Q: Do I need PG when using a proxy?

Discussion in 'ProcessGuard' started by Itai Frenkel, Oct 26, 2005.

Thread Status:
Not open for further replies.
  1. Itai Frenkel

    Itai Frenkel Registered Member

    Joined:
    Oct 26, 2005
    Posts:
    1
    Hello all,

    I've got processguard at home, and I consider having a 2nd copy for the office. In the office I am behind a proxy server (freeproxy running on a different machine).

    Is it possible for malware to access the proxy and bypass the firewall at the same time ? The proxy info is defined in the IE6 connection settings and in the WinXP proxycfg utility (needed for automatic Windows Updates).

    Regards,
    Itai
     
  2. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Welcome to Wilders Itai. :)

    Yes you do need PG when using a proxy and firewall.
    Malware will usually try to exploit a vulnerability in your browser or operating system, or by using social engineering to trick you into doing something.
    The goal for them is to execute or run some malicious code on your computer.
    This in turn opens the door wider for more malware to execute.
    If you visit a malicious website, the website will try to execute code on the page or exploit your browser in some way. They usually don't bother attacking the proxy or firewall, they go straight for the weakest link on your computer directly.
    They proxy will hide your ip address from the malicious website, so they won't be able to do a port scan on your ip looking for open ports.
    The firewall should be stealthing your ports and blocking inbound attacks and notify you if something trys to "phone home".
    These very useful security programs do not (normally) block programs from being executed (or installed) on your computer like PG does.
     
    Last edited: Oct 26, 2005
  3. itaifrenkel

    itaifrenkel Guest

    What about the leakage tests?
    Can the malware "phone home" if it cannot find the proxy server address and port ?

    Regards,
    Itai
     
  4. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Firewall leak test programs can be very useful for checking how effective your firewall is because they use some of the same techniques that malware uses.
    But malware comes in many varieties and have many different "tricks" to bypass defenses.

    One of these tricks is to alter the browser so when you connect to the proxy and surf the web, it silently phones home through the browser.

    It is much better to block the malware from executing in the first place than to try and contain it after the fact.
     
  5. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    is that a local proxy? Because none of the answers apply if it is. I run behind The Proxomitron which a local proxy. It is confusing when users speak of a proxy and then don't really explain what type of proxy. Ad/subtract is another local proxy.
     
  6. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Mele20,

    No, FreeProxy is not a local proxy like Proxomitron. It is like a much more powerful version of MS ICS (Internet Connection Sharing) and can run on a local LAN computer.

    But now I'm curious (I don't run a local proxy). With the right filter set, Proxomitron may block the malware from getting on your computer (inbound).
    But what if you already have a malware that is on your computer (from a download or one that got past the Proxo filters)?
    Would Proxomitron be able to block the malware from using the browser to phone home (outbound)?
     
  7. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    iirc proxomitron is similarly to greasemonkey in which it alters the appearance and function of websites. it doesnt control any traffic. for that u need a firewall with outbound control.
     
  8. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Proxomitron can't block malware from phoning home but it can (with the right filters) prevent any webpage from planting malware on your system in the first place (so all you have to worry about are file downloads, email attachments and other network-accessing applications). It can greatly improve your online experience though, by removing webpage annoyances (animations, advertising, background sounds, pop-ups and unders, etc) and can be used to rewrite web pages to suit you. The downside is that while using existing filters is easy, writing your own can be a challenge.
     
  9. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks Paranoid2000. :)
    So it would still be beneficial for Itai to use PG whether a local proxy, ICS type (FreeProxy), or remote proxy is being used. Is that correct?

    It's a good thing that we have bright people like Kye-U (and you) on our side doing this difficult work for all our benefit.
     
  10. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Very much so, since PG controls what running programs can do - proxies cover a different area. Thanks for the nudge back on-topic. :)
     
  11. tlu

    tlu Guest

    Yes, I agree. In my opinion the easiest and most effective way to control these types of Active Content is to use Firefox with the two excellent extensions NoScript and AdBlock (or better yet Adblock Plus in combination with Adblock Filterset.G Updater ).
     
Thread Status:
Not open for further replies.