Is Sygate firewall ok with KAV 4.5 and Mozilla Firefox?

Discussion in 'other firewalls' started by mvdu, Jul 21, 2004.

Thread Status:
Not open for further replies.
  1. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    I am wondering if Sygate's proxy weakness would be a problem while running KAV 4.5 (with mail checker installed) and Mozilla Firefox.
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Should not be a factor with that configuration. The loopback issue would only apply when using something like Proxo where applications could access the Internet via localhost and the proxy.

    Regards,

    CrazyM
     
  3. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Thank you very much, CrazyM!
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Hmmm...my understanding is that KAV's mail checker does run as a local proxy and that therefore Sygate would not prevent other programs from trying to access the Internet through it. However you could substantially reduce (but not eliminate) the risk by configuring a tight ruleset for the proxy (e.g. POP3/IMAP/SMTP protocols only, ISP mailserver addresses only).
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    If KAV does use a proxy type service for scanning e-mail, I cannot see it allowing other applications to use it other than the mail clients you configure. I doubt it is an independent proxy service available to anything. But not having used it, perhaps a KAV user can jump in and clarify how the e-mail scanning works.

    Regards,

    CrazyM
     
  6. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Given that the most popular use for compromised PC's is as spam zombies, I would hope that the exploit here is obvious. :)

    I was however also thinking about a malware application trying to use the proxy to trigger fake DNS requests to transfer data (in a similar fashion to DNSTester). The only way to prevent this would be to block DNS access for the proxy and to have the mail server addresses added to the hosts file (thereby removing the need for the proxy to do a DNS lookup).
     
Loading...
Thread Status:
Not open for further replies.