Application Control

Discussion in 'Other Ghost Security Software' started by tonyjl, Sep 22, 2005.

Thread Status:
Not open for further replies.
  1. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Hi Guys 'n' Girls,
    Great Software by the way Jason,keep up the good work!!

    On regards to the firewall,i am very tempted to ditch ZA and replace with jason's,but i'm a bit worried about app control.

    Just how important is app cotrol o_O

    I ask coz with the trojans/viruses/rootkits we have these days,i know a lot of them can quite easily bypass most firewalls,and it just seems as though,in order to protect ourselves from trojans etc. we are forced to control legit appz too much,which in turn causes more trouble/work than good.

    Anyway,just thought i'd get peoples opinion before i jump in.
     
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Nothing Againt Ghostwall but why Don't you give Look'n'Stop a try? I Dumped ZA and Steady as she goes with LNS!! And one more thing NO yearly Fee!!

    You also can trial it for a month!!

    HTH

    Cheers,
     
    Last edited: Sep 22, 2005
  3. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Hi Tony,

    Some people, like myself, prefer other security applications to do "application control" rather than the firewall. The main reason for this is it's a waste of resources to dedicate one application to such a single task, when security applications allow you to do it globally.

    So application control to someone like me isn't important in a firewall. Some people however, cannot live without application control in their firewall and they have valid reasons also for wanting it. If Look n Stop works on your system, it is the firewall I recommend for application control since it impacts the system the least of those type firewalls.
     
  4. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    Jason,

    You've done a great job with this, and I see a bright future for this firewall... so don't sleep on it.

    I'd like to see this firewall progress into a basic firewall that most people can use.

    What I mean is, well, I installed ghostwall and I quickly had to get rid of it. I can't live with the fact that every application on my PC has complete access to the internet. There needs to be some sort of application control/filtering. Even if it is very basic (allow/deny/prompt) that is still better than giving total access to every application.

    I hope you take this advice, i'd really like to use this firewall in the future.
     
  5. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Same here. I tried it and since I am running a router with NAT, the new firewall without some sort of outbound control (maybe just a simple allow/disallow) is of not much value. I am currently running Outpost. Can't complain about the cost, but if it had a few more features such as application control and was very lite on resources would consider it. Just my 2 cents.
     
  6. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    Another suggestion I have is the ability to password protect the program, or even have some sort of hot key that hides/shows the systemtray icon. I don't need my idiot friends/family screwing with my firewall settings ;)

    Also, when you press the "X" button to close the firewall there needs to be some confirmation that asks the user if they are sure they want to shut it down. I pressed "X" a couple of times because of habit and thought it would minimize to the tray... about an hour later I realized it wasn't even loaded :(
     
  7. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Hi Jason,

    What do you use for app control? do you mean 'ProcessGuard'? I use PG (amongst other appz),is that enough?
     
  8. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    now i'm getting confused here.

    you can use processguard to control the execution of an app. but once you allow it to execute, processguard will not stop it from accessing the internet. right? so what does that have to do with anything?

    and even further, ghostwall itself will not stop that app from accessing the internet either... :(

    If you allow say HTTP connections and FTP connection with ghostwall, you are allowing those connection for every single application. So this means that if you get infected with some keylogger, this keylogger can send your password through ftp/http or any other connection you allow because there is no application filtering.

    maybe i am just confused but if so, somebody please clear this up for me.
     
  9. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Well the thing is, you don't want to have trojans,viruses,worms, etc running on your system in the first place. So in my opinion its more valuable having applications which protect you from nasties in general rather than "is it accessing the network" type firewall protection. However I think some limited application control might be beneficial to GhostWall, even if it was only to the extent of "this application can have network access", etc.

    The problem I see with most existing firewall vendors is that after quickly building the actual "firewall" they start spreading their wings into other areas because there is no where else to go with their product, all whilst affecting the speed of the network and system.

