Global allow of localhost loopback or not?

Discussion in 'other firewalls' started by nmaynan, Mar 6, 2008.

Thread Status:
Not open for further replies.
  1. nmaynan

    nmaynan Registered Member

    Joined:
    Mar 2, 2008
    Posts:
    98
    I was hoping to generate a discussion (or be directed to a good depository of knowledge) on the issue of whether to intercept localhost loopback connections. the options being to have a global rule to allow loopbacks or to individually allow access via the rules.

    My main interest is how much more vulnerable is a system that has a global allow policy? I prefer a real world analysis as opposed to theoretical attack possibilities.

    Even further, I'm specifically interested in the vulnerability to personal data being transmitted out to the internet via a localhost loopback global rule (e.g., a Word file with personal information in it). Is this even an issue with the localhost (is it possible?) Does enabling a global loopback policy only make you more vulnerable to hijack but not personal data leaks?
     
  2. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Some firewalls by default allow localhost loopback by default. Not allowing it by default gives you a shot at detecting programs asking for network access before they ask for internet access.

    However, my view is towards keeping malware off in the first place, not hoping to find it post infection when nothing on the machine can be trusted anyway.
     
  3. nmaynan

    nmaynan Registered Member

    Joined:
    Mar 2, 2008
    Posts:
    98
    I agree with you about keeping malware off in the first place.

    However, I use Outbound protection for privacy. Too many programs (not to mention Operating Systems) "phone home" and try to access the internet for god knows what. With Windows Media Player for example, if I simply play an offline music file, the media player establishes all kinds of internet connections. this makes me worry that my habits and/or personal info is being transmitted to some server somewhere. So in this context Outbound protection seems of real value to me. It's strictly a privacy protection as opposed to a malware protection. IMO, this is really the only thing Outbound protection does for me.

    My original post was made from this context. How much does a global allow of loopback compromise my privacy in scenarios as described above.
     
  4. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    If you run a proxy on your computer, and you globally allow loopback traffic (and you also allow proxy to connect to the internet, otherwise the proxy would be kind of pointless) then any application running on your computer could connect to the proxy server without any restrictions.
     
  5. nmaynan

    nmaynan Registered Member

    Joined:
    Mar 2, 2008
    Posts:
    98
    Could you describe a proxy situation where this is likely?

    I run Avast free anti-virus. What about Firefox, this needs loopback access. Could these applications be used in the manner you describe? For example, could Windows Media Player conceivable connect to the internet via Firefox thereby bypassing firewall restrictions set in place for Windows Media Player? is this a possible occurrence but not a probable occurrence absent the presence of malware on your system?

    thx for the info, man.
     
    Last edited: Mar 7, 2008
Loading...
Thread Status:
Not open for further replies.