"Little Snitch" like SW for Windows?

Discussion in 'other firewalls' started by ahinterl, Nov 12, 2008.

Thread Status:
Not open for further replies.
  1. ahinterl

    ahinterl Registered Member

    Joined:
    Oct 5, 2005
    Posts:
    31
    Stumbled over "little snitch" for the Mac, Is there something like that for Windows (Vista) too (i.e. firewall/warning system for outgoing connection attempts only)?

    The reason is to have a lean Vista x86 (after playing a long time with PrevX, ZA, Outpost, Comodo,... I now have the best experiences with Avira Premium installed only and using the built-in firewall, which lacks better control over outgoing connections though) and prevent "malware" like Adobe's CS4 suite to silently "call home" without the need of a full fledged firewall (I still have licenses for Outpost and ZA).

    Andreas
     
  2. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
  3. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    The reason I posted here is to ask about this "phonings" you mention. Please ahinterl, if you don't mind, do try NAMOR's suggestion (as I agree it is the best simplest possible solution) and then repost back with the connection attempts made by Adobe products. Screenshots and such...

    I ask this because there were similar posts in the past dealing with CS3 "phonings" and these assumptions were easily overthrown. CS3 did NOT phone home - except for updates by Adobe Updater, but this can easily be disabled without a need of firewall to stop them. I am curious whether this has been changed in CS4 as I haven't yet tried it.

    TIA and cheers,
     
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I have looked very much for a type of program such as 'little snitch'. There is no comparable program for the MS platform to my knowledge. The closest one can come is something like Threatfire, where you can state IF ANY process tries to make 1 network connection, prompt. This will then tell you about it just fine. However, the #1 problem with TF in this situation is that there is no allow/deny, only (usually) kill or quarantine. Sometimes there is deny depending on what it is, but I have not seen it when doing what i just stated.

    The only other option I have found is DSA. It can monitor for apps wishing to go online, and you can allow or not. However, not only does it require a training period to be used correctly, it also has a firewall module built in, with no way of interfacing or controlling. It is a good product IMO, but when I found out that it blocks certain ping functionality, I dropped it right away.

    The best I can tell you if you want something like 'little snitch', is to use something like Outpost v2-4. The reason, because you can disable most every 'plugin' that you don't want, and you can edit what is called the 'presets.lst' file, which is basically your list of custom rules that can be applied depending on the situation. I used to make 3 custom rules, one for Allow, one for Deny, and one specifically for Svchost.exe. Now I only have 1 ruleset, the Svchost.exe one. I stopped using the others completely.

    The result, when OP is in 'wizard' mode, is that when an app that is not in the approved list starts a connection attempt, OP tells me. My basic choices now are Allow once, Block once, Trust always, Block always, or create a custom rule.

    Many times I use the allow or block ONCE to see what happens. Does the app perform fine if I block it? Or does it not? Now I can know how to answer shoudl I always allow or always block. Or if it is a special app or I just want to make a more granular rule, I choose 'other' and make a custom rule.

    There are a few firewalls that can do it this way, but to my knowledge, only OP lets you modify your rulesets via a text file in such an easy way.

    That is my finding anyway, and I have spent a good deal of time researching it.

    Sul.
     
Loading...
Thread Status:
Not open for further replies.