. The drivers for the wireless adapter query the NDIS Object IDs and pass the available network names (SSIDs) to the service. The service then lists them in the user interface on the Wireless Networks tab in the connection's Properties or in the Wireless Network Connection dialog box accessible from the notification area. A checked (debug) build version of the WZC service can be used by developers to obtain additional diagnostic and tracing information logged by the service.

Windows XP and Windows Vista differ considerably in regards to their security architecture, networking technologies, management and administration, shell and user interface, and mobile computing. Windows XP has suffered criticism for security problems and issues with performance. Vista has received criticism for issues with performance and product activation. Another common criticism of Vista concerns the integration of new forms of DRM into the operating system, and User Account Control (UAC) security technology.

Some of the new features included in Windows 7 are advancements in touch, speech and handwriting recognition, support for virtual hard disks, support for additional file formats, improved performance on multi-core processors, improved boot performance, and kernel improvements.

Network Level Authentication (NLA) is a feature of Remote Desktop Services or Remote Desktop Connection that requires the connecting user to authenticate themselves before a session is established with the server.

References

↑ Lemos, Robert (August 17, 2004). "Study: Unpatched PCs compromised in 20 minutes". CNET . CBS Interactive.
↑ "Troubleshooting Windows Firewall settings in Windows XP Service Pack 2". Support. Microsoft. October 19, 2004. Archived from the original on October 20, 2004.
↑ "Network Location Awareness". TechNet . Microsoft. November 2, 2007.
↑ "Internet Connection Firewall security log". TechNet . Microsoft. January 21, 2005. Archived from the original on November 10, 2008.
↑ "Appendix B: Netsh Command Syntax for the Netsh Firewall Context". TechNet . Microsoft. December 17, 2004.
↑ "User Interface: Windows Firewall with Advanced Security". TechNet . Microsoft. January 20, 2009.
↑ "Deploying Windows Firewall Settings With Group Policy". TechNet . Microsoft. December 17, 2004.
↑ "Windows Firewall". Windows . Microsoft. Archived from the original on June 11, 2011. Retrieved 2015-11-30.
↑ "Manually Configuring Windows Firewall in Windows XP Service Pack 2". TechNet . Microsoft. February 2004.
↑ "Deploying Windows XP Service Pack 2 using Software Update Services". TechNet . Microsoft. August 18, 2004. Factors to consider when using SUS to deploy Windows XP SP2
↑ "To configure IPv6 Internet Connection Firewall". TechNet . Microsoft. February 2, 2006.
↑ "The New Windows Firewall in Windows Vista and Windows Server 2008". TechNet . Microsoft. January 2006.
↑ "What's New in Windows Firewall with Advanced Security". TechNet . Microsoft. October 26, 2009.

Notes

^ These multiple vulnerabilities were fixed by Microsoft over the course of several months; Microsoft security bulletins MS03-026, MS03-039, and MS04-012 cover this in more detail.

External links

Windows Firewall with Advanced Security on Microsoft TechNet

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Lemos, Robert (August 17, 2004). "Study: Unpatched PCs compromised in 20 minutes". CNET . CBS Interactive.

[2] "Troubleshooting Windows Firewall settings in Windows XP Service Pack 2". Support. Microsoft. October 19, 2004. Archived from the original on October 20, 2004.

[3] "Network Location Awareness". TechNet . Microsoft. November 2, 2007.

[4] "Internet Connection Firewall security log". TechNet . Microsoft. January 21, 2005. Archived from the original on November 10, 2008.

[5] "Appendix B: Netsh Command Syntax for the Netsh Firewall Context". TechNet . Microsoft. December 17, 2004.

[6] "User Interface: Windows Firewall with Advanced Security". TechNet . Microsoft. January 20, 2009.

[7] "Deploying Windows Firewall Settings With Group Policy". TechNet . Microsoft. December 17, 2004.

[8] "Windows Firewall". Windows . Microsoft. Archived from the original on June 11, 2011. Retrieved 2015-11-30.

[9] "Manually Configuring Windows Firewall in Windows XP Service Pack 2". TechNet . Microsoft. February 2004.

[10] "Deploying Windows XP Service Pack 2 using Software Update Services". TechNet . Microsoft. August 18, 2004. Factors to consider when using SUS to deploy Windows XP SP2

[11] "To configure IPv6 Internet Connection Firewall". TechNet . Microsoft. February 2, 2006.

[12] "The New Windows Firewall in Windows Vista and Windows Server 2008". TechNet . Microsoft. January 2006.

[13] "What's New in Windows Firewall with Advanced Security". TechNet . Microsoft. October 26, 2009.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

v t e Microsoft security products
Numbers in brackets are the years of the initial release of the product.
For Windows	Windows Firewall [2001] Baseline Security Analyzer [2004] Malicious Software Removal Tool [2005] Microsoft Defender [2006] Microsoft SmartScreen [2006] Microsoft Safety Scanner [2011]
For Windows Server	Exchange Online Protection [2007] System Center Data Protection Manager [2007] Identity Manager [2010]
Discontinued	MSAV [1993] Threat Management Gateway [1997] Microsoft Security Essentials [2009] OneCare Safety Scanner [2006] Unified Access Gateway [2007] Windows Live OneCare [2006] RootkitRevealer [2006] Enhanced Mitigation Experience Toolkit [2009]
Related topics	Data Execution Prevention Kernel Patch Protection Mandatory Integrity Control MS Antivirus (malware) User Account Control