Is PeerGuardian working as an external or internal firewall?

Friends of ours spent the weekend with us and he put me on to Peerguardian. I am not a P2P user, other than Skype, but he said to install it and watch. Within minutes, it had blocked Time Warner and the BBC, as well as many others.

I thought it was blocking "in front" of my computer (like, as is my understanding, ZoneAlarm), and that PeerGuardian was just "jumping in front" of ZA to block probes that ZA would block if PG wre not there.

But he said that TW, BBC and the others were already "inside" my computer and were poking around to look for certain things.

Now my knowledge of networks is very limited, but is it possible that he is correct with the implication that any of them once inside could execute any command that I can (like most folks I run as administrator in my XP computer)?

 

If you bought a pre-loaded off of the shelf PC then it is a little hard telling what is in there. Or, depending on your ISP, if you installed the (unneeded) disk they provide with the service then it is possible. Just what they are doing is questionable. If they are inbound I would say it is probably quit normal. If it is outbound then I would be curious myself.

 

PeerGuardian is very very very paranoid. It blocked even my ISP's e-mail server .

 

"Outbound" is the case of the horses having bolted the barn, no?

PG is now blocking lots of inbound traffic. Is it true that without PG all of this traffic could have come in?

If so, and if I am running as Administrator (on my XP Home computer), could any of them have run or installed programs?

 

PG2 is a list based ip blocker it will block whatever is on the list(s) you are using. If it blocks your email server just right click and select always allow.

 

PeerGuardian only hides your ip when using P2P programs and as for what your friend said, that means TW and the BCC is invading your privacy which is illegal so they aren't poking around your computer, PG will hide your ip so you don't get caught doing any illegal downloads

 

PG doesnt hide your IP (maybe youre thinking of anonymizing software?); it blocks connections based on IP blocklists.

 

I'm still a bit 'fused. Assuming that PG is blocking certain IP addys, what is it blocking the IP addys from? My friend had said that with respect to certain parties interested in what people download from P2P, that they look for "illegally downloaded" files.

If this is so, then these parties must be "inside" the computer that they are interrogating and doing a folder and file view (or the equivalent of). If not, how do these interested parties know what is on one's computer?

Just knowing that someone is using a P2P does not mean that they are downloading illegally. There are public domain songs and books in digital form that one can download quite legally, so what good does it do these parties to are linked to a P2P site, unless of course they can have a peek around one's computer?

 

Its blocks the IPs from connecting to your computer or vice versa.

 

And if there is no PG, and some party "connects" to my computer, which I run as administrator, can they run any program that I can?

 

no government or official parties can't freely connect to your party due to invasion of privacy, if they get the rights to connect to anyone using P2P's etc they can, and I'm not sure if they could run any programs if they do connect to you

 

The worst thing they could do is record your IP address if you request or provide some file from / to them with your P2P program. They cannot do anything to your computer unless your OS is very outdated, you allow them to access to some windows services such as Netbios or DCOM (any firewall, even the windows firewall, will prevent that) and they attempt to hack your computer (very unlikely if their CEOs don't want to go to jail)

 

If you participate in filesharing there is really no good way to hide your ip address, but using peerguardian can prevent sharing with potentially dangerous peers.

 

i think a lot of people has forgot or do not know that the gov/fbi and it's branches has made spyweare to infect computers with keyloggers and e-mail snooping worms. and that norton i think it was back 2001-2002 admitted that they would not include the detection signature. McAfee Corp. contacted the FBI to ensure its software wouldn't inadvertently detect the bureau's snooping software. and has other security company's also made the same deal?? granted this was a long time ago but I'm sure they have made many gov spyware. just google for white lantern or gov spyweare and it's more alive to day than in 2001-2002 we have a bunch of new gov branches before and after 911. I would not be so fast on saying they can not snoop if your AV/AS does not detect it how can they be seen.. is PG the answer idk but it sure can not hurt having it. ok removing foil hat now......