    Are you really interested in the AV, AT, FIREWALL, etc all wasting resources only protecting small areas, with large amounts of overlap? It seems there are some people out there who think their computers main job is to run security software. When really, security software should do its job and not be noticed, allowing people to use their computers for productive things.
     
  10. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    You're right about people not wanting trojan/viruses on their PCs in the first place, that's why we have AV, AT etc.. but that still doesn't mean something can't slip through your security right?

    I was just using the keylogger as an example. But there are tons of software that I use that make internet connections for no reason. Wether it be phoning home, checking for updates, or doing some other things that I don't want it to do. For example, my disk defragger thinks its cool to send info back to the company about how my defragmenting is going along... I dont want this application to access the internet. All I want it to do is defragment my hard drive. Again, this is just an example, there are tons of programs which I am sure you know what I am talking about when I say I don't want them accessing the net.

    Anyways, I have downgraded my security in the past month from all sorts of security apps to just the bare minimum. AV, FW and common sense. I don't need all the other crap.

    The reason I like GhostWall is because it seems like it uses amazingly low resources and it does exactly what I need it to do. If you do decide to add in a basic application filtering then I will have to say I am sorry I purchased a 2 year license for outpost ;).
     
  11. planecrazee

    planecrazee Registered Member

    Joined:
    Sep 25, 2005
    Posts:
    13
    Location:
    Cinnaminson, NJ
    I am with all you guys on the app control feature. I think every firewall needs some sort of effective app control in order to be useful. I the app control feature couldbe added the firewall would be so much better and I could ditch ZA but until then I don't trust Ghostwall without app controls. The rule stuff is just a bunch of headaches and it took me forever to get the basics down to even get the firewall to work. It would also make the firewall a bigger success so please add these features that me and the rest of the members have suggested. Thanks
     
  12. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    There are some applications that you may want to run that are perfectly legitimate but you may not want it to have network access, so I think a simple ask/allow filter would suffice, I do agree though that malicious applications should not be able to start to begin with (thats what programs like ProcessGuard and AntiHook are for.) but it'd still be nice to have, sometimes things do slip through no matter how good your security system is, and sometimes you may plain out just want to block an application from internet access (like internet explorer for example.)
     
  13. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Friends, I understand that the first reaction to rulebased firewalls is that it seems confusing and that one can be afraid of not being protected after you have created the rules... And you should be! Because if you by mistake create a rule where you allow every protocoll, or allow all traffic to all ports, inbound or outbound e t c, then you sitting in a "castle of air" (false security is the worst type I´m afraid...) But If you give it a try to learn and cope with SPI firewalls, I can almost guarantee that in most cases it is more secure than application based firewalls. As Jason himself said, that nowdays most of the firewalls have functions that is "redundant" since most of you already have software that are watching for malware. It only overlapps (=>conflicts) and wasting resources from your system. I personally have not tested GhostWall yet, but I have been using Visnetic firewall that also is a rulebased, SPI firewall, and its working perfectly with total controll over what type of traffic is passing threw which port etc. If you want some sort of manual how these type of firewalls works, you can download the pdf manual to Visnetic firewall from deerfield.com, different software but same working principals... :cool:
     
  14. isnogood

    isnogood Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    83
    Location:
    France
    This is certainly not true, as most of commercial application based firewalls include also stateful packet inspection. The question here is just that: do you want to treat net access and application control using separate, specialized programs, or rather prefere "all in one" approach. As for redundancy with other security apps, watching for malware execution and behavour is one thing, watching it's outbound connection while it's already there, is another. There's no redundancy if it's just a basic application filter combined with rule based firewall.
     
  15. ghost16825

    ghost16825 Registered Member

    Joined:
    Feb 1, 2005
    Posts:
    84
    What do you think is going on when you allow an application access in most warm-and-fuzzy super-easy-to-use GUI firewalls? The implicit rule is usually allow outbound TCP/UDP from any port to any port to any address. And with so-called 'server' access the same is allowed inbound, but perhaps with the condition that outbound traffic must have occured within a set time frame previously. Now, can you honestly say that the risk of producing a particularly 'bad' rule is that high, compared to non-explicit-rule-based firewalls?
     
