Hints on using Online Armor FW-a Learning Thread 4

Discussion in 'other firewalls' started by Escalader, Oct 26, 2007.

Thread Status:
Not open for further replies.
  1. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    Re: 2 OA Restricted Ports List Questions

    Hi Escalader,

    You are now set up to receive max popups for internet access, I assume. This should mean that you would get popups for windows processes, but this seems not to be the case? I fear that these processes have been allowed already at some stage.

    So my question remains: how to find these and block them? I suppose they don't show up in the rules list?

    Is it too early to show the rules list?

    Cheers.
     
  2. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: 2 OA Restricted Ports List Questions

    Hi Lund!

    Nope! Never to early, I will attach here 2 jpg's for the thread re my set up.

    The first is the FW general options I log all, disable all and get very few pop ups. Well I do get PC Tools spam monitor every time I update it but that's about it.

    The second is my set of OA 2's generated rules. I have not done much tweaking of them yet due to some basic questions I have posted here and over at OA.

    This is not the whole list of rules, I snapped the page where svschost shows up.

    I just discovered by messing about that user can sort these rules on any column heading program, port, direction. Here in red is my assumption about what OA 2 FW is doing:

    I suspect (different than knowing) that this is an edit table for the real rules. I don't know what services you are looking for it would be better with 1 or 2 specifics.

    A rule tweaker may want to move the real rules up and down in the list, disable a rule as opposed to just deleting it outright.

    In OA 2, it seems the designer controls the primal rules, just allowing editing of the rules one by one and "masks" the basic/working rules. The restricted port list and the ICMP list are OA 2 current way for a tweaker to work on windows rules. I think OA 2 is saying don't mess with any rules and for 90% of users (not Wilder's guys) that is easier. Easier doesn't mean better or more secure just easier to set up and run.

    If my suspect paragraph is incorrect, that would be good to prove by reference to documentation or show real examples. This is my learning thread, so posts saying, this is the wrong approach just use defaults out of the box and be happy are not IMHO OT in this thread. I will not respond to those posts and FWIW advise others to do the same. The thread was split earlier for opinion debates so those posts can go to the splits.
     

    Attached Files:

  3. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Post 100 has been answered in part:

    Reference:

    http://support.tallemu.com/forums/viewtopic.php?p=15974#15974

    Editing this in red as a tweaker I think this means:

    If there is no rule, it is blocked. However, if you have auto configure programs not enabled , when a program requests an access the rule will not be created auto-magically.

    Any errors in this edited answer are mine and mine alone so blame me not OA.
     
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Here is a features request at OA Forum (from July 2006 I think) on services:

    http://support.tallemu.com/forums/viewtopic.php?t=99

    So the question has been dealt with over a year ago. Mike Nash at the time indicated it will come in a future advanced release. Date unknown so don't ask me!

    In the interim, I will review my Black viper service settings to see what if anything may have changed since I installed OA 2. Others can do the same if comfortable with services settings, rule 1 there is if in doubt take default or make it manual so windows can start it if needed.

    More later.
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: 2 OA Restricted Ports List Questions

    It is personal choice. If I want to disable the whitelist for allowing application, then why not. Why have the option these if it should not be used?

    With the option to disable, then nothing should be able to connect out, including OA unless I have previously allowed it.

    My comment "not a good move OA!!" is the fact that OA is auto allowing its own application internet access without popup even when the whitelist is disabled.
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: 2 OA Restricted Ports List Questions

    Who has mentioned wanting a popup "every time" an application attempts access. I want any unknown to me~ that I have not personally allowed internet access to give a popup for access. I do not want to go into the firewall rules and find application allowed, which would show applications have made internet access without my knowledge. An option to stop this hapening is there, the question now is, does this work correctly. If OA is allowed internet access automatically whatever this setting is, then I would say it requires fixing to stop this.

    We are looking at all settings/options. To see exactly what they do, to also see if they work correctly. All I have seen from yourself is a pushing of your own thoughts/settings. I personally have no interest on what you think about what is on your system, or if you trust all or not. This is not the point of the thread.
     
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: 2 OA Restricted Ports List Questions

    Which version are you using, free or paid?
     
  8. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Re: 2 OA Restricted Ports List Questions

    If that is the case, it will be fixed.
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: 2 OA Restricted Ports List Questions

    I am just about to setup both free and full OA. So I will know for sure.
     
