Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

I’m told my firewall isn’t working, but it is turned on. Do I have a problem?

Question:

I’ve decided to dump AVG in favor of Microsoft Security Essentials. Upon
installation, I received the following message, “Windows Firewall is still
turned off for some unknown error. Try turning it on manually from Windows
Security Center.” So I went over to the Control Panel and fired up the Windows
Firewall. It said that it was already on. Now, I’m not overly concerned because
this is my desktop computer sitting behind a NAT router. So if I understand
correctly, the Windows Firewall is not really necessary. However, I have some
concern that maybe something with the firewall is wrong and not properly
functioning even though it says it’s on. The initial quick scan of MSE found
the Broadcast DSS agent software with one of our old kids’ games.

In this excerpt from
Answercast #65
, I look at a system that is displaying odd behaviors in the
Windows firewall.

Become a Patron of Ask Leo! and go ad-free!

Disabled firewall

So I am little concerned myself.

One of the things that malware often does is disable or otherwise corrupt
the firewall that might be installed on your system in order to allow other
malware to get on board. I’m not saying that that’s what has happened in this
case, but the fact that you did find some malware on that machine (that
apparently AVG did not) leads me to believe that it’s at least something to be
concerned about.

Router security

Technically, you’re absolutely right; I would be perfectly comfortable with
leaving the Windows firewall off if you’re behind a NAT router.

A NAT router prevents basically all unrequested outside contact from the
internet. The only way to get a connection to something on the internet is if
your machine initiates that contact out. Any contact coming
in from the internet that wasn’t a part of the conversation your
computer initiated can’t reach your computer.

That’s why a NAT router is such a good firewall.

Repair reinstall

So with all that as kind of backup, I guess what I would suggest you do is
see if you can’t run a repair reinstall of Windows. I don’t think you included
which version of Windows you’re running.

I’ve got a couple of different of articles on that, that you might check
out.

  • In Windows XP, there actually is an explicit “repair” option on the install
    media.

  • In Windows 7, you basically perform what’s called an “update install” of
    Windows 7 on top of your existing installation.

Naturally, as you might expect, given that you’re going to be doing
something fairly major in terms of a repair install; I would suggest that you,
of course, backup that machine completely before you start.

I don’t think there’s really anything horribly concerning here; but I agree
with you that this is somewhat unsettling. I’d probably see if I couldn’t get
this issue resolved with a repair reinstall.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

6 comments on “I’m told my firewall isn’t working, but it is turned on. Do I have a problem?”

  1. Thanks Leo. It’s good to to hear that I’m thinking along the right lines. I forgot until today that AVG caught that DSS agent software on installation and I had allowed it as an exception in AVG (from my research it’s just used to nag you to register the kids’ games). So I don’t think it’s related to that.

    But the repair install might be just the thing, or perhaps wipe the whole thing and start over. My computer had a hard crash 6 to 9 months ago. I thought I had restored all the files that went missing but I still have issues every once in a while with a missing system or program support file.

    Reply
  2. @James
    One thing that I’ve seen happen, is that when Windows is booting up a message comes up “Your computer may be at risk, antivirus software is not installed” or a similar warning about the firewall. Then, upon checking, I find the AV and the firewall running.

    That message can come up because sometimes Windows gets ahead of itself and checks for the AV or the firewall before they have had a chance to start. The fact that when you opened the Security Center, you found the firewall was active, leads me to believe that that might be what’s happening in your case.

    Reply
  3. I receive a similar baloon pop up from Microsoft Security Essentials. The baloon reads “your computer may be at risk-firewall not turned on-click baloon to correct”. When I click the baloon, every single time it is already turned on. No virus found.

    Reply
  4. As for the MSE from Microsoft, I have discovered that at times if you wait before clicking on the ballon, if you wait a couple of minutes it will go off. It seems that what is going on is a startup scan that causes this, also the firewall turned off warning will “alert” it will also be tied to some of the updates that belong to both the OS (like Xp etc.) or that AV (MSE) updates. wait a couple of minutes and watch the taskbar by the clock if this may help, and is my experience from this quwstion.

    Reply
  5. There could be remnants of AVG still on your machine that are causing this. Go to AVG website and download the AVG Uninstaller that will clean that up for you.

    Reply
  6. I would caution against a false sense of security from NAT routers or even corporate firewalls. While those devices can protect against unauthorized break-ins, they do not protect against authorized break-ins — i.e., social engineering exploits — basically any number of attacks that trick the user into executing them, such as users clicking on malicious email attachments, users downloading and installing malicious software that looks useful or is misrepresented by the provider, cross-site scripting, phishing, and so on.

    Some of these exploits are very amateurish and easily spotted even by casual users. Others are very sophisticated, and can easily fool even a very knowledgeable user.

    Once the malware has gotten a foothold inside the firewall, all bets are off. This is particularly true if you have multiple users inside the firewall, because it only takes one infected computer to compromise all the rest. And that happens so quickly, it is often too late by the time a virus scanner or knowledgeable user detects it.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.