ARP protection in MalwareDefender firewall

Discussion in 'other anti-malware software' started by karad, Dec 26, 2009.

Thread Status:
Not open for further replies.
  1. karad

    karad Registered Member

    Joined:
    Sep 10, 2008
    Posts:
    237
    I just downloaded MD 2.5.0 and I'm barely out of learning mode,still trying to understand the beast, but I need help with any Rule I could do to implement ARP protection within my connected computers.

    Up to now I never shared anything and they were quite safe from one another,but now I need to set one computer for file sharing and would like to keep the other two safe from dangers.

    Comodo provides such a protection effortlessly, but I couldnt discern any such chance on MD firewall,which remains a bit cryptic too me.

    A router provides protection from the outside,obviously,but I'd like to set a rule for the pc running MD not to accept anything from within the LAN itself. Might be such a rule is already in place ,but I cant find out.

    Anyone,please?
     
  2. karad

    karad Registered Member

    Joined:
    Sep 10, 2008
    Posts:
    237
    Put in different words,as I dont fear here MIM attacks but my own LAN:
    in order to protect computer A (set NOT to do file sharing) from any collusion with computer B (set to do file sharing) in my LAN
    what can I do in Malware Defender?

    Can I make a Rule denying anything coming from computerB MAC adress?

    Anything I can do in Router (firewall) settings?
     
  3. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    AFAIK, Malware Defender's firewall isn't capable of providing this detail of rule creation; i.e. MAC address rules or ARP rules. I would suggest running a light-weight firewall alongside MD for your firewall needs.
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    thanks for the advise;) do you think comodo will be a good suplement?
     
  5. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    I have a question related to the topic.

    Many times I enable/disable protection in MD (during installations and similar) through keyboard shortcuts.

    If I use a 3rd party firewall I suppose I do have to disable permanently network protection.

    But through the keyboard shortcut it will be re enabled. Can I avoid this?

    @jmonge: it will be a very good supplement, as it runs very light. Have a look @ look n stop also.
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    thanks mike:thumb:
     
  7. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    @jmonge: I've never used Comodo alongside MD, so I can't say.

    @mike21: I don't disable MD's network protection and haven't had any conflicts between it and Jetico PFW. I've also played around with several other firewalls alongside MD in a VM and never had any conflicts. I don't think you'll have any issues leaving MD's network protection enabled.
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    thanks derelict_ny
     
  9. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    Derelict_NY, thanks, I am seriously consider to add a FW, although I am behind zyxel router and I don't know if it is necessary. What do you think?
     
  10. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    I'm also behind a router. I have never logged any unexpected inbound activity with my software firewall, but I'm too paranoid to run without one. For me, it's mostly a matter of being able to understand and control the applications on my computer making outbound requests versus blocking any inbound intrusions.
     
  11. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    I'm also behind a zyxel router and use the Windows Firewall along with MDs network protection.

    It's really difficult to find a 3rd party Firewall, if you don't want to take the turn-off to the hook parade. :p

    With Windows 7 there are only LnS and the Windows Firewall left, all other (Jetico, Online Armor, Outpost, PC Tools, Privatefirewall) come with built-in HIPS and this means a lot things are done twice respectively hooked twice. :doubt:

    But I think it depends on what is behind the router.
    If there are also a few insecure boxes, then there is maybe a need for all this ARP protection and the like.

    Cheers
     
  12. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    Thanks for your reply. I am using XP atm so I have plenty choices. I agree about the hook parade. What do you mean what is behind the router?
     
  13. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    If there is only one Computer connected to the Router, you don't have to worry about ARP-Spoofing, as there are at least two Computers in the same network needed.

    Here are posts by Stem about Windows FW and ARP:
    https://www.wilderssecurity.com/showpost.php?p=1562560&postcount=4
    https://www.wilderssecurity.com/showpost.php?p=1462620&postcount=47

    And a thread about "ARP Spoofed packets"
    https://www.wilderssecurity.com/showthread.php?t=241324

    Cheers
     
  14. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    I see. There are three PCs connected.
     
Loading...
Thread Status:
Not open for further replies.