Printable View
i have RAS PPPoE mini-port/call-manager driver and i am pretty sure this is ok to allow to bypass my firewall. i also have generic process for win32 service asking for permission. i know this is normally involving dns services, but cant it also be a virus or trojan sometimes? anyways should i allow these 2 things access?
Start with not letting them through and see what breaks. :) If you don't notice any problems, leave them blocked.
For what it's worth, Windows Firewall in XP SP2 won't prompt you about allowing services to access the Internet -- it'll just deny them unless you've manually created an exception for them. That default denial hasn't been causing problems for people.
Tuttle: I'm confused... I thought WIndows Firewall (or ICF before SP2) was inbound protection only? That if one wants/needs outbound protection, they must use something else?
You're right; I was referring to inbound traffic. By 'access' I meant opening a port for incoming connections. Probably not the best choice of words. :)
The first one sounds fine - the second, not so much.
I have to disagree with this - the second one is generic enough I'd recommend not letting it through and see what breaks, ie., can you not connect to the internet with the program that you want to use.Quote:
Originally posted by Tuttle
Start with not letting them through and see what breaks. :) If you don't notice any problems, leave them blocked.
If someone hacks you, or a listener proggie is sending information you'd rather not, you don't usually know about it.
:)
Have a read here: http://www.bugnet.com/analysis/0201/sfxpfbi1.html
My Zone Alarm picked it up from the beginning. After some research,I decided it was redundant. I let it stay for 'access',but not 'server' and nothing bad has happened for over a year now...
That's exactly what I said. ;)Quote:
Originally posted by VerLux
I have to disagree with this - the second one is generic enough I'd recommend not letting it through and see what breaks
Quote:
Originally posted by Tuttle
Start with not letting them through and see what breaks.
sorry i shoudl have said i am using sygate firewall, not windows built in one. i will test them out and see what happens
MaFia JaK: In your signature, I noticed that you list the Proxomitron (great program!) And you are also using Sygate (me too.)
Are you using them together? If so, I wondered if you are aware that Sygate does not support outbound protection for local proxies. IOW, any program that uses the Proxomitron is not being checked &/or filtered. So if something bad uses IE or Firefox as a shell to get out to the web, Sygate won't see it because the browsers are running through the proxy. Sygate has been aware of this for quite a while. But still no fix.
I still use the Proxo on my Win 98SE PC but I use free ZA for it. For my XP "Sygated" machine, I use Firefox's Adblock. It won't block the browser referer like the Proxo will but it is a very effective ad blocker.
Anyway, just wonderin'...
i did not know that, but if i have proxomitron configured correctly, wont it stop either IE or mozilla from giving out information?
MaFia JaK: Well, I'm no authority but the Proxo is essentially an inbound filter, yes? It does prevent the browser referer from being sent out but beyond that, I'd have to be honest and say that I don't know what else it could block from leaving a PC.
I'm on my XP PC now and I don't use the Proxo on it. As an experiment to see how this comes together, go into the Applications on Sygate and deny either IE or Firefox. Then, while running them through the Proxo, see if they can connect. Seems like I tried this once and my browser went out as if nothing was in the way at all. Not a peep from Sygate...
Here is a very candid thread from Sygate's forum about the proxy issue. I would think Sygate will get things going on it soon. They have to know that users want it...
couldnt something do that with any program u choose "Allow" with. i have changed all programs to ask, so i know if it is me causing the prompt.
couldnt u just set ie, mozilla, and proxo to "Ask" that way anytime it is trying to connect it asks. if u are trying to surf u know it is u causing the prompt, but if u are not trying to use a browser and it asks, u know something else is trying to connect?
also random question and im not gonna start a new thread for it. im pretty sure it is ok but is it? for 2 rundll32.exe's to be running in processes?
I think the issue is that if something tries to use the proxy while you are already online. IOW, you have already approved the Proxomitron to go out. Then the "bad" app could piggyback out and a user would never know.Quote:
couldnt u just set ie, mozilla, and proxo to "Ask" that way anytime it is trying to connect it asks. if u are trying to surf u know it is u causing the prompt, but if u are not trying to use a browser and it asks, u know something else is trying to connect?
Truthfully, it may not be a big risk. I can't remember reading about any virus-caused real life cases. But it is a risk and is something to be aware of.
As I mentioned above, in my case, since I use FF nearly 100% of the time, I ended up using the Adblock extension in lieu of Proxo and been fine with it. And as much as I like the idea of Proxo's browser referer blocker to help with my privacy, there were websites that I had to temporarily bypass it for (Hotmail for one.) So I guess I traded a bit of privacy for more security...
Are we talking about processes showing in Sygate? I haven't done a detailed study of how things showup in the list but I do know each session of a program running is tracked. It also appears that if different ports are being used by the same app, Sygate lists each app's current status. But whether or not 2 true sessions of rundll.32 are right or not, I'm not sure...Quote:
for 2 rundll32.exe's to be running in processes?
yes i installed adblock i like it, but as u said proxo blocked browser referrers as well as cookies, java, and many other unneeded things in webpages. but i too did find myself having to bypass it often when logging into sites especially.
as for the rundll32.exe, im sorry i should have specified since we have been talking about sygate. i meant when u ctrl+alt+del and go to the processes tab.
That's not an issue. Proxomitron is Proxomitron, and when you allow it you allow it. :)Quote:
Originally posted by HAN
I think the issue is that if something tries to use the proxy while you are already online. IOW, you have already approved the Proxomitron to go out. Then the "bad" app could piggyback out and a user would never know.
The issue, if it exists (I haven't looked into it too much) would be if Sygate can't control which applications connect to Proxomitron. When you use your browser in that environment you have two network connections -- one from your browser to Proxomitron on the local host, and one from Proxomitron out to the Internet host. It's impossible for a firewall to tell which app generated the Proxomitron-Internet connection, but a firewall app should allow you to control which of your apps are allowed to connect to Proxomitron.
If Sygate can't control those loopback connections between apps on your PC, that's an issue.