Windows Firewall
Windows Firewall Vista icon.png
Windows Firewall.png
Windows Defender Firewall in Windows 10 Fall Creators Update, reporting firewall is turned off.
Other namesWindows Firewall
Internet Connection Firewall
Developer(s)Microsoft
Operating system
Service nameMpsSvc
TypeFirewall software

Windows Firewall (officially called Windows Defender Firewall in Windows 10), is a firewall component of Microsoft Windows. It was first included in Windows XP and Windows Server 2003. Prior to the release of Windows XP Service Pack 2 in 2004, it was known as Internet Connection Firewall. With the release of Windows 10 version 1709 in September 2017, it was renamed Windows Defender Firewall.

Overview

When Windows XP was originally shipped in October 2001, it included a limited firewall called "Internet Connection Firewall". It was disabled by default due to concerns with backward compatibility, and the configuration screens were buried away in network configuration screens that many users never looked at. As a result, it was rarely used. In mid-2003, the Blaster worm attacked a large number of Windows machines, taking advantage of flaws in the RPC Windows service.[1][dead link] Several months later, the Sasser worm did something similar. The ongoing prevalence of these worms through 2004 resulted in unpatched machines being infected within a matter of minutes.[1] Because of these incidents, as well as other criticisms that Microsoft was not being active in protecting customers from threats, Microsoft decided to significantly improve both the functionality and the interface of Windows XP's built-in firewall, rebrand it as Windows Firewall,[2] and switched it on by default since Windows XP SP2.

One of three profiles is activated automatically for each network interface:[3]

Security log capabilities are included, which can record IP addresses and other data relating to connections originating from the home or office network or the Internet. It can record both dropped packets and successful connections. This can be used, for instance, to track every time a computer on the network connects to a website. This security log is not enabled by default; the administrator must enable it.[4]

Windows Firewall can be controlled/configured through a COM object-oriented API, scriptable through the netsh command,[5] through the GUI administration tool[6] or centrally through group policies.[7] All features are available regardless of how it is configured.

Versions

Windows Neptune

In the unreleased Windows Neptune, the firewall was introduced[citation needed]. It is similar to the one found in Windows XP.[8]

Windows XP

Windows Firewall settings in Windows XP Service Pack 2.
Windows Firewall settings in Windows XP Service Pack 2.

Windows Firewall was first introduced as part of Windows XP Service Pack 2. Every type of network connection, whether it is wired, wireless, VPN, or even FireWire, has the firewall enabled by default, with some built-in exceptions to allow connections from machines on the local network. It also fixed a problem whereby the firewall policies would not be enabled on a network connection until several seconds after the connection itself was created, thereby creating a window of vulnerability.[9] A number of additions were made to Group Policy, so that Windows system administrators could configure the Windows Firewall product on a company-wide level. XP's Windows Firewall cannot block outbound connections; it is only capable of blocking inbound ones.

Windows Firewall turned out to be one of the two most significant reasons (the other being DCOM activation security)[10] that many corporations did not upgrade to Service Pack 2 in a timely fashion. Around the time of SP2's release, a number of Internet sites were reporting significant application compatibility issues, though the majority of those ended up being nothing more than ports that needed to be opened on the firewall so that components of distributed systems (typically backup and antivirus solutions) could communicate.

Windows Firewall added IPv6, which was not supported by its predecessor, Internet Connection Firewall.[11]

Note that the DCOM problem can be solved by moving applications to DComLab's ComBridge protocol.

Windows Vista

Windows Vista improved the firewall to address a number of concerns around the flexibility of Windows Firewall in a corporate environment:[12]

Windows Server 2008 and Windows 7

Windows Server 2008 contains the same firewall as Windows Vista. The firewall in Windows Server 2008 R2 and Windows 7 contains some improvements, such as multiple active profiles.[13]

Windows 10

Changes to this component in Windows 10 are:

See also

References

  1. ^ Lemos, Robert (August 17, 2004). "Study: Unpatched PCs compromised in 20 minutes". CNET. CBS Interactive.
  2. ^ "Troubleshooting Windows Firewall settings in Windows XP Service Pack 2". Support. Microsoft. October 19, 2004. Archived from the original on October 20, 2004.
  3. ^ "Network Location Awareness". TechNet. Microsoft. November 2, 2007.
  4. ^ "Internet Connection Firewall security log". TechNet. Microsoft. January 21, 2005. Archived from the original on November 10, 2008.
  5. ^ "Appendix B: Netsh Command Syntax for the Netsh Firewall Context". TechNet. Microsoft. December 17, 2004.
  6. ^ "User Interface: Windows Firewall with Advanced Security". TechNet. Microsoft. January 20, 2009.
  7. ^ "Deploying Windows Firewall Settings With Group Policy". TechNet. Microsoft. December 17, 2004.
  8. ^ "Windows Firewall". Windows. Microsoft. Archived from the original on June 11, 2011. Retrieved 2015-11-30.
  9. ^ "Manually Configuring Windows Firewall in Windows XP Service Pack 2". TechNet. Microsoft. February 2004.
  10. ^ "Deploying Windows XP Service Pack 2 using Software Update Services". TechNet. Microsoft. August 18, 2004. Factors to consider when using SUS to deploy Windows XP SP2
  11. ^ "To configure IPv6 Internet Connection Firewall". TechNet. Microsoft. February 2, 2006.
  12. ^ "The New Windows Firewall in Windows Vista and Windows Server 2008". TechNet. Microsoft. January 2006.
  13. ^ "What's New in Windows Firewall with Advanced Security". TechNet. Microsoft. October 26, 2009.

Notes

  1. ^ These multiple vulnerabilities were fixed by Microsoft over the course of several months; Microsoft security bulletins MS03-026, MS03-039, and MS04-012 cover this in more detail.