Does Look 'n' Stop have the ability to update component changes (such as the feature that Outpost Pro has) if an application changes due to file updates? With some firewalls, whole new rules have to be recreated for it while the old ones are left behind to create clutter......
When an application changes, you just have a popup saying the signature has changed. The rules attached to the application (either directly in the application filtering with Port&IP Selection, or indirectly in the internet filtering are still valid and are not lost). Frederic
As kind of a follow-up to this question......I installed LNS for a trial tonight on my secondary machine.....and after LNS was installed, I ran FF and granted it authority to access the net. Then, I uninstalled that version of Firefox and then downloaded/upgraded to a "newer" version of Firefox. Once the newer version was installed, LNS alerted me that the "signature" had changed, and I granted authority for it to access the internet. But now I have TWO seperate entries for Firefox in the Application Filtering tab of LNS. Should I have two seperate entries? And how can I tell which is the latest version that I recently downloaded? And should I remove the "other" FF that is shown in the Application Filtering tab? Thanks
Are the entries different in any way? Like one entry with the "long" file names (c:\program files\soft4ever\...) and one with the "short" 8.3 file name (c:\progra~1\soft4e~1\...) If so, both should be kept.
Yeah, they differ that way a little. One is: C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE and the other is: C:\PROGR~1\MOZILL~1\FIREFOX.EXE So you're saying they both should be kept....even though one was created only after installing the newest version? Would removing both, and then opening and running Firefox again create just one (vaild) entry? And would that even be advisable? Thanks
Both entries are valid; one is the long file name path, the other the short file name path (8.3 naming convention). You could remove both and start over, but if something started Firefox again through the short name path, the entry would be recreated.
Also, I have been under the impression that programs starting with the short filename (has ~ in the name) always starts from an admin account, whereas the long filename (full path and filename) usually starts from a limited user account in XP. You could block the short filename (admin) where the application attempts to access the internet if you're using only a limited account to go online. This is so that apps cannot get out w/admin while you're online using a limited account. And believe me, attempts are made. If an app needs admin while you're using a limited account, you can always adjust permissions is you want. I'd love to hear what others have to say about this. This has been my experience, and i'm sure others know more. Never seen this mentioned here.
Thanks for posting that. I must say that I start from all the above with a single application filter in LNS while using my Limited User Account. Each opens the browser without a prompt from LNS. Access is granted to the internet (full filename and path). When I open the browser (non-internet) using the admin account I get a prompt from LNS immediately asking if I wanted to allow the browser (short filename) to access the internet. This is a bit confusing, but i'm sure you can see what I mean and how I came by my findings. Take a simple test drive and see what you find along your personal setup. My goal isn't to prove anyone wrong per se, but to determine whether security can be enhanced by knowing a bit more about this. I may very well be wrong, but I need more evidence that supports the view quoted above: Where did you see the display of the filename and path in LNS log? Was it while using the Admin, Limited, or both accounts? When prompted from each account, did you note the long or the short path/filename? As you may see, i'm concerned about apps getting undetected internet access from possible admin or weak local/network service, when LNS may provide a means of detecting where each attempt originated (if true). I'd love to hear personal evidence from anyone that has found something solid. Could it be different depending on OS used?
C:\PROGRA~1\INTERN~1\iexplore.exe Or C:\Program Files\Internet Explorer\iexplore.exe They both get called under various conditions, manually or systematically, Look ānā Stop Application Filtering will detect and add.
