There are several ways to implement a firewall:
- Winsock LSPÂ – Can be used for an application layer firewall, but it’s mostly not used for various reasons.
- TDI Driver – Mostly used for personal firewalls, according to Microsoft it will be phased out in the next OS.
- Ndis IM – Mostly used for gateway firewalls.
- WFP – The new plaform Microsoft is promoting, in my opinion that until XP is retired this will not gain momentum.
We have wrote a bit on what is TDI. Basically most personal firewall are using TDI for various reasons:
- It’s a driver so it has the false sense it’s hard to remove.
- It’s been with us since 1995 on Win95.
- It has the ability to view traffic as stream or packets.
TDI is being phased out by Microsoft, and according to their documentation the next Windows version might not support it anymore so investing in TDI can be quite risky.