Is my "trusted application" sending unauthorized data?

Discussion in 'other firewalls' started by sec_ure, Nov 14, 2007.

Thread Status:
Not open for further replies.
  1. sec_ure

    sec_ure Registered Member

    Nov 14, 2007

    I am using a program that checks an online database of license keys every time it is used. Presumably, this is to ensure that my copy of the program is licensed and genuine. Of course, this means that my firewall (currently McAfee) must be configured so that the program is granted access to the internet.

    I am somewhat concerned that the program may be using its "trusted application" status in the firewall settings to send data that I create in the program to the software publisher.

    While the program in question is not peer-to-peer and comes from a reputable company, it is nonetheless associated with a highly competitive industry. I would like to explore exactly what data the program is sending without simply taking the company's word for it.

    Is there any software that would enable me to examine exactly what data is being sent by the program? Also, is there a really advanced firewall that would enable me to grant the program internet access only for specific purposes, or send only a limited amount of data?

    I would be most grateful for any information or insights anyone may have on this topic.
  2. Nebulus

    Nebulus Registered Member

    Jan 20, 2007
    European Union
    For the first part, you can use a sniffer (Wireshark, for instance) to capture all network activity, and then analyze just the communication betwheen your IP and the IP(s) to which the program connects. If you are lucky and the communication is not encrypted, you can discover what your program is sending. On the other hand, a really smart (and evil) program could both encrypt communication and create a covert channel to send data, which will make things harder...
    As for a firewall, you can try Netveda SafetyNet 3.81. As far as I know (but I'm not sure about it, you should see for yourself) it has both traffic shaping capabilities and it can record traffic too.
Thread Status:
Not open for further replies.