how-to block ads
|
|
Share Topic
 |
 |
|
|
|
 Zhen-XjellProlific BunnyPremium,VIP,ExMod 2001-04
join:2000-10-08
Bordentown, NJ | reply to wiregauze
Re: Tiny + WebWasher Users first time? Could you confirm if it does? (I know you are a big fan of WW ) Could you try running bigfix after starting WW?
I just tested it. I denied BigFix access to the net within ZAP, and BigFix was unable to access the net, even though I use WW. Hence, ZAP does stop applications from accessing the net, even if you use WW. | |
| said by Zhen-Xjell:
I just tested it. I denied BigFix access to the net within ZAP, and BigFix was unable to access the net, even though I use WW. Hence, ZAP does stop applications from accessing the net, even if you use WW.
Did ZAP say bigfix was trying to access 127.0.0.1 or some other IP?
-- wiregauze | |
Zhen-XjellProlific BunnyPremium,VIP,ExMod 2001-04
join:2000-10-08
Bordentown, NJ | Yes, BigFix was trying to access 127.0.0.1 port 8080. | |
 ethics$Premium
join:2000-12-27
Brooklyn, NY | reply to wiregauze
Just starting reading this thread and ran a similar test with WW on with proxy configured and tried to start up my Punkbuster. It came up with the correct name (PB.exe) as to what was trying to access the internet.
--
Folding can save a life!
| |
| reply to Zhen-Xjell
said by Zhen-Xjell:
Yes, BigFix was trying to access 127.0.0.1 port 8080.
Thanks Z-X, and same to ethics13 for captured images. Looks like ZA (at least ZAP) seems to block even local traffics by default. That's good  .
So, so far the problem is confined to Tiny (I don't know about other firewalls, though).
For more than a day, I have been running Tiny without its default allow-loopback rule, and so far the number of applications/services that require loopback connections seem to be very limited. There could be more because I don't use any NFS/ICS/NetBIOS/etc, though.
For about a week, I tried several configurations, and I think for now there is only one option that is simple enough for average users: remove the default loopback rule. This will effectively catch any applications that tries to WW.
More fundamental solution I think should come from Tiny Software. While leaving the default loopback rule intact, Tiny needs to fire up an allow/deny box whenever new application tries to connect to any port even when Tiny rule permits. This will effectively block spyware trying to reach its home through a proxy. So, solution would be: when Tiny does not find MD5 checksum in its table, it pops up an allow/deny dialog box; yes, even if its ruleset permits. Obviously this requires an update from Tiny.
-- wiregauze | |
ethics$Premium
join:2000-12-27
Brooklyn, NY | said by wiregauze:
. So, solution would be: when Tiny does not find MD5 checksum in its table, it pops up an allow/deny dialog box; yes, even if its ruleset permits. Obviously this requires an update from Tiny.
-- wiregauze
I am actually surprised that with the flexibility that Tiny has, ZAP was able to pull one over it.
BTW, I will probably try Tiny in the near future. I'd like to see if it's applicable to my network at home more than ZAP.
I am sure this problem this thread has addressed *will* be fixed.
--
Folding can save a life!
| |
Zhen-XjellProlific BunnyPremium,VIP,ExMod 2001-04
join:2000-10-08
Bordentown, NJ | reply to wiregauze
Very interesting indeed is all this. I do not have the time to learn Tiny, but this does not mean I will never try it just to understand what all the talk is about.
However, it is a good thing this certain case has been caught. Yet again, ZAP is proven. | |
 VampirefoPremium,MVM
join:2000-12-11
Huntington, WV
kudos:1
| reply to wiregauze
edit
[text was edited by author 2001-05-25 11:55:36] | |
VampirefoPremium,MVM
join:2000-12-11
Huntington, WV
kudos:1 | What is the Loopback rule in my filter rules?
The default installation of TPF includes a few predefined filter rules for a more convenient administration. Although you are allowed to remove these rules, you must not remove the Loopback rule because it allows TPF to communicate with your operating system. By removing this rule you will no longer be able to access the administration.
Why can't I access the administration?
This can be caused by two reasons. If the engine is not active you cannot access the administration or status monitor. If you have modified or removed the loopback rule you may not be able to access the administration. If this is the case then you should restore the original configuration by removing the persfw.conf file.
This is from TPF's site, I have had no problems, Denying the loopback rule,but just incase someone does, Here are the warnings.
--
Companies would rather lose you as a customer than fix the problem
Vampirefo
Joke Page
| |
| said by Vampirefo:
What is the Loopback rule in my filter rules?
The default installation of TPF includes a few predefined filter rules for a more convenient administration. Although you are allowed to remove these rules, you must not remove the Loopback rule because it allows TPF to communicate with your operating system. By removing this rule you will no longer be able to access the administration.
Why can't I access the administration?
This can be caused by two reasons. If the engine is not active you cannot access the administration or status monitor. If you have modified or removed the loopback rule you may not be able to access the administration. If this is the case then you should restore the original configuration by removing the persfw.conf file.
