I'm curious as to what others are using to monitor their systems when it comes to determining if programs are calling home or not. I know firewalls and sniffers have this capability, but I'm wondering if there are other possibilities that are less complicated to analyze and use. Ideal would be a log file over time specifically showing those culprits.
Hello Adric, A firewall's log is about as simple as you can get. When you set a rule to block an application from connecting out, if an attempt is made, you see it in your log. Here, a Picture Information Extractor (PIE) for the EXIF of a digital image attempts to connect out, and is logged: There may be other types of programs that do this--perhaps someone knows! -rich
Tried that, but it doesn't keep a running log over time that I can check later. Hi Rmus, Since I am behind a HW router, I haven't found it necessary to have an additional firewall and wanted to avoid installing one just for this purpose. Which one are you using and is it light enough and simple to use?
@Adric A debateable subject. There are those who say using a HW router and software firewall is a good security combo. Others say there is no need for software firewall if using HW router with firewall capabilities. Still others say using a firewall whether it be Windows built-in or a third-party should be good enough. Can't forget those that say is a firewall even needed at all? I personally wouldn't connect to the Internet without some type of firewall in place. I also would check on your HW router. As mentioned on this forum and elsewhere the subject of backdoors in routers and also routers being hacked.
A hardware and software firewall combo is essential, but which is more important is debatable. I use TinyWall, which is a Windows Firewall supplement that can block everything (in/out) except those that I explicitly allow. Then it comes down to the system hosts file or a program such as PeerBlock for even finer-grain control (though I haven't needed those yet). With that aside, I don't have any recommendations for connection logging, I've only ever had use for a realtime TCP monitor so I can figure out which ports to unblock in the hardware firewall.
Hello Adric, In that case, one of the other tools mentioned might be a better solution for you. I use the old Kerio 2.1.5. It is light (memory usage shows less than 6K) and very simple to use. You have to learn about rule sets first. Then, it is easy. But if you use an OS later than WinXP it won't work, in which case, if you decide on a firewall for your solution, you will have to go to the firewall forum to learn about the options available. regards, -rich
Kerio free?...nice app that I'm still using on my XP @Adric Process monitors like AnVir Task Manager, Process Hacker, System Explorer have feature to show active connections...or you can also use the tool called CrowdInspect http://www.crowdstrike.com/blog/free-community-tool-crowdinspect/ http://www.thewindowsclub.com/crowdinspect-review-free-download
Thanks Ichito. CrowdInspect seems to fit my needs. I like the history option and the information displayed. I see some rather strange DNS names for the System Idle Process showing up between entries. It's interesting to see just the amount of servers that get visited during a session.
CrowdInspect looks like a nice piece of software, but its privacy policy is troubling (see section 4 and 4.2 of the EULA, yikes). You might also try TCPMonitor which does have a logging feature: http://www.itsamples.com/tcp-monitor.html
Decided to use Currports which does logging and allows you to filter out connections that you consider to be okay.
There's quite a few utilities that can monitor and log outbound traffic, but the only thing that can intercept and either allow or block it in real time on a per-application basis is a software firewall. On XP, Kerio is one of the best pure firewalls available.