ARP protection in MalwareDefender firewall

Discussion in 'other anti-malware software' started by karad, Dec 26, 2009.

Thread Status:
Not open for further replies.
  1. karad

    karad Registered Member

    Joined:
    Sep 10, 2008
    Posts:
    245
    I just downloaded MD 2.5.0 and I'm barely out of learning mode,still trying to understand the beast, but I need help with any Rule I could do to implement ARP protection within my connected computers.

    Up to now I never shared anything and they were quite safe from one another,but now I need to set one computer for file sharing and would like to keep the other two safe from dangers.

    Comodo provides such a protection effortlessly, but I couldnt discern any such chance on MD firewall,which remains a bit cryptic too me.

    A router provides protection from the outside,obviously,but I'd like to set a rule for the pc running MD not to accept anything from within the LAN itself. Might be such a rule is already in place ,but I cant find out.

    Anyone,please?
     
  2. karad

    karad Registered Member

    Joined:
    Sep 10, 2008
    Posts:
    245
    Put in different words,as I dont fear here MIM attacks but my own LAN:
    in order to protect computer A (set NOT to do file sharing) from any collusion with computer B (set to do file sharing) in my LAN
    what can I do in Malware Defender?

    Can I make a Rule denying anything coming from computerB MAC adress?

    Anything I can do in Router (firewall) settings?
     
  3. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,051
    Location:
    United Surveillance States
    AFAIK, Malware Defender's firewall isn't capable of providing this detail of rule creation; i.e. MAC address rules or ARP rules. I would suggest running a light-weight firewall alongside MD for your firewall needs.
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,890
    Location:
    Canada
    thanks for the advise;) do you think comodo will be a good suplement?
     
  5. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    I have a question related to the topic.

    Many times I enable/disable protection in MD (during installations and similar) through keyboard shortcuts.

    If I use a 3rd party firewall I suppose I do have to disable permanently network protection.

    But through the keyboard shortcut it will be re enabled. Can I avoid this?

    @jmonge: it will be a very good supplement, as it runs very light. Have a look @ look n stop also.
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,890
    Location:
    Canada
    thanks mike:thumb:
     
  7. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,051
    Location:
    United Surveillance States
    @jmonge: I've never used Comodo alongside MD, so I can't say.

    @mike21: I don't disable MD's network protection and haven't had any conflicts between it and Jetico PFW. I've also played around with several other firewalls alongside MD in a VM and never had any conflicts. I don't think you'll have any issues leaving MD's network protection enabled.
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,890
    Location:
    Canada
    thanks derelict_ny
     
  9. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    Derelict_NY, thanks, I am seriously consider to add a FW, although I am behind zyxel router and I don't know if it is necessary. What do you think?
     
  10. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,051
    Location:
    United Surveillance States
    I'm also behind a router. I have never logged any unexpected inbound activity with my software firewall, but I'm too paranoid to run without one. For me, it's mostly a matter of being able to understand and control the applications on my computer making outbound requests versus blocking any inbound intrusions.
     
  11. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    I'm also behind a zyxel router and use the Windows Firewall along with MDs network protection.

    It's really difficult to find a 3rd party Firewall, if you don't want to take the turn-off to the hook parade. :p

    With Windows 7 there are only LnS and the Windows Firewall left, all other (Jetico, Online Armor, Outpost, PC Tools, Privatefirewall) come with built-in HIPS and this means a lot things are done twice respectively hooked twice. :doubt:

    But I think it depends on what is behind the router.
    If there are also a few insecure boxes, then there is maybe a need for all this ARP protection and the like.

    Cheers
     
  12. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    Thanks for your reply. I am using XP atm so I have plenty choices. I agree about the hook parade. What do you mean what is behind the router?
     
  13. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    If there is only one Computer connected to the Router, you don't have to worry about ARP-Spoofing, as there are at least two Computers in the same network needed.

    Here are posts by Stem about Windows FW and ARP:
    https://www.wilderssecurity.com/showpost.php?p=1562560&postcount=4
    https://www.wilderssecurity.com/showpost.php?p=1462620&postcount=47

    And a thread about "ARP Spoofed packets"
    https://www.wilderssecurity.com/showthread.php?t=241324

    Cheers
     
  14. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    I see. There are three PCs connected.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.