Firewall for Win 7

[aezakmi]

hi what's up I'm tryna decide what firewall should I use for my little NAS, it runs Windows 7 Starter ed. and currently has no firewall or AV mainly because the processor is already being hogged by the OS and other running software, nothing bad happened so far but I'd like some protection since I download and upload files from the internet constantly with it

OS is up to date, I install any available update every friday (manually, I don't want it to restart randomly)

 

I'm looking for a free firewall that doesn't uses too much resources, we can already take Comodo out of the equation since it refuses to install (I have it on my usb drive) since is a 32-bit system? and it also eats more resources than chrome.

don't know if it exists but something that could use the onboard speaker to alert about threats would be great since it has a loud one

 

programs always running are Cyberduck, Remote utilities server, Seamonkey, Ares Galaxy and uTorrent so the new firewall shouldn't block those

 

any suggestions are welcome

[Willowwizard]

Firewall software only protects you by preventing certain inbound/outbound connections (e.g. if you have a webserver running and don't want other people to access it).

It has pretty much zero benefit to a normal person.

If you really want a firewall however, perhaps try TinyWall.

 

If you want protection from potentially downloading malicious software, since you're on Windows 7; install Windows Defender & Malwarebytes. If you don't like Windows Defender for some reason, I've been installing Bitdefender on my parents' computers. Be warned that it requires you to make an account with them however, and the user interface is incredibly simple.

[Alex Atkin UK]

AFAIK Starter Edition still has the Windows firewall so is there a specific reason this is not enough for you?

 

Personally I'd run Linux for a NAS as its way more efficient than Windows for low-end hardware.

[Donut417]

16 hours ago, aezakmi said:

hi what's up I'm tryna decide what firewall should I use for my little NAS, it runs Windows 7 Starter ed. and currently has no firewall or AV mainly because the processor is already being hogged by the OS and other running software, nothing bad happened so far but I'd like some protection since I download and upload files from the internet constantly with it

OS is up to date, I install any available update every friday (manually, I don't want it to restart randomly)

 

I'm looking for a free firewall that doesn't uses too much resources, we can already take Comodo out of the equation since it refuses to install (I have it on my usb drive) since is a 32-bit system? and it also eats more resources than chrome.

don't know if it exists but something that could use the onboard speaker to alert about threats would be great since it has a loud one

 

programs always running are Cyberduck, Remote utilities server, Seamonkey, Ares Galaxy and uTorrent so the new firewall shouldn't block those

 

any suggestions are welcome

To my understanding Windows since Win XP SP2 has had a built in firewall, thats should be sufficient. Also, if you have a home router that also contains a much better firewall. 

 

Further more I agree with @Alex Atkin UK, Windows probably not the best choice here. Windows 7 starter is probably an even shittier choice when it comes to Windows. Also, Windows 7 has less than 2 years of support left, after that its an unsupported OS and not really good for important use. Id look at a Linux OS for this purpose. 

[aezakmi]

4 hours ago, Alex Atkin UK said:

AFAIK Starter Edition still has the Windows firewall so is there a specific reason this is not enough for you?

1 hour ago, Donut417 said:

To my understanding Windows since Win XP SP2 has had a built in firewall, thats should be sufficient.

windows firewall was never been... useful

 

my computer was hacked last year and the windows 7 firewall did nothing to prevent the hackers from accessing my files, whoever hacked me though couldn't steal or find anything of value since I keep that stuff in an offline system

4 hours ago, Alex Atkin UK said:

Personally I'd run Linux for a NAS as its way more efficient than Windows for low-end hardware.

1 hour ago, Donut417 said:

Id look at a Linux OS for this purpose. 

 

yeah I thought of that too, but right now I use the windows share options to access the hard drives in the NAS and afaik linux is literally hell when it comes to make something as simple as sharing a drive with windows computers because of protocols and similar stuff, not to mention remote utilities is only avaiable for windows, of course I'd like to use linux too, but it's currently not possible

I did tried twice, one with mint (I have it on my laptop) and other with lubuntu and there was no way to share the drives because there was always something missing

[Donut417]

11 minutes ago, aezakmi said:

windows firewall was never been... useful

 

So you think some light weight free software firewall from another company will do better? Yeah right, if you need that level of protection then you need to start looking at a PFsense box or some kind of security appliance for your network. 

