Helping people with computers... one answer at a time.

I agree with you that this is somewhat unsettling. One of the things malware does is corrupt the firewall on your system in order to allow other malware to get on board.

I've decided to dump AVG in favor of Microsoft Security Essentials. Upon installation, I received the following message, "Windows Firewall is still turned off for some unknown error. Try turning it on manually from Windows Security Center." So I went over to the Control Panel and fired up the Windows Firewall. It said that it was already on. Now, I'm not overly concerned because this is my desktop computer sitting behind a NAT router. So if I understand correctly, the Windows Firewall is not really necessary. However, I have some concern that maybe something with the firewall is wrong and not properly functioning even though it says it's on. The initial quick scan of MSE found the Broadcast DSS agent software with one of our old kids' games.

In this excerpt from Answercast #65, I look at a system that is displaying odd behaviors in the Windows firewall.

Disabled firewall

So I am little concerned myself.

One of the things that malware often does is disable or otherwise corrupt the firewall that might be installed on your system in order to allow other malware to get on board. I'm not saying that that's what has happened in this case, but the fact that you did find some malware on that machine (that apparently AVG did not) leads me to believe that it's at least something to be concerned about.

Router security

Technically, you're absolutely right; I would be perfectly comfortable with leaving the Windows firewall off if you're behind a NAT router.

A NAT router prevents basically all unrequested outside contact from the internet. The only way to get a connection to something on the internet is if your machine initiates that contact out. Any contact coming in from the internet that wasn't a part of the conversation your computer initiated can't reach your computer.

That's why a NAT router is such a good firewall.

Repair reinstall

So with all that as kind of backup, I guess what I would suggest you do is see if you can't run a repair reinstall of Windows. I don't think you included which version of Windows you're running.

I've got a couple of different of articles on that, that you might check out.

  • In Windows XP, there actually is an explicit "repair" option on the install media.

  • In Windows 7, you basically perform what's called an "update install" of Windows 7 on top of your existing installation.

Naturally, as you might expect, given that you're going to be doing something fairly major in terms of a repair install; I would suggest that you, of course, backup that machine completely before you start.

I don't think there's really anything horribly concerning here; but I agree with you that this is somewhat unsettling. I'd probably see if I couldn't get this issue resolved with a repair reinstall.

Article C5963 - October 28, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

6 Comments
James
October 28, 2012 2:51 PM

Thanks Leo. It's good to to hear that I'm thinking along the right lines. I forgot until today that AVG caught that DSS agent software on installation and I had allowed it as an exception in AVG (from my research it's just used to nag you to register the kids' games). So I don't think it's related to that.

But the repair install might be just the thing, or perhaps wipe the whole thing and start over. My computer had a hard crash 6 to 9 months ago. I thought I had restored all the files that went missing but I still have issues every once in a while with a missing system or program support file.

Mark J
October 29, 2012 1:07 PM

@James
One thing that I've seen happen, is that when Windows is booting up a message comes up "Your computer may be at risk, antivirus software is not installed" or a similar warning about the firewall. Then, upon checking, I find the AV and the firewall running.

That message can come up because sometimes Windows gets ahead of itself and checks for the AV or the firewall before they have had a chance to start. The fact that when you opened the Security Center, you found the firewall was active, leads me to believe that that might be what's happening in your case.

Ben
October 30, 2012 9:11 AM

I receive a similar baloon pop up from Microsoft Security Essentials. The baloon reads "your computer may be at risk-firewall not turned on-click baloon to correct". When I click the baloon, every single time it is already turned on. No virus found.

Bob
October 30, 2012 9:42 AM

As for the MSE from Microsoft, I have discovered that at times if you wait before clicking on the ballon, if you wait a couple of minutes it will go off. It seems that what is going on is a startup scan that causes this, also the firewall turned off warning will "alert" it will also be tied to some of the updates that belong to both the OS (like Xp etc.) or that AV (MSE) updates. wait a couple of minutes and watch the taskbar by the clock if this may help, and is my experience from this quwstion.

Larry
October 30, 2012 12:57 PM

There could be remnants of AVG still on your machine that are causing this. Go to AVG website and download the AVG Uninstaller that will clean that up for you.

Karl Uppiano
November 10, 2012 9:25 AM

I would caution against a false sense of security from NAT routers or even corporate firewalls. While those devices can protect against unauthorized break-ins, they do not protect against authorized break-ins -- i.e., social engineering exploits -- basically any number of attacks that trick the user into executing them, such as users clicking on malicious email attachments, users downloading and installing malicious software that looks useful or is misrepresented by the provider, cross-site scripting, phishing, and so on.

Some of these exploits are very amateurish and easily spotted even by casual users. Others are very sophisticated, and can easily fool even a very knowledgeable user.

Once the malware has gotten a foothold inside the firewall, all bets are off. This is particularly true if you have multiple users inside the firewall, because it only takes one infected computer to compromise all the rest. And that happens so quickly, it is often too late by the time a virus scanner or knowledgeable user detects it.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.