Changed apps?

Discussion in 'LnS English Forum' started by JRCATES, Mar 12, 2006.

Thread Status:
Not open for further replies.
  1. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Does Look 'n' Stop have the ability to update component changes (such as the feature that Outpost Pro has) if an application changes due to file updates? With some firewalls, whole new rules have to be recreated for it while the old ones are left behind to create clutter......
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    When an application changes, you just have a popup saying the signature has changed. The rules attached to the application (either directly in the application filtering with Port&IP Selection, or indirectly in the internet filtering are still valid and are not lost).

    Frederic
     
  3. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Thanks for the reply, Frederic...that's what I thought (and hoped for), but just wanted to make sure :D
     
  4. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    As kind of a follow-up to this question......I installed LNS for a trial tonight on my secondary machine.....and after LNS was installed, I ran FF and granted it authority to access the net. Then, I uninstalled that version of Firefox and then downloaded/upgraded to a "newer" version of Firefox.

    Once the newer version was installed, LNS alerted me that the "signature" had changed, and I granted authority for it to access the internet. But now I have TWO seperate entries for Firefox in the Application Filtering tab of LNS. Should I have two seperate entries? And how can I tell which is the latest version that I recently downloaded? And should I remove the "other" FF that is shown in the Application Filtering tab?

    Thanks
     
  5. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Are the entries different in any way?
    Like one entry with the "long" file names (c:\program files\soft4ever\...) and one with the "short" 8.3 file name (c:\progra~1\soft4e~1\...)

    If so, both should be kept. :)
     
  6. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Yeah, they differ that way a little.

    One is:

    C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

    and the other is:

    C:\PROGR~1\MOZILL~1\FIREFOX.EXE

    So you're saying they both should be kept....even though one was created only after installing the newest version?

    Would removing both, and then opening and running Firefox again create just one (vaild) entry? And would that even be advisable?

    Thanks
     
  7. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Both entries are valid; one is the long file name path, the other the short file name path (8.3 naming convention).

    You could remove both and start over, but if something started Firefox again through the short name path, the entry would be recreated. :)
     
  8. daniel952

    daniel952 Registered Member

    Joined:
    Jul 30, 2004
    Posts:
    71
    Also, I have been under the impression that programs starting with the short filename (has ~ in the name) always starts from an admin account, whereas the long filename (full path and filename) usually starts from a limited user account in XP.
    You could block the short filename (admin) where the application attempts to access the internet if you're using only a limited account to go online. This is so that apps cannot get out w/admin while you're online using a limited account. And believe me, attempts are made.
    If an app needs admin while you're using a limited account, you can always adjust permissions is you want.
    I'd love to hear what others have to say about this. This has been my experience, and i'm sure others know more. Never seen this mentioned here.
     
  9. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi,

    Started by, Desktop or Taskbar.

    Started by, Start Menu.


    Take Care,
    TheQuest :cool:
     
  10. daniel952

    daniel952 Registered Member

    Joined:
    Jul 30, 2004
    Posts:
    71
    Thanks for posting that.
    I must say that I start from all the above with a single application filter in LNS while using my Limited User Account. Each opens the browser without a prompt from LNS. Access is granted to the internet (full filename and path).
    When I open the browser (non-internet) using the admin account I get a prompt from LNS immediately asking if I wanted to allow the browser (short filename) to access the internet. This is a bit confusing, but i'm sure you can see what I mean and how I came by my findings. Take a simple test drive and see what you find along your personal setup.
    My goal isn't to prove anyone wrong per se, but to determine whether security can be enhanced by knowing a bit more about this. I may very well be wrong, but I need more evidence that supports the view quoted above:

    Where did you see the display of the filename and path in LNS log? Was it while using the Admin, Limited, or both accounts? When prompted from each account, did you note the long or the short path/filename?
    As you may see, i'm concerned about apps getting undetected internet access from possible admin or weak local/network service, when LNS may provide a means of detecting where each attempt originated (if true). I'd love to hear personal evidence from anyone that has found something solid. Could it be different depending on OS used?
     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    C:\PROGRA~1\INTERN~1\iexplore.exe
    Or
    C:\Program Files\Internet Explorer\iexplore.exe

    They both get called under various conditions, manually or systematically, Look ā€˜nā€™ Stop Application Filtering will detect and add.
     
Thread Status:
Not open for further replies.