No ruleset - no protection - no warning!

Discussion in 'LnS English Forum' started by SimonW, Oct 28, 2005.

Thread Status:
Not open for further replies.
  1. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Argh!!

    Today, purely by chance I checked the internet filtering tab and found that absolutely no rules were loaded!! i.e. no entries at all on screen - however according to info at the bottom of the window I had the the enhanced ruleset loaded.

    I think it would be an excellent additional feature to warn the user if no internet filtering rules are present...

    When I checked the looknstop directory the enhancedruleset.rls file was shown as only 1k together with a file enhancedruleset.bak at around 38k (can't remember the exact size) and both these files were dated 15th October - which leads me to believe I have been accessing the internet for the last 13 days with no protection at all.

    I don't know how this situation could have occured - but the fact that it did and I got no warning leaves me very concerned - it means I will have check daily that the ruleset is loaded correctly.

    Does anyone know how this could have happened?

    And to everyone who reads this message - just check to make sure your internet filtering screen is correct - otherwise you'll be left with the same uneasy feeling I've got wondering what has been accessing my machine for the last 2 weeks.

    SimonW
     
  2. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    I have been a licensed user for nearly 3 years and at times I have lost application filtering without any warning whatsoever. I have even lost the "Connected" and "Statistics" from the Welcome page, again without any warning.

    So even though the relevant patching or reinstalling has solved the problem I feel the need to keep a close eye on all of the main program modules.

    IME, on MY machines it can be buggy and overall it appears to be sensitive to both registry cleaners and previously installed firewalls. So like you I have to make sure I check the program regularly for correct functioning.

    "Warning popups" would be a good idea.

    Sorry I could not answer your question directly.
     
  3. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    I too have lost application filtering a couple of times - but this is a "relatively" minor problem - perhaps an app will access the web without asking.

    Without the internet filtering in place all ports are open which is much more serious.
     
  4. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,220
    I'm trialling the program and in 2 weeks i've experienced something similar to Blackcat, i've lost the 'connected' and 'statistics' once. I understand your feeling of vulnerability as such an incident could lead to irreversible consequences.

    At the time I thought my VDSL modem was playing up and I also thought another program might have interfered with it, but it should be protected by ProcessGuard from being modified...

    Hopefully somebody from L'n'S will help.
     
  5. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    For the Application Filtering, this is a known issue it gets deactivated sometimes and systematically when installing/uninstalling some other internet related stuff. This issue is adressed with the 2.05p3.

    Now, about the ruleset, this is something new, I don't remember someone having this before.
    It would be interesting to know what was the content of the file exactly, to know what kind of protection can be put.
    Normally there should be a warning if the file is not correct. We will improve this.

    Regards,

    Frederic
     
  6. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Thanks for responding Frederic -

    If internet filtering is disabled, the XP SP2 security centre pops up an alert to say the firewall is switched off - but in my case internet serurity was enabled just no rules showing in the list! Could an additional code check make sure that it if no rules are present a similar notification is performed?

    I didn't keep a copy of the corrupted enhancedruleset file as I just deleted it and replaced it with the bak version. I had extended the supplied ruleset with additional rules but have been running this version on 2 of my machines for a long time and everything has been ok.

    Osaban - I've been running with LnS for over 18 months now, this is the first time I've seen any kind of problem with the internet filtering and I'm more than happy with the program overall - in my opinion it is still the best firewall available.

    Thanks
    Simon
     
  7. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Ok a warning will be added if the number of rule is 0.

    Frederic
     
  8. mikel108

    mikel108 Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    1,057
    Location:
    SW Ontario, Canada
    I have moved to Look "n" Stop from Sygate. I like the fact that it is a firewall, and nothing else. I had tried some suites for cost effectiveness, and simplicity, but IMHO they were just not doing what simgle apps would do.

    So, with this bug, would you honestly say that this firewall, right now, is probably not the best choice for a PC that has people on it half the time that know nothing about programs??

    PS this is my first real trial of LnS and I really like the low resources and the password that just locks everything, along with the customization.
     
