Jetico PF application filter broken

Discussion in 'other firewalls' started by sudo, Jul 14, 2006.

Thread Status:
Not open for further replies.
  1. sudo

    sudo Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    3
    Jetico PF seems to have a problem with apps that either auto startup or hook to keyboard events. Not sure yet which is the problem. But it results in unexpected processing of the Application Table.

    I added Jetico PF to a fresh install of XP SP2 with NOD32. After tuning the Optimal Policy rules to ensure NOD32 can autoupdate, I proceed to try ping, telnet, nslookup and ftp from a Command Prompt window.

    When I ping my DSL router, Jetico popups appear for SynTPLpr.exe (Synaptics Touchpad Driver Helper), Setup.exe (Audio Volume Status app for my notebook), cmd.exe, then finally ping.exe.

    If I deny network access to SynTPLpr.exe or Setup.exe, then Jetico doesn't even prompt for the rest. And ping.exe will fail with an error.

    Next, I try to telnet to the web admin port of my DSL router. Again, these require the SynTPLpr.exe, Setup.exe and cmd.exe above to be ticked as 'accept'. Else, no popup prompt for telnet.exe . And telnet.exe will fail with error.

    Next, I try nslookup. Same as above, but no popup for sending datagram (UDP) appears.

    Lastly, I try ftp to my DSL router. A popup for lxkey.exe (EzButtonPro app for my notebook) appears, then ftp.exe .

    Perhaps 'network access' is required for random hotkey apps, for the networking commands to function.

    In a separate clone partition, I had blocked 'network access' to many of these keypanel apps, thinking they had no business attempting it. But then Internet Explorer silently failed to open any web page, with no popup appearing from the Ask User rule.

    I will continue to evaluate Jetico PF a bit more. However, I am concerned how much more is broken in the Application filter, and if anything is broken elsewhere.
     
    Last edited by a moderator: Jul 15, 2006
  2. shaunwang

    shaunwang Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    94
    well I do not think its broken.

    Stem will have a better answer
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello Sudo, and Welcome to Wilders.
    There are a number of "Apps" that require "network access" Mainly for loopback and internal comms. Blocking some applications from "network access" within Jetico can cause the problems you have mentioned.
    I did some time ago, e-mail Jetico concerning the "network access" and to what blocking this to applications actually "blocked",... as if network access is blocked for example to "explorer.exe", then internet connections cannot be made (even though no internet connection, or loopback is attempted by explorer,exe when this is first allowed).

    Note:
    I removed an invalid attachment from your post, when making an attachment please check the "file type", there is a "manage attachment" button in the "Additional Options" panel when posting.
     
  4. sudo

    sudo Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    3
    Stem, thank you for the welcoming reply.

    A good point there about local host interprocess communications. My surprise is that the 'network access' setting for some totally unrelated apps determines whether an app can talk over the network. In my first example, ping.exe only works if SynTPLpr.exe (touchpad) and Setup.exe (audio volume status) have 'network access'. This UI approach will be very error-prone, even for the computer networking expert. Just can't predict what future app may get stuck, if some standalone app happens to be denied 'network access'. Eventually, the user will give-in and create one catch-all rule to grant 'network access' to 'any' apps. It's too hard to track dependencies by empirical observations.

    I hope Jetico answers your query. I interpreted the help file to say that 'network access' means an app gets access to networking functions, short of actually transmitting/receiving data. This may be as simple as looking up the host's DNS fully-qualified domain name or local NIC address(es). Or it might also mean programatically changing the route table. Who knows how much potential damage is involved?

    Note: I used Manage Attachements to upload a PNG screenshot. But the editor would not let me insert the picture. Maybe too many browser script filters on.
     
  5. niche99

    niche99 Registered Member

    Joined:
    Apr 28, 2005
    Posts:
    4
    Hi,

    I have found out the following, if a process that is denied access to the network spawns or launches another process or application that new process or application will also be denied network access.

    Reasoning for this
    1. I use Litestep as a shell. It uses a menu popup dll to display clickable shortcuts to apps. I also have a hotkey dll to do a similar thing via the keyboard.
    2. I use xplorer2 from http://zabkat.com/ ( a great file manager ;) ).

    So,
    1. Deny network access for Litestep, then launch Firefox either from a menu popup or a hotkey, Firefox (which has network access allowed) fails to load any pages - ie network access blocked.
    2. Close Firefox, then open xplorer2 (which has network access allowed) and launch firefox.exe. Firefox loads any page I request.

    So, are child process inheriting parent permissions?

    This may not be a bad thing. But surely, explicitly defined permissions for child processes should override parent permissions.

    niche99
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I E-mailed Jetico support for information concerning the "Access to network".
    With full permission of the Author, I am able to post the reply:-


    ____
    Stem
     
Thread Status:
Not open for further replies.