Outpost wanting write access

Discussion in 'ProcessGuard' started by Rainwalker, Feb 7, 2004.

Thread Status:
Not open for further replies.
  1. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Greetings all ..... sorry if this has been addressed. OP wants to write to a few programs including me browser. Should i allow this and is anyone noting the same :doubt:

    TIA
     
  2. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    If it is a trusted security application, you can allow it to do all it wants.
    Outpost is IMO a trusted security app, so let it write to processes.

    Why does it would need that ? i don't know, may be to add a piece of code to watch the process behaviour, or may be does it simply check that if needed, it can write to it ?

    If you have the official trial or full OP version, i think it is safe to allow it, and may be more it is needed in order that your firewall protect you with full protection.
     
  3. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Thanks for getting back gkweb........... yeah, why would it need to write to these programs :doubt: i have full pro v. and this was not happening until i updated PG to 1.2...... think i will wait for any other thoughts on this before i 'Allow'.
     
  4. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    You SHOULD allow any privileges to any trusted program what it wants, otherwise you might change the way the program runs and later on you might get unpredictable results
    Dolf
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Rainwalker, I agree with Dolf in this case. Allow outpost the privilege, remember the "allow" privilege is only applied to listed programmes which you already protect and trust :)
     
  6. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    OK, thanks guys............. by the way OP also wants to write to TDS and PE; again this activity is all new since PG update :doubt: i will do as you suggest......thanks again
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Rainwalker, My Outpost has Write, suspend, getinfo & read in the Allow flags almost sure this is a precaution of Outposts to enable it to monitor a programme for it's application filtering. :)
     
  8. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Thanks Pilli......OP is wanting it all :doubt: o_O for now i will allow what you have allowed.
     
  9. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Funnilly enough I had to reboot the server PC today and, you've guessed, Terminate & Set info were logged but only once, so I will not bother about it.
    I do not like giving listed apps Terminate allowances unless absolutely necessary as this gives them permission to terminate listed Apps :eek: :D
     
  10. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
  11. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks Nameless, I agree that with what you say, as a rule, with your security applications especially. I add programmes slowly and monitor their logging in PG before making the necessary allowances.
    I have also contacted App developers when not sure what an app is using hooks or other logging attempts for when these are not clear, usually the developer will tell you and from that you can make a knowlegable decision about your PG settings.

    Eventually the PG community will build up a knowlege cbase that will enable users to make the appropriate settings and, of course, define any anomalies.
     
  12. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    The only issue I have with allowing everything you add is there might be some vulnerability down the track in one of those programs, like a buffer overflow (which PG cannot protect against since it is programming error) in which case that process then begins to take down others.

    Personally I try and give the least amount of allow privileges I can, the least being as much as the program requires to run without having any issues. For the general users this may not be a good thing to do since it requires knowledge (and time) on what is causing which issues if there is problems. Protection/security wise I think it is better however.

    -Jason-
     
  13. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    I don't see a so big issue with giving restricted privilieges to protected processes, if a malware comes, it won't be a protected trusted process and so will be killable, and if it wants to inject into a protected process it won't be able too.

    In the worst case it is, just give at the moment the privilege to TERMINATE to particular process, but i don't think it will happen if PG is installed and configured before any malware coming.
     
  14. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    For "external" applications GKWEB you are right. External meaning the ones PG isn't protecting. They won't be able to interfer with the PG protected ones so there won't be an issue. My only concern is if a "trusted" program somehow misbehaved or was made to misbehave, if it had allow privileges your other applications wouldn't be protected from it. It is a very rare scenario and obviously some applications are more prone to it than others (Internet Explorer for example).

    These sorts of attacks will only occur on applications that 50+% of the internet population use, usually Microsoft based ones. I wouldn't mind giving some programs all allow access, in fact I have, but programs like Internet Explorer, Outlook, etc, I would be more weary of. Luckily those programs don't really require Allow privileges so there isn't really an issue with not giving them to them.

    -Jason-
     
  15. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Jason,

    i was speaking for a simple point of view, besides that i have too thought to what you are talking in the beta forum, i have written as a suggestion a new feature reaquest which would be to have a new column "target" to tell PG to which protected processes allowances are applied, it can be "ALL" or a list of protected processes :)
     
Thread Status:
Not open for further replies.