This is from TPF's site, I have had no problems, Denying the loopback rule,but just incase someone does, Here are the warnings.
This is yet another example how crude I am in reaching to a conclusion  . Thanks, I never looked at that that page of Tiny web site. Obviously, if it can cause a problem for someone, it shouldn't be advertised as general solution.
Then, what options do Tiny users have... It comes back to the solution in my original post of the thread. It's very tedious one, so I guess it's not easy/simple enough for average users.
Looks like the easiest way is update from Tiny. In short:
Even if the ruleset already permits, alert the user whenever a new program tries to connect any port for the first time. Alternatively said, alert the user whenever the application's MD5 is not found in the table, regardless of what the ruleset says.
I'll try to talk to guys at Tiny.
-- wiregauze | |
Zhen-XjellProlific BunnyPremium,VIP,ExMod 2001-04
join:2000-10-08
Bordentown, NJ
| That sounds very good then! I'm glad Tiny has such a work around.
[text was edited by author 2001-05-25 14:08:45] | |
| said by Zhen-Xjell:
That sounds very good then! I'm glad Tiny has such a work around.
I'm sorry, in case I didn't misunderstand, the possible workarounds are not for general mass (not simple enough), as far as I think.
And the easiest fix, the "update" from Tiny is not there yet. We need to ask Tiny to include the update in the future release
I sent them an e-mail including a link over here. I'll wait and see if all these make sense to them .
-- wiregauze | |
VampirefoPremium,MVM
join:2000-12-11
Huntington, WV
kudos:1 | While using WW,Rather than remove the loopback rule, I just uncheck it, by removing the check mark, it disables the rule, and all works well, If I am not using WW, I recheck the rule. I will spend some time on this problem, This weekend and see if I can come up with a set of rules to work well with WW. | |
 gwionwild colonial boyPremium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
kudos:1 | That's a great thought... cool. Yeah, I was upset when they briefly removed the checkboxes from Tiny. I had become so used to running a pair of rules (before they added the dandy little ZA type "cut me off" function) that could be checked when I left my machine to effectively do just that... but, without checkboxes, they became perfectly useless as "emergency rules," much less for the original purpose. One of the nice features about Tiny... you can have special case rules at your fingertips in the task bar. Great tip.
--
Man will occasionally stumble over the truth, but most times he will pick himself up and carry on. - Sir Winston Churchill | |
| reply to Vampirefo
said by Vampirefo:
While using WW,Rather than remove the loopback rule, I just uncheck it, by removing the check mark, it disables the rule, and all works well, If I am not using WW, I recheck the rule.
That's great, too. As gwion restated several times, that's the power of Tiny -- flexibility.
We all agree it is not that Tiny has an inherent problem. The problem is average users may not know the fact that setting up a proxy means putting a hole in your firewall. Many times, users do not even know they are setting up a proxy. People just download, install, and go.
ZA/ZAP seem to block even local traffics by default, one might say "hey, ZA caught this! Why Tiny can't?!" As more and more users use firewall and some type of filtering tools, accumulation of such incorrect (bad?) reputation is good to no one.
Again, I'm open to any simple solution, such as the one Vampirefo suggested.
But, I'm still hoping to see what Tiny Software wants to say, because the change I suggested is neither confined to a specific third party application, nor difficult to implement (I think). Indeed, all I'm suggesting (well, at least at this point ) is to raise an alert box whenever a new application tries to run regardless of what ruleset says. This will effectively make Tiny work like ZA for this matter, thereby alleviating possible negative reputations or critics. (Of course, good for me, too  )
-- wiregauze | |
gwionwild colonial boyPremium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
kudos:1 | I don't guess that something like that would be too heavy, but could create a stream of popups, be mindful. Just because an app registers an MD5 doesn't mean it's accessing the internet. ALL the MD5 does is ensure that an app isn't replaced by a trojan, or that one with a similar name doesn't slip by through an app specific rule.
One problem Tiny does have, for new users, is that lets the user see so much of the process. Zone Alarm is handling proxies pretty much the same way, but it isn't as obvious what's going on. If ZA doesn't have a default allow for localhost, then, of course, it's prompting on every loopback... as Tiny will if you remove loopback. I don't consider that a big security issue, though, as stated above. Knowing, as we do now, that a proxy is a natural firewall tunnel, though, is vitally important, and you couldn't be more right that new users need to understand how that is, and why it can be bad. Thanks for the ongoing discussion... I learn something everytime I take on a problem like this, and this is no exception... sometimes, I look at Tiny from the viewpoint of someone who's used it for several months, and I forget how it felt looking at a new firewall for the first time... yes, there are a lot of things that a new user has to get comfortable with, before we can say that we fully trust any firewall, and feel articulate working with it. Wish you lots of luck, and safe surfin'... pleasure discussing this with all... good sailing!
--
Man will occasionally stumble over the truth, but most times he will pick himself up and carry on. - Sir Winston Churchill | |
|
