Well, I thought ‘Ask to connect’ would serve me just fine - and for a few days it had been performing just right. But this morning I saw a little red alert on the GW tray icon and found that the process ‘Avast Antivirus Bug Report’, reported as a new process, had accessed the Internet, and there it was in the firewall list, allowed. I certainly hadn’t had any prompt to allow it - though certainly I would have done so if I’d had that prompt.
Now, does this mean that the Ask to Connect system is recognising Avast as ‘trusted’, as I okayed Avast initially, and, on that basis, is now allowing other Avast modules without asking me? Or is it simply failing to do sufficiently reliably what it’s supposed to do? If it really is the former (somehow I very much doubt it at this stage, or that functionality would have been publicized), then I’d be very happy with that as it would avoid unnecessary prompts. However, otherwise clearly the ‘ask to connect’ functionality isn’t working reliably and needs to be fixed.
At least I take my sun hat off to GW, that it still gives an alert for each new process making a Net connection, but if that new process that was allowed had been something unwholesome making an outward connection it could have already sent some sensitive personal data to somewhere most unsuitable before I’d had any chance to block it.
My guess is that the ‘miss’ might have occurred because Avast was already active at an early stage in the windows startup and sent the bug report before GW kicked in, and that despite a previous assurance, Windows Firewall before GW was loaded / initialized was allowing outward connections from new processes. The likelihood of this happening would have been increased by my having had GW in my delayed startup list in Startup Delayer. I’ve now reverted it to non-delayed start.
However, I’ve had a look at the WF settings and I see that they show clearly both inward and outward connections as blocked except where rules allow them - and that remains unchanged when I exit GW. That would indicate that the error is firmly with the ‘Ask to connect’ function in GW.
As this indicates potentially a serious security weakness in GW, this needs priority attention and fixing as appropriate, pronto. – Many thanks.
Thank you for that clarification, Ken. No, GW is still running as Basic version, and ‘Ask to connect’ is still indicated as operative.
However, that’s an interesting and perfectly plausible-sounding point about Avast. Clearly I wouldn’t be concerned if Avast had created its own WF rules, because I myself trust Avast, but on the other hand if other programs could do likewise I would be very concerned. I suppose it’s safe as long as unknown / untrusted programs couldn’t in any circumstances play the system and grant themselves admin privileges. I wonder if there’s any way I could ensure that only programs that I trust could do such things. - But then again I expect one or other of my main security programs (including Avast Antivirus Pro, Zemana AntiMalware, HitmanPro.Alert, WinPatrol and Kerish Doctor) would most likely notice any such attempt and block it or ask for my approval.
And, come to think of it, I’ve noticed when uninstalling a whole variety of programs, with Iobit Uninstaller and more recently with the superior and more trustworthy Bulk Crap Uninstaller (with no PUPs, too!), WF rules allowing the programs were listed among the registry entries for removal. Whether those programs actually created the rules, or whether the uninstaller had simply looked for WF rules that applied to those programs, I have no idea.
I shall monitor the situation and report here any further useful observations.
Hmmm… Thanks for reminding me of that, Ken. I’ll try it, but in the past I found UAC just too disruptive, because it has no facility for whitelisting a program, so one keeps getting pointless moronic prompts triggered by any program regardless of whether it’s trusted by the user. I expect I’ll abandon the ‘full’ setting pretty quickly!
FYI, most programs add their own rules although this is not explicitly mentioned in any Windows Firewall documentation that I have read. That’s how the uninstaller’s find them because the registry entries are owned by the program.
Windows Firewall has a very comprehensive set of rules and most Windows programs that you install add their own exceptions to the Windows Firewall so that they receive network and Internet access. This means that you will see prompts from the Windows Firewall on occasion, generally when you install programs that do not add their own exceptions to the Windows Firewall’s list.
The following quote is as close as Microsoft gets - at least as far as I’ve found - to saying the same thing (Add or edit firewall rule):
When you add a program to the rules list, Windows Firewall with Advanced Security dynamically opens (unblocks) and closes (blocks) the ports required by the program. When the program is running and listening for incoming traffic, Windows Firewall with Advanced Security opens the required ports; when the program is not running or is not listening for incoming traffic, Windows Firewall with Advanced Security closes the ports. Because of this dynamic behavior, adding programs to the rules list is the recommended method for allowing unsolicited incoming traffic through Windows Firewall with Advanced Security.
Anyway, I’ve now had UAC on its high setting for a little, and I must say that so far I’ve not noticed any obvious increase in prompts at all. So different from even Win7, where I still found even the medium setting to be too intrusive, so used to have UAC actually switched off! (i.e., saved by my security-safe behaviour on my computer as well as layers of security software.). It was in Win8 that I finally found ‘medium’ UAC sort-of manageable, but I must say that being able to use the ‘high’ setting in Win10 without real nuisance is a great plus, and I’m grateful for the prompt to use that setting, for I’m sure that in all sorts of ways my system would be more secure now.
With regard to GW, I assume, then, that if I install a new program, if it doesn’t have admin privileges it would cause a WF/GW prompt when it seeks first outward connection, so I’ll report here if I find anything getting through without a prompt when I reckon it shouldn’t have been able to.
Windows 10 is such a boon compared with earlier versions. It annoys me that so many Windows 7 and 8/8.1 systems missed out on the free upgrade because users didn’t understand.
You might be interested in reading more about hardening your Windows 10 system. I really like this site, http://hardenwindows10forsecurity.com. It has some negative ratings on a couple of sites but scans OK with virustotal and I couldn’t see any problem with the content. I presume that the domain name registrant, Peter Pun of Ontario, is the author. His article is informative and comprehensively covers the many settings. I haven’t read the whole article but what I have read is useful even when he doesn’t know all the whys and wherefores. The formatting could do with some improvement but its easy to follow.
He has this to say about UAC:
Turn UAC to the max
When MS released Vista, there were some complaints about UAC asking for confirmation to do this, that and the other. So MS made a compromise in Windows 7 and allow customers to choose what level of prompting they want. Know that turning completely off UAC also means turning off Protected Mode in Internet Explorer, and not too many people realize that a major piece of protection is now turned off. UAC pops up mostly during the setup phase, once you have finished setting up your computer, you will rarely encounter it.
Control Panel\All Control Panel Items\User Accounts\Change User Account Control Settings
Move slider to top