Application filter

Discussion in 'other firewalls' started by risl, Oct 18, 2009.

Thread Status:
Not open for further replies.
  1. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    Hello,

    Is there any dedicated application network access filtering programs? I would like to complete winxp firewall with this type of program because I think the inbound filtering of XP firewall good enough, light and trouble free.

    What I don't like in full software firewalls is the resource usage, extra processes, drivers and hooks they install. I only need some simple minimalistic program that would detect outbound connections.

    Preferrably no suggestions like "install firewall x but disable packet filtering/all rules" or "install hips y but disable every other feature except network control"

    Thank you
     
  2. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
    Yes your right! OS firewall has HIPs (SRP) = Software Restriction Protection which is under Group Policy and Local Security Policy. There is a method to tighten the OS so Malware doesn't have a chance to get in. By default the OS lets anything install as it's unrestricted it should be disallowed by anyone other than the Administrator account or anyone who made Admin on the system. If you run Server most of this stuff is set to the default letting anything run. DEP should be set to the second option not the first check box.

    As with the OS Firewall Remote Assistant should be removed or uncheck. Remote Desktop should be only pointing to your local LAN systems not the internet. I would add all your applications that run on the system to that list.

    Today most corp clients run the default OS Firewall but now a lot of them have switched to Symantec Endpoint Protection (Firewall, Virus, Anti-Spyware) That great for the local domain system. Running it at home is okay but the firewall it too weak it lets you to connect to servers that you shouldn't be connecting too. Though you could tight that up though. I find it okay to use. Very fast though for In/out bound traffic. It could be use with OS firewall but I don't recommend doing that because then you have some issues connecting to shares.

    So if you want to run the OS Firewall then the system would run much faster then all you need to do is use Microsoft new security too for Virus and Spyware. Then you'll all set.
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
  4. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    I believe this program doesn't ask when an application is about to connect out. The ideal solution would be look 'n stop without internet filtering but there probably is no such programs.
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    edit:

    I see that it cannot now be obtained from the vendor. They only have vista/win 7 firewall control.


    - Stem
     
    Last edited: Oct 19, 2009
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    After having a search I came across OnIt personal firewall Very basic, no application port/IP rules, just allow Internet access or not. No installed hooks or HIPs.

    I made a quick install to see:

    Popups for applications access:-

    01.png

    Applications added to a simple list:-

    02.png

    The "Advanced rules" are simply:-
    1:- A list of IPs that can be trusted/blocked
    2:- Some port rules to alert for use (can be disabled)
    3:- Some options
    4:- Then just some info for various ports.

    click on image for full view

    03.png

    I have not had time to test for any problems, but it is running OK up to now on XP pro sp3.

    - Stem
     
  7. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    Thanks, I'll try it.
     
  8. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I have recently went back to Outpost Pro v2.0. I have been using WFW (XP) but it is most often disabled. I have Soft Perfect installed, but rarely use that either. I have used IPSec rules, but again, most of the time disable them.

    Ends up, what I really want, which is sort of what you are looking for, really does not exist. It is pretty much going to be a firewall or hips of some kind.

    My usage for a firewall is really just to provide information when I want it, not all the time protection or anything. I use the older outposts because they are not trying to do everything under the sun, so somewhat simplistic. But the feature I like the best is the ability to make your own preset rules by modifying the file preset.lst. Mine currently consists of 3 rules. One is specialized for SVCHOST.EXE, the other two are simply allow and deny. This way, I can start OP up when I want, it can remember my answers already for previous appilcations, but when a new one starts I now have great information on what is going on. Then I can shut it down an go about life.

    Maybe not an answer for you, but some food for thought perhaps.

    Sul.
     
Thread Status:
Not open for further replies.