Configuring R-Firewall

I use Ubuntu on my home PC. At work, I have to use Windows XP. To protect my Windows PC, I use R-Firewall. It is the best firewall that I know. This article is based on an e-mail I wrote to my colleagues.

From my personal experience, I have come to the conclusion that a good firewall and a realtime anti-virus program can safeguard a Windows PC more than anything. I have also seen that the Windows Firewall and other commercially available firewalls do not do well when it comes to protecting the PC. They usually have preconfigured settings allowing Internet access for popular applications. This is their weakness. When a malware attacks these applications, the firewall does not stop these applications. Besides, in Windows, most user accounts have Administrator privileges. That means that any malware just needs to infect any application and it can have full control of the PC.

Firewall manufacturers cannot be strict with permissions because many Windows applications, including built-in ones, are written so poorly that they will crash Windows if the firewall denies an Internet connection. So, these firewalls come with pre-built Internet access rules for popular applications. Another shortcoming with these firewalls is that they do not give full control to the user to configure his own Internet access rules.

R-Firewall is one program that does provide full control to the user. I recommend it to all Windows XP users. (It does not support Vista/7.) As mentioned earlier, a firewall's performance can be compromised by an application that is poorly written. Even R-firewall will crash your system if you do not configure it properly. Here is how to do it right.

R-Firewall has 3 access permissions - allow, deny, and ask. You can specify these access permissions on a case-by-case basis or create a rule that the firewall will automatically apply in future. A rule requires any combination of the requesting application, direction of the connection, protocol of the connection, remote IP, and remote port. Local ports are not so important.

During installation, do not set the local LAN IP range. (This step is relevant only if you are on a LAN or office network.)
During installation, uncheck options for pre-defined rules for applications except those for the one marked for System.
After installation, From View menu, choose Advanced setting.
In Application and Rules tab, try to delete all rules under Global, Overiding, and Blocked. Only that remains finally will the one for "Ask for any IP" rule.
In Host Zones tab, create a new host zone for your LAN.
Try opening a network share, you will get a prompt by processes System or Explorer. Click on Create Rule and then Allow.
After creating the rule, modify the rule and allow System and Explorer access to the LAN host zone you created.
Now, open a browser and access some website. When the firewall prompts, create an "Allow" rule for access to the proxy on your LAN.
Similarly, open your mail client and send/recieve mail. When the firewall shows a prompt, create an allow rule.
If processes such as "svhost", "lsass", "winlogon" or "init" ask for permission, create an "Allow" rule immediately. This is very important. However, be careful about svhost, which is a host for applications that run as services. Sometimes viruses run as services. So, check Connection panel in the firewall and Process Explorer if you see too many svhost requests.
When some other application asks for internet connection, you can allow/deny permission or create an allow/deny rule, as you wish. For example, if you create a deny port 80 rule for devenv (Visual Studio), it will load faster, as it will not waste time by trying retrieve the start page from the Internet.
Default browser ports are 80 (http) and 443 (https). Some web apps may use other ports. Mail clients access 25 (smtp), 110 & 965 (POP). Be careful when some unknown processes try to access these ports. Even if it is a known application, be sure whether you really need to provide permision.
If you want to block certain domains or subdomains, go to Content Filter » Host/Active Content Filter.

Also, remember to disable Server service in Microsoft Management Console. This will disable your shares. Enable it only when you need to a share. Disable remote log on. Enable only when it is required.

I also suggest you use Naviscope, which runs a local proxy on your PC and monitors Internet connection. It provides several features such as providing visual indicators for Internet connections and their speed.

Naviscope captures download URL of Chrome Installer

You also need a good antivirus solution such as AVG, which automatically scans USB flash drives immediately when they are inserted.

Moral Volcano is the work of an Indian, thinker, astrologer, software programmer, GNU/Linux user, web designer, technical writer, lexicographer, hacker, gamer, pioneer IE Blocker, amateur photographer, and somewhat podcast transcriptionist. named V. Subhash (Me). I have written a fake American Policy for Dummies book. My e-book How To Invest In Stocks PDF eBook is free but not fake. So, I my PDF eBook version of Ambrose Bierce's Devil's Dictionary, which was created using the all-text original provided by the Guttenberg project and a free software HTMLDoc.

I do not have any time for social notworking sites such as Facebook. They cause a huge loss of productivity in offices where employees have access to Internet. I had a Johnny Bravo fan site but that was gone when Yahoo closed Geocities. Sites such as Facebook, Linked-In, MySpace, Orkut, and Twitter thrive only because spies and marketers feel there is a great need for easy access to demographic and personal information. "Free" pretends to be free for a reason. Otherwise, everything comes with a price tag.

Finally, this website blocks Internet Explorer - all versions, not just IE6. This is the first website on the Internet to do so. If you have a website, I welcome you to do so.