Software firewall, with hard_coded rules

Discussion in 'other firewalls' started by Stem, Feb 5, 2007.

Thread Status:
Not open for further replies.
  1. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello all,
    I have wanted to ask for a long time the thoughts of members as to the use of firewalls having hard_coded rules.

    An explanation of this.
    Some firewalls, that say they give you full control of all applications access to the internet, do in fact allow their own applications full access without interception, or even logging of event.

    What ya think?

    Comments please
     
  2. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Hi Stem,

    My two cents....

    If I'm understanding what you're asking correctly.....I definitely like for a firewall to log ALL events, including it's own. I guess, simply put, their is a "TRUST" factor involved. It shows that the vendor and product is, in fact, policing itself, with no preferrential treatment. This allows the end user to rest easier and have more faith in the firewall itself.

    As for a firewall allowing itself an internet connection.....BY DEFAULT....I can understand this (as long as the user has the ability to CHANGE this setting). Again, it's simply a way to let the end user know that it is very thorough by listing ALL of the apps that have internet access, including it's own. While I can't imagine WHY a user would want to deny the firewall to connect or change that setting, options are always better than mandates ;)

    Having said this, simplicity is vitally important as well, so I can understand why a vendor would want to make it easier for users with pre-set rules, etc., thus allowing them to compute and surf with less intervention and knowledge of their computer and the software (i.e. - not having to "set rules") as well. Of course, I think that simply allowing the option to view when the firewall has used or is using an internet connection, as well as the option to see it listed among ALL of the software apps that use an internet connection would be the best approach....

    Good question, Stem :thumb:
     
  3. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Is this coming from a test? My guess is yes, or a build up from testing so many firewalls.

    Even though i don't know that much about Firewalls, i think it's only reasonable to log its own apps, if it logs everything else.

    I never bothered to look at logs, although i'm going into that when i install Kerio 2 (learn what i should have learned first). Comodo does show when the updater is conecting, but i don't log everything, just what is blocked. Is there a reason to log permissions?

    Now that i re-check, cpfupdat isn't on the applications list:blink:

    Conclusion: o_O
    Good question...
     
  4. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    Completely against it. I want to know about and decide on anything and everything that attempts to connect. I also don't like like hard-coded localhost loopback, dns, ICMP, dhcp, or any other kind of rules, either.
     
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I´m against hard-coded rules too :)
     
  6. RadarSP

    RadarSP Registered Member

    Joined:
    Feb 6, 2007
    Posts:
    2
    Its depend on kind of firewall.
    Firewalls for most people must be simple as posible, example ZA, must have hard_coded rules.
    But they must have an option to go to expert mode to edit that rules.
    I think that option must not be easy to change.
    In other firewalls, like jetico, hard_coded rules must be changed by default.
    Most people want to install firewall and forget it.
     
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello RadarSP,
    The problem with hard_coded rules is that the user cannot change or over-ride these.
     
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Hard-coded rules are not the same thing as prebuilt/default rules ;)
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello Someone,
    Well I do install all firewalls, to check on configs/ rules etc, and I do check on all comms made (externally)

    My point to the thread is just to get some feedback on members thoughts on this. My main concern is security. Example, if an application that is hard_coded to allow internet access on a users computer is compromised, and that application is not checked (simply allowed all access/comms to the internet without user intervention, and/or the connections are not logged) then how would a user know of such compromise. I do not think any application is 100% against possible compromise.
     
  10. Jimpdx

    Jimpdx Registered Member

    Joined:
    Aug 25, 2006
    Posts:
    12
    Location:
    Oregon USA
    Stem, would you be willing to list which of the well-known firewalls do or don't make use of hard-coded rules? I'll assume that Jetico is in the "don't" category.
     
  11. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I understand. In my own example, Comodo, gives you the option. But once installed, for instance in auto and the option for "safe" apps checked, i have to look for cpfupdate to block it, or just create the rule to allow, to be visible. Because it's not there... No big deal, but it would be much better if everything is shown, no matter what. I think i'll ask this on their forum to be sure why.

    I don't know if this is hard coded, i guess you mean not having the possibility of changing the rule. That's very bad:thumbd: .
    Or does my example also fall in the category?

    By trusting the FW, i didn't bother to look into this. It's an important point:thumb:
     
  12. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I did not/ do not intend this thread to name the firewalls that have hard_coded rules. Of course I do know which do/do not have such coding, but naming would bring flames, and this is not my intention.

    From my posts, giving my reviews on firewalls, I always state if I see any comms that are not authorised.
     
  13. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I'm also against hard_coded rules.

    A truly firewall should alert us about every program that wants to use the Internet...
    Some are adding the option to use a white-list to avoid more alert windows, so the user just have to decide to use it or not...

    A good log feature is very important too, even if most not use it because aren't interested on it or just because it use more system resources. At least, should have an option for that...

    Stem, thanks for your question... ;)
     
  14. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    You should have to disable the option "Do not show any alerts for the applications certified by COMODO"...
     
  15. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    VC, i installed with that unchecked, ie, i wanted no alerts for that. But i do want them in the rules list:p
    I ticked that, and they don't appear as magic:rolleyes:

    This is what i'm saying, that's all. I'm sure if i do that from install, i'm in control. But not doing that, i expect that Comodo shows the rule created.
     
  16. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    To the process appears on list, after disable that option, you should click on update again and you will be prompted about it...

    But I agree with you that even with that option disable the processes should appears on the applications list.

    When I will have some time, I will have to check this and others things on it...
     
  17. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Someone and V_C,

    Please don't hijack this important and useful thread from Stem and turn it into YET ANOTHER "Comodo" thread!!! There are more than enough of those already to go around in this forum......;)
     
  18. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Sorry for that. It helped me a bit to define what are hard coded rules. I guess that means you can't change them, you're not in control.

    It's bad and they make the firewall lousy too:doubt:
    I guess it was a bit OT. Sorry again
     
  19. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    Which is safest.I have just installed virgin media pc guard.No way to edit rules so utorrent is just allowed in and outbound ,allow or block.Is a firewall like pc tools safer where i can select one port.Or even safer like comodo, where i can edit application rules and network monitor rules so i can restrict utorrent to a single port.
     
  20. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    No problem, Someone. ;) I just didn't want this to turn into a Comodo or OT thread, when I have a feeling Stem is using this to show to some of the software firewall vendors (Comodo may possibly even be one of them, who knows) in order to help them in the development of their firewalls. I'm guessing that if these vendors see just how users feel and read what we say and think about hard-coded rules, then they may adjust and/or rethink their research and development strategies for future versions.

    Not to mention, it's a good learning experience for all of us as well....
     
  21. herbalist

    herbalist Guest

    I wouldn't want a firewall with rules that can't be edited, especially if the rules are for the firewall itself. If a usable exploit is developed for that firewall, those rules could be a major security breach. I'd be more concerned about the privacy implications of those permanent rules. It would be too easy for that firewall to call home for whatever purpose, be it auto-updating or some form of data mining, checking if the copy is legal, etc. For me, security and control are inseparable, especially with internet traffic. No calling home, no auto-updating, and definitely no uncontrolled internet access is acceptable.
    Rick
     
Loading...
Thread Status:
Not open for further replies.