Firewalls and BHO's

Discussion in 'other firewalls' started by Muscle, Aug 11, 2006.

Thread Status:
Not open for further replies.
  1. Muscle

    Muscle Registered Member

    Joined:
    Aug 11, 2006
    Posts:
    15
    Correct me if I'm wrong: Once a BHO is loaded/enabled in IE, the BHO can do whatever it wants, including making outbound connections.

    When IE is added to Jetico's trusted list, BHO loaded by IE are also trusted. Jetico does not give a warning when Apple quicktime BHO is downloading a trailer from http://www.apple.com/trailers/ .

    Are there any firewalls that filter/monitor BHO outbound connections?
     
    Last edited: Aug 11, 2006
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Welcome to Wilders forum,

    As a BHO is a plugin/extension to your browser, some firewalls will warn you of the change to the browser when these are installed, but to monitor the actions of the BHO once installed,.. no,.. I have not come across a firewall capable of this due to the fact the BHO becomes part of the browser.

    There are programs that can tell you which/what BHO are installed: one such program (which can easily disable/enable these if/when needed:- http://www.definitivesolutions.com/bhodemon.htm
    Maybe this will/not help. Please let us know your finding/opinion.
     
  3. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    Hello Stem and Muscle,

    If running IE6, click on IE's Tools > Manage Add-ons.

    BHO's are listed and can be disabled/re enabled. Same holds true of ActiveX objects.

    Regards - Charles
     
  4. Muscle

    Muscle Registered Member

    Joined:
    Aug 11, 2006
    Posts:
    15
    Hi, thank your for your replies.

    I have just tried BHODemon. It gives a warning when a new BHO is installed, but (if correct) it can not stop the installation of it. BHODemon also does not show ActiveX Controls, like QuickTime, which is (if correct) able to download .mov files by itself when loaded by IE.

    Some info about BHODemon:
    Even if a BHO can be disabled, it can do harm before it is disabled, so I'm looking for other better solutions.

    I just found that ZoneAlarm is able to monitor "components" of programs. This includes some or maybe all BHO loaded in IE. But unfortunately this feature isn't very userfriendly when using IE, because of the large amount of DLL's used by IE. So it will give a large amount of messages/warnings.

    Another program is AntiHook. It's features:
    This program is able to monitor and halt the execution of BHO's :)
    It will give messages like:
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    So are you now looking for a program/firewall to block the installation of the BHO?
     
  6. Muscle

    Muscle Registered Member

    Joined:
    Aug 11, 2006
    Posts:
    15
    What is mean with "Even if a BHO can be disabled (later), it can do harm before it is disabled, so I'm looking for other better solutions." is:
    If some malicious program wishes to send outbound data, and a personal firewall is installed, it can not directly access to outside because the firewall will notice it. But it can send outbound data by installing a BHO of itself and then executing IE. If you then afterwards disable the BHO, it is already to late, because the BHO has already send the outbound data.

    What I'm looking for is a personal firewall that can filter/stop/monitor BHO network connections. If this solution isn't available on the market, then I'll look for a solution that is able to stop the execution of a BHO. But since we don't know if a good personal firewall solution exist, I'm still looking for it.
     
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    As I mentioned, I do not know of any way a firewall can detect such activity, due to the way the BHO becomes part of the browser.
    http://www.pcflank.com/art36.htm
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    WinPatrol free or WinPatrol PLUS will alert you to the installation of BHOs and many other things, and enable you to disable or remove them http://www.winpatrol.com/

    You could also configure your browser not to allow BHO etc installs. In internet explorer go to tools - internet options - advanced and uncheck the third party browser extensions

    Spywareblaster will block many ActiveX componets from installing
     
Loading...
Thread Status:
Not open for further replies.