  16. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    I agree with the others here that GhostWall should have basic app control - ie. Allow Once/Allow Always/Deny Once/Deny Always. It would be handy if it could also stop apps from starting other apps which connect to the Internet (much like LnS can do).
     
  17. Sticky

    Sticky Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    1
    Location:
    U.S.A.
    I like the above with the ability to also detect any change in the executable since the last time the allow/deny policy was set (for that particular exec...).
     
  18. azuech

    azuech Guest

    That is a nice refeshing statement. Can I ask what a good minimal lite setup would possibly be Jason if one believed in what you say.

    ie. ghostwall and reg defence . With maybe an online scan etc. I ask this in all seriousness for the average safe surfer . who doesnt stray to many unfamiliar sites etc . a safe surfer .
     
  19. Nihil

    Nihil Guest

    You can use software restriction policy to block/restrict apps in XP Pro instead of using third party app control program.
    You can also use group policy to control apps. There is a setting in group policy which allow you to specify allowed apps or restricted apps. But when specifying allowed apps dont forget to specify group policy (gpedit.msc).
     
  20. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    I tried Ghostwall,and liked it a lot,very light,easy to make rules,nice touch showing the country origin in the log (helps noticing easier persisting IPs) but another vote in favour of an application control,even if a simple one.This would become the worthy heir of Kerio 2 :D
     
  21. TrueAudio

    TrueAudio Guest

    "Default Re: Ghostwall: final word - App. control in future releases or no ?
    Quote:
    Originally Posted by Jason_R0
    need is app control what allows to go in and out. Which surprisingly enough there is Zero product on the market like that at the moment."

    Just wanted to mention that there does exist such a product at the moment: System Safety Monitor 2.0.0 beta 1 it is located at http://syssafety.com/product.html

    I have just installed it, so I can't really say how effective it really is overall. It does appear to really lock things down though. The only problem I see with it right off the bat is that it uses alot more RAM than I would like. It runs 2 processes; 1) SysSafe.exe which was using 6188K of ram (now increased to 8788K of ram after 20 minutes only =/, and also SSMService.exe using about 1240K RAM. The program is free. If there was something like this that used half the ram or less and didn't increase ram use over time, it would be a win.
     
  22. playstation201

    playstation201 Registered Member

    Joined:
    Dec 2, 2005
    Posts:
    3
    This is starting to sound like the app control in syagte..which is exactly what im looking for now that sygate is gone...i hope this gets implemented into this firewall...
     
  23. GSownz

    GSownz Guest

    Hey Jason,

    Are you considering incorporating some sort of APP control into GhostWall?

    I know the newly released AppDefend, handles that department. But what about the people who don't want to use AppDefend?

    I love ghostwall, but I feel naked when using it becuase of this small issue.

    Do you have anything planned at the moment?
     
  24. meargh

    meargh Guest

    My opinion, which of course no one asked for, is this: GhostWall is freeware, and is designed to be an efficient, basic firewall. AppDefend isn't free, but it has a nice, simple, effective means of allowing/disallowing applications from accessing the network (though it does seem to lack "component control").

    So maybe it makes me a selfish twat, but I hope Jason doesn't add app control to GhostWall. I'd much rather see him devote the time to enhancing his for-pay software, even if it means adding a new for-pay "ComponentDefend" portion to GSS.

    I could explain further, but I'm sure no one wants my dissertation on the matter. :eek:
     
  25. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Actually I agree with you.. the firewall itself is more than adequate, the app control is going to take more constant fine-tuning, so better belongs in the paid app that pays the bills, which means is going to have more dedicated attention. Only so many things one programmer can do at a time, so he'll have to prioritize.. I would rather see that priority go towards the app control as needed. I don't think the deal between the two is unfair at all :)
     
Thread Status:
Not open for further replies.