| reply to gwion
Re: Tiny + WebWasher Users said by gwion:
Do you have... OHHH webwasher... proxy server... yeah... I get it, now... I apologize, I missed the forest for the trees!
I, too, apologize. If I'd made it clear that WW is a proxy server, a lot of confusion wouldn't have been around here  . Looks like my original understanding was not far from what things really work.
If I restate the situation:
1. Tiny grants local traffic by default.
2. a proxy server (WW in this case) runs listening local port 8080.
3. An application(ANY !!!) application connects 8080.
4. Tiny records MD5 and allow it because it's local traffic.
5. The proxy connects the Net to satisfy the application.
6. Tiny allows the connection because it's WW.
What do we do about this? The problem is WW does not have any ability to check which application is making it a connection to 8080 (WW, too, would need MD5 stuff in the end )
When WW starts, it does proxy setup in IE. It looks like the setup is advertised throughout the system, so that any application tries to make an HTTP connection just knows it should go to the proxy...
You mentioned to set individual applications to directly make connections to the net, but I don't think it's an option because, you know, I'm worried about spyware... If I don't know it is running, how can I set it to bypass the proxy...
So, it seems that I have two options: 1) remove loopback rule, and go through allow/deny work, or 2) allow/deny applications connecting the proxy.
Option 2) is what I originally did. As you stated, it's a tedious work...:( When I set rules as in my first post, when a new application tries to connect WW, I just get an alert (I checked "alert me" and "log"), not 'customize option dialog box. So, I have to manually open Tiny, and insert a new rule. Even worse, I get yet another alert when I don't run WW!
Now, I'm thinking about option 1). I mean, how many loopback-connecting applications are we talking about here? Probably handful of system processes are all I can think of. I'm going to delete the default loopback rule, and see how many Tiny popups I encounter .
Now, is this problem if ZA was there instead of Tiny? Does ZA allow local traffic by default? Hmm...
gwion, I'm kind of worried, because, if my original thought is right, then there are many users who have to worry about this.
Am I missing something here...?
Thanks,
-- wiregauze |
