Firewall Wizard / Online rule dB

Discussion in 'ESET Smart Security' started by patch, Jan 13, 2008.

Thread Status:
Not open for further replies.
  1. patch

    patch Registered Member

    Joined:
    May 14, 2007
    Posts:
    178
    My understanding of ESS firewall options are
    1) Automatic. Provides less protection than windows firewall as it allows all applications outgoing access.
    2) Interactive & allow all addresses & ports when prompted for each application. Essentially would provide the same protection as the windows firewall.
    3) Interactive and select required protocol & ports for each application. Tighter and more flexible than windows firewall.
    4) Policy-based mode. Silently blocks all unspecified applications & ports. Useful mainly when the user is not responsible for maintaining the firewall (eg. done by a system administrator).

    I prefer option 3 however setting it up is very labour intensive, involving lots of repetition between different computers and different users.

    Proposed solution
    ESET have a database of firewall rules for common user programs. Making this work requires consideration of both how it would be used by the user and who maintains the rules.

    User interface
    The simplest interface is a “Download Rule” button on the firewall alert screens (“incoming / outgoing (trusted) communication”), possibly greyed if there were no rules in the online database. Selecting the link would enable the user to choose a rule sets, published for the current program.

    A batch mode facility could also be added to the “Setup -> personal firewall” screen. Selecting this would scan the computer for applications with entries in the online firewall rule dB, and prompt the user to select the desired rule set for each. Using this facility standard applications could rapidly be configured.

    Database maintenance
    Developing and maintaining this database would probably be too costly for ESET to do on their own. The solution is for ESET to provide the interface, and provide a hierarchy of data suppliers. Rules should be presented based on author and in the following order
    1) ESET
    2) Software manufacturer
    3) ESET reseller / Affiliate
    4) ESET approved user
    5) Other users – preferably with login name and status from this forum

    When a rule author publishes a firewall rule it should be a full set for that application. A text field should be available to describe applicability / restrictions, and any zones or ports which need to be setup by the user.

    The only real problem I can see is excluding poor &/or malicious rule suggestions. This could be addressed by ESET providing rule sets tor the core system programs. I am hoping resellers would provide rules in return for having their name in the author field (a form of advertising), thus ensuring a broad range of good rule suggestions. It may also be necessary to optionally exclude rules from “other user” above, especially for the batch mode scan.
     
    Last edited: Jan 13, 2008
  2. EnGenie

    EnGenie Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    182
    Location:
    Hampshire, England
    Agnitum have had this feature for over a year now in Outpost Firewall and Outpost Security Suite.

    It is called ImproveNet and it works very well.

    These rules are regulary downloaded automatically and are available as a set of preset rules that can be applied to the applications for which they were created and any similar application.
     
  3. patch

    patch Registered Member

    Joined:
    May 14, 2007
    Posts:
    178
    A related problem is dealing with firewall alerts when logged in not as a super user. With the current software you can't save rules, and the software doesn't log the activity, making subsequently fixing the issue more difficult. See https://www.wilderssecurity.com/showthread.php?t=193899

    Hopefully the batch mode would enable 95% of the rule to be set up, minimising this issue.

    In https://www.wilderssecurity.com/showthread.php?t=198174
    I had invisioned
    1) The user manually chooses the rule set for each application, not downloading anything if they didn't like the suggestions
    2) The author of the rule would be visible, so in practice I would choose rules from ESET or a supplier first (listed at the top).
    3) A text field would describe the rule set applicability / restrictions invisioned by the author.

    With this implementation I believe the quality of the rules & firewall protection would be greater than most users would currently achieve. Set up time would also be dramatically reduced.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.