  10. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Re: 2 OA Restricted Ports List Questions

    Are you running latest release, or latest beta? I ask because we had a glitch with trusted apps and the latest beta may behave differently to release (but the latest beta still has a couple of issues which preclude its release).

    I have to run for a meeting in the next 5 mins, so will be online again in a few hours.
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: 2 OA Restricted Ports List Questions

    I am setting up with the versions (free-paid(trial))currently availble for download from your website.
    I am testing what is avaible to all, not what is available only to beta-testers.
     
  12. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Re: 2 OA Restricted Ports List Questions

    Ok - just bear in mind that is going to change in the next few days, and we have addressed an issue already with the whitelist.
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: 2 OA Restricted Ports List Questions

    Is there an "open" buglist, and what changes are being addressed/implimented on your forums (open forum, not closed beta-test forum?)
     
  14. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Re: 2 OA Restricted Ports List Questions

    No. Once we get our next release out, we'll go more formal (we'll have to).
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: 2 OA Restricted Ports List Questions

    Well, I do see that OA free 2.1.0.23 does allow such as "svchost" internet access even with the "whitelist" for this disabled, so that such internet access should give popup(which it does not)
    I will wait for the next "release" to re-test.
     
  16. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    Re: 2 OA Restricted Ports List Questions

    Hi Stem,

    I have not installed OA, as stated previously (check my previous posts), and this upsets Mike a lot.

    So far, I'm only observing, and like you, I don't like what I see.

    Cheers
     
  17. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    Hi Escalader,

    I can see that Stem and I are now focusing very much on the same issues: the auto trusted and auto allowed windows processes. So for now, let's see what comes out of Stem's attempts to tweak OA into something useful. :)

    Later on, I would like to see a popup from a blocked Windows process. You haven't seen any of those, right?

    Cheers
     
  18. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    Still no reply?

    "bit of a problem" is a bit of an understatement.
     
  19. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    OK. Can you explain what problem can cause inbound ping packet ? Just keep in mind, OA is a security program, not a network manager. The best thing to manage inbound is still HW router. So, what security risk brings inbound ping packet ?
     
  20. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Nope, I haven't tried to block a windows process with OA 2 nor have I seen any popup from a blocked window's service. But this observation IMO is of no value in a general sense.

    I use windows services to do that. What I am researching is if OA 2 usage turns on or off any settings.

    At the moment, I am revisiting my windows services and checking them again against Black Viper's Power user settings and Stem's earlier settings he gave the forum some time ago.

    Will report later on my own schedule!:cool:


    PS:It really would be better if you installed some version of OA on some PC so you could do tests as well.
     
  21. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi alex_s:

    Your question was addressed to another but for the record in the learning thread here I see OA 2's has addded in the newest help file I have the following:

    In this table for advanced users, they are allowed to accept or not accept in out pings plus the other ICMP's.

    So one has to conclude that the OA designer sees a value in the advanced user controlling pings to meet his needs.

    The OA default is to allow inbound but restrict outbounds this is a reasonable default.

    But again these are a matter of configuration choice and OA in this case allows the user a choice.

    Like yourself, I'm behind a router and that is best IMO as well. We agree!:cool:
    Even for a 1 PC set up. But not all OA users have routers do they?

    So the OA FW seems to allow some tightening of those pings. This is a good thing.

    Just so the thread knows, I have all ICMP OA 2 settings offered me clicked off, eg each box is blank.

    When in doubt, I always take the restrict options and wait for consequences thus erring on the side of security.

    So far I have seen no ill effects.
     
  22. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    Hi Alex,

    Inbound Ping is not a security risk for me.

    It might be a problem for you. Maybe you shouldn't focus so much on "leak tests"?

    Cheers
     
  23. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    Sorry Escalader,

    My mistake! I don't mean blocked, I mean "not allowed", that is: no rules.

    That should give a popup in order to allow or deny the traffic. And you haven't seen any of those for Windows processes, I guess?

    Cheers
     
  24. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    It gives a popup here in case you unmark "Atomatically allow trusted programs access internet". Build 2.1.0.28, beta.
     
  25. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,295
    Location:
    UK
    As Alex says, if I untick 'automatically allow trusted programs to access the internet' and then say I go and open windows media player, OA will pop up and ask if I want to allow this or block it.

    I always choose block for WMP :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.