hey there

maybe a silly question - but what is the reason of the third option - direct connection allowed apart from just now und just in this session??

Which apps would you allow a direct connection

Ruben

Hi Ruben,
To allow direct connection is to allow a program to directly connect to the net (whether only this one time or just for this session or permanently), whereas the other option would be to allow the program to launch programs which then in turn connect directly.
Your browser uses direct connections. If you have an application launcher (e.g. with nice buttons, à la startmenu or with keyboard shortcuts), that will probably need to be allowed to launch programs which then connect (if you launch your browser with such a tool)
In my application list, there are mostly
- buggers that aren't allowed anything at all (iexplore.exe, winamp, media player etc.)
- real client programs which need to connect directly, but which don't ever launch a third program that would connect (like Mailwasher, CuteFTP, Opera) and which are allowed direct connections only,
- filemanagers which launch those application programs but which shouldn't ever need to communicate over the internet, so these are allowed indirect connections only (explorer.exe, TheWonderfulIcon (http://thewonderfulicon.com/)),
- finally, there are only some very few apps which do direct connections but which also occasionally launch third programs (or external modules) that in turn connect to the net. (e.g. TDS-3).

HTHH,
Andreas

Thanks I am getting to the ground on this (:--))

Ruben

-{ Quote: " quoting: Andreas(W) link=board=13;threadid=7843;start=0#51550 date=1047153092] filemanagers which launch those application programs but which shouldn't ever need to communicate over the internet, so these are allowed indirect connections [i]only (explorer.exe)..." }-There are good reasons to allow Explorer to connect, such as if you use its built-in FTP functionality.

And there are reasons why you shouldn’t such like being a real security hole on NT Systems. Not to mention on XP specifically its Privacy issue, whenever accessing “Search \ for Files or Folders” and “Search for Computers”.

If you're that concerned about giving Explorer access, I think you should be using *nix in the first place. But in any event, I don't see a problem with letting Explorer talk to FTP sites.

I’m using Microsoft Windows because it's beneficial to my needs like it is probably for yours, but it doesn’t mean I’m going like and support the idea of Microsoft Privacy Violations. Would be cake-walk if Look ‘n’ Stop had “Rule-base Application Filtering” Feature…

Exactly. Right now, I am struggling with that very issue. With Look 'n' Stop, you have very good, powerful control over what applications can make outbound connections in the first place, but if you do allow a particular application, it's "all or nothing". The best you can do at that point, as best I can tell, is to try to get tricky with your "Internet Filtering" rules, but there is no truly good way to handle it.

I started out trying to create a bunch of port- and protocol-limiting inbound and outbound rules, and associating them with their various applications, but it soon became totally ridiculous. It was an exercise in frustration and futility.

So now, I have a few rules to block the known "bad stuff" (i.e. NetBIOS, RDP, SSDP, etc.), then after that it's pretty much wide open. Maybe I'm missing something, but it seems to me the best one can hope for with LNS 2.0.