PDA

View Full Version : Is my "trusted application" sending unauthorized data?

sec_ure
November 14th, 2007, 04:34 PM
Hello,

I am using a program that checks an online database of license keys every time it is used. Presumably, this is to ensure that my copy of the program is licensed and genuine. Of course, this means that my firewall (currently McAfee) must be configured so that the program is granted access to the internet.

I am somewhat concerned that the program may be using its "trusted application" status in the firewall settings to send data that I create in the program to the software publisher.

While the program in question is not peer-to-peer and comes from a reputable company, it is nonetheless associated with a highly competitive industry. I would like to explore exactly what data the program is sending without simply taking the company's word for it.

Is there any software that would enable me to examine exactly what data is being sent by the program? Also, is there a really advanced firewall that would enable me to grant the program internet access only for specific purposes, or send only a limited amount of data?

I would be most grateful for any information or insights anyone may have on this topic.
Nebulus
November 15th, 2007, 03:50 AM
-{ Quote: "
Is there any software that would enable me to examine exactly what data is being sent by the program? Also, is there a really advanced firewall that would enable me to grant the program internet access only for specific purposes, or send only a limited amount of data?

I would be most grateful for any information or insights anyone may have on this topic." }-

For the first part, you can use a sniffer (Wireshark, for instance) to capture all network activity, and then analyze just the communication betwheen your IP and the IP(s) to which the program connects. If you are lucky and the communication is not encrypted, you can discover what your program is sending. On the other hand, a really smart (and evil) program could both encrypt communication and create a covert channel to send data, which will make things harder...
As for a firewall, you can try Netveda SafetyNet 3.81. As far as I know (but I'm not sure about it, you should see for yourself) it has both traffic shaping capabilities and it can record traffic too.