[Willowwizard]

1 hour ago, aezakmi said:

-snip-

my computer was hacked last year and the windows 7 firewall did nothing to prevent the hackers from accessing my files, whoever hacked me though couldn't steal or find anything of value since I keep that stuff in an offline system

-snip

That's because firewall software doesn't do what you think it does, it's not like the movies where someone "breaches" a firewall, literally all a firewall does is allow/block a certain application or TCP/UDP port from accessing and/or being accessed from the internet. Installing 3rd party firewall software won't do anything either if you don't know what you're doing.

 

If you were hacked, you had your firewall and/or server software configured incorrectly, or were using a vulnerable/old version of whatever software you're hosting which allowed the attackers to bypass any protection it may have had.

 

I second everyone's answers here, if you really want to setup NAS, use a prebuilt Linux NAS solution. Windows 7 Starter isn't meant for server software, it's configured for the convenience of users and not the security of a server. If you really want to DIY for some reason, use either Windows Server Edition or a Linux server-oriented distribution. Those will have more security than normal consumer OS' (at the cost of convenience, e.g. you have to type in your password every single time you want to modify system files).

[Alex Atkin UK]

Bearing in mind I have 20 years experience of using a Linux NAS/Server and have had zero problems accessing it from Windows for the vast majority of that time.  I don't even use the firewall on it at all, except fail2ban which blacklists perceived password crack attempts.

 

If you are behind a NATted Internet connection then its not like the Internet has any access to your NAS anyway, unless you port forward to it.  So its effectively protected from Internet attacks anyway (obviously not counting vulnerabilities in the browser, but you are talking a full-on Internet security suite there not a firewall and they cause more trouble than they are worth), only LAN attacks would be possible.

 

The actual network protection is on the router which runs pfSense.  I region block my port forwards to only places I am likely to need to access it from, and use pfBlockerNG to block javascript coin miners and known IP addresses that are used for hacking.  The real meat of your protection SHOULD be on the router as then you can protect every single client from the main entrance to your network.  The chances of a good router/firewall getting hacked is slim, as its running only the essentials, compared to Windows which runs a ton of potential entry points that you don't even need for a NAS.

 

The nature of a NAS is you are leaving file sharing open, so the weakest link is actually the clients as they are the ones with access.

[aezakmi]

7 minutes ago, Alex Atkin UK said:

Bearing in mind I have 20 years experience of using a Linux NAS/Server and have had zero problems accessing it from Windows for the vast majority of that time.  I don't even use the firewall on it at all, except fail2ban which blacklists perceived password crack attempts.

 

If you are behind a NATted Internet connection then its not like the Internet has any access to your NAS anyway, unless you port forward to it.  So its effectively protected from Internet attacks anyway (obviously not counting vulnerabilities in the browser, but you are talking a full-on Internet security suite there not a firewall and they cause more trouble than they are worth), only LAN attacks would be possible.

 

The actual network protection is on the router which runs pfSense.  I region block my port forwards to only places I am likely to need to access it from, and use pfBlockerNG to block javascript coin miners and known IP addresses that are used for hacking.  The real meat of your protection SHOULD be on the router as then you can protect every single client from the main entrance to your network.  The chances of a good router/firewall getting hacked is slim, as its running only the essentials, compared to Windows which runs a ton of potential entry points that you don't even need for a NAS.

 

The nature of a NAS is you are leaving file sharing open, so the weakest link is actually the clients as they are the ones with access.

I've been reading a bit about pfSense and it looks like it can run on a computer with 2 network cards, I do have the parts but not a case and PSU but I might go for something like that and then see how can I make a linux distro work for the NAS

 

so the connections would be Modem/Router 1 -> pfsense box -> Router or Switch -> NAS and other computers

 

There are some open ports for the P2P clients and FTP server

[Alex Atkin UK]

Generally you'd want to put the modem/router into bridge mode so that pfSense gets the public IP address and handles all the routing.  Otherwise you end up with a double-NAT which can cause its own issues, even if you put the pfSense into the DMZ.