 

The amount of misinformation spewing forth in this thread is quite amazing. If you don't know, don't answer. Sorry to be rude but the person is seeking information, not BS.

As some people have correctly said, PG loads blocklists of IPs and then prevents your computer from connection to those IPs and also blocks those computers from creating a connection to your PC.

Why am I seeing blocks of Time Warner etc?
1) If all P2P software is off, and you are browsing the Internet, PG (by default) blocks port 80. Perhaps you have browsed to a site with an ad being served from Time Warner etc... Turn off "BLOCK HTTP" in PG and see if the problem continues.
2) If the blocks occur whilst using P2P software and not browsing, then it is simply PG doing it's job of refusing to connect to the IPs in it's blocklist, nothing to worry about.

What would happen if you didn't use PG and these connections were allowed?
1) You would see the web ads/sites being blocked by PG (no big deal)
2) You would make more connections in your P2P software, possibly more connections to fake content distributors/the authorities

Can Time Warner (or anyone) run any program I can/see/interact with my files?
Not in the way you're thinking. All programs need to create connections. When you browse the Internet, your browser is making a connection between your PC and the web server. Same thing with P2P software, you must connect your PC to someone else's to share content. However, each connection is very restricted in what it can do. To keep it simple, NO, when you see connections between your PC and another by P2P software the other party can't interact with your PC in any way, except for what the P2P software is allowing (ie file sharing).

However, if you have a Trojan Horse or other malware installed on your PC and this makes a connection to an outside PC, then that trojan is obviously going to let the connection do things other than what you want. It can let people see your files/delete them etc... If you're worried about people being able to see your files/"hack" your computer run a good virus scanner etc (read around).

How then do people know what files I'm sharing if they can't see my files?
OK, I won't speak too much on this because I'm not 100% sure but basically, most file sharing works like this:
1) Your PC connects to a server.
2) This server tells your PC who is sharing the file you are trying to download/who wants the file you're uploading.
3) The server also records your PC's IP so it can tell other people that you are sharing certain files.
4) Your PC connects to other PCs, based on what the server told you/Other PCs connect to your PC.

So the points where people can know what files you're sharing are:
1) The server
2) The other PCs that connect to you (based on the server saying what files you're sharing)

PG blocks any IPs in it's blocklist, which (theory goes) include:
1) Fake servers that only distribute fake content.
2) Servers that record your IP and tell authorities/are run by authorities.
3) Individual PCs that do the file sharing with your PC that are fake content distributors/the authorities.

I hope that essay clears up some of your questions, it was getting annoying reading all the wrong answers/you not understanding because of it.

Let me know if I'm wrong, or you have any other questions.

 

Stephen, that was very clear and very informative. Thanks and to all who have put their comments forwards.

 

Hello,
You boot from a live CD and then you detect the "secret" little thingies and all your conspirary theories go to the trash bin. In other words, all your base are belong to bash.
Mrk

 

PG2 is ok I guess but only flaw I see is that it won't stop an IP Address that keeps trying to connect using many ports. I checked the history log where for example I try to block a certain IP address 63.245.209.21 (static-fxfeeds.nslb.sj.mozilla.com) and it does so but then it lets the same IP address through simply cause it was able to find a higher available port.....
Top IP is just used as an example, I'm pretty sure others will get the same results.

 

Hello,
That would not really work, because most applications listen on a single post. Plus, it depends on your firewall rules. Plus, are you talking p2p or web...?
Mrk

 

PG 2 is NOT a FW of any type.

The www uses packets of data in and out to your PC. Some www places I don't want to receive or send to. They have addresses called ip's. PG 2 has lists of addresses called blocking lists you can use and they will be blocked both for input and output packets.

PG 2 I use along side my FW and you can as well.

They don't conflict nor do their functions overlap or duplicate each other.

BBC and TW aren't inside your PC, BUT they can try to send you packets and some of your SW may try to send them packets without your permission.

Only software code inside your PC can try to send or receive www traffic so you or your friends should use the FW to prevent the applications you don't want to communicate with the www from doing so.