  9. PeterVO

    PeterVO Registered Member

    Joined:
    Aug 25, 2003
    Posts:
    87
    Location:
    Belgium, Leuven
    Hello,

    after reading the first post in this thread, I checked the settings and indeed have the same problem: it says the internet filtering is enabled but in my modified enhanced rulesetlist no ruletext is visible and all rules are disabled.
    There is also something wrong with the size: 112 KB for the modified enhanced ruleset (with only , if I remember well three more rules added) and 27KB for the standard enhanced ruleset.
    Again this is the first time I saw something like this.
    After loading the enhanced ruleset again, all seems well again but not with the modified version. It seems it got corrupted somehow.

    Kind regards,

    PeterVO
     
  10. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    Not sure it is the same issue as the 1st post, since you had a ruleset file that was bigger the initial one. And probably the number of rules was bot 0 in your case.
    Did you keep the corrupted ruleset file ? It will be useful understanding what could happen there.

    One possibility (for both cases) could be a problem when the ruleset is saved at shutdown time when Look 'n' Stop is closed by Windows.
    When Look 'n' Stop is stopped there is a usual prompt if the ruleset has been modified and not saved yet. Perhaps after answering Yes, windows is closing too quickly and the saving is not happening correctly. This is only an idea.

    So currently, it is perhaps safer to save the ruleset manually without exiting from Look 'n' Stop, as soon as it has been modified. And if the problem occurs anyway, then probably the file is somehow corrupted outside Look 'n' Stop.

    I also know with the service mode start the prompt is not working well. Are you using the service mode start ? (question for SimonW as well).

    Thanks,

    Frederic
     
  11. PeterVO

    PeterVO Registered Member

    Joined:
    Aug 25, 2003
    Posts:
    87
    Location:
    Belgium, Leuven
    Kind regards,

    PeterVO
     
  12. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Just send it to lnssupport@soft4ever.com. Thanks.

    In that case, I don't understand why the ruleset was re-written, at least by Look 'n' Stop. Look 'n' Stop is supposed to write the ruleset file (and to create the .bak) only when there was a change in the ruleset currently in use and only when th user is Ok to save the file.

    Hope the bad .rls file contetnt will help to understand something.

    Frederic
     
  13. PeterVO

    PeterVO Registered Member

    Joined:
    Aug 25, 2003
    Posts:
    87
    Location:
    Belgium, Leuven
    Quote:
    Originally Posted by PeterVO
    **** Yes, I still have it. What's the E-mail address to send it to?

    Just send it to lnssupport@soft4ever.com. Thanks.

    **** Hello Frederic,

    the corrupt ruleset has just been sent.

    Kind regards,

    PeterVO
     
  14. lorife

    lorife Registered Member

    Joined:
    Sep 24, 2005
    Posts:
    27
    I noticed that if I save the ruleset in a folder (the desktop for example), import that ruleset from that location, and then delete the file...well all the rules disappear without any warning too..
     
  15. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    I've been trialing looknstop for a couple of days, with the "enchanced ruleset". BTW. I really like this firewall. Trying to find a replacement for kerio 2.15.

    Last night while I was rebooting my computer. A message came up asking me if I wanted to save the "enchanced ruleset". I clicked yes. I thought this was rather odd, as I had rebooted several times during the past couple of days, and this was the first time I got this message.

    After rebooting, I immediately looked at the firewall to see if the "enchanced ruleset was still there. It wasn't, and when I hit load, the enchanced ruleset refused to load. However, the "standard ruleset" loaded. See screenshot.

    I uninstalled the firewall and reinstalled it, and everything is back to normal. In my paticular case. I believe the reason I lost the enchanced ruleset.. is because I've been installing and uninstalling a lot of different antivirus software the last couple of days.

    I always backup my registry with "winrescue" before installing and uninstalling software. I also run registry cleaners... However in this one case..something went wrong after uninstalling my 5th antivirus in about 2 days. And that's when the enchanced ruleset disappeared. I blame this on the computer user and not looknstop :D
     

    Attached Files:

  16. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    After looking at PeterVO file, this new case confirms my thoughts. There is probably a problem sometimes when saving a modified ruleset at shutdown time.

    The message to save the ruleset appears as soon as a modification has been done in the active ruleset. A simple change like modifying one attribute of a rule will cause this dialog box to open (and even if you reverted back the attribute).
    At this time, it is safer:
    1- to manually save the ruleset as soon as a modification has been done and you want to keep it
    2- assuming you did the 1-, this means you can answer No if the dialog box will open at shutdown time.

    Frederic
     
  17. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    351
    If so, please make this warning optional.
     
Thread Status:
Not open for further replies.