Software firewall, with hard_coded rules

Hello all,
I have wanted to ask for a long time the thoughts of members as to the use of firewalls having hard_coded rules.

An explanation of this.
Some firewalls, that say they give you full control of all applications access to the internet, do in fact allow their own applications full access without interception, or even logging of event.

What ya think?

Comments please

 

Hi Stem,

My two cents....

If I'm understanding what you're asking correctly.....I definitely like for a firewall to log ALL events, including it's own. I guess, simply put, their is a "TRUST" factor involved. It shows that the vendor and product is, in fact, policing itself, with no preferrential treatment. This allows the end user to rest easier and have more faith in the firewall itself.

As for a firewall allowing itself an internet connection.....BY DEFAULT....I can understand this (as long as the user has the ability to CHANGE this setting). Again, it's simply a way to let the end user know that it is very thorough by listing ALL of the apps that have internet access, including it's own. While I can't imagine WHY a user would want to deny the firewall to connect or change that setting, options are always better than mandates

Having said this, simplicity is vitally important as well, so I can understand why a vendor would want to make it easier for users with pre-set rules, etc., thus allowing them to compute and surf with less intervention and knowledge of their computer and the software (i.e. - not having to "set rules") as well. Of course, I think that simply allowing the option to view when the firewall has used or is using an internet connection, as well as the option to see it listed among ALL of the software apps that use an internet connection would be the best approach....

Good question, Stem

 

Is this coming from a test? My guess is yes, or a build up from testing so many firewalls.

Even though i don't know that much about Firewalls, i think it's only reasonable to log its own apps, if it logs everything else.

I never bothered to look at logs, although i'm going into that when i install Kerio 2 (learn what i should have learned first). Comodo does show when the updater is conecting, but i don't log everything, just what is blocked. Is there a reason to log permissions?

Now that i re-check, cpfupdat isn't on the applications list

Conclusion:
Good question...

 

Completely against it. I want to know about and decide on anything and everything that attempts to connect. I also don't like like hard-coded localhost loopback, dns, ICMP, dhcp, or any other kind of rules, either.

 

I´m against hard-coded rules too

 

Its depend on kind of firewall.
Firewalls for most people must be simple as posible, example ZA, must have hard_coded rules.
But they must have an option to go to expert mode to edit that rules.
I think that option must not be easy to change.
In other firewalls, like jetico, hard_coded rules must be changed by default.
Most people want to install firewall and forget it.

 

Hello RadarSP,

The problem with hard_coded rules is that the user cannot change or over-ride these.

 

Hard-coded rules are not the same thing as prebuilt/default rules

 

Hello Someone,

Well I do install all firewalls, to check on configs/ rules etc, and I do check on all comms made (externally)

My point to the thread is just to get some feedback on members thoughts on this. My main concern is security. Example, if an application that is hard_coded to allow internet access on a users computer is compromised, and that application is not checked (simply allowed all access/comms to the internet without user intervention, and/or the connections are not logged) then how would a user know of such compromise. I do not think any application is 100% against possible compromise.

 

Stem, would you be willing to list which of the well-known firewalls do or don't make use of hard-coded rules? I'll assume that Jetico is in the "don't" category.

 

I understand. In my own example, Comodo, gives you the option. But once installed, for instance in auto and the option for "safe" apps checked, i have to look for cpfupdate to block it, or just create the rule to allow, to be visible. Because it's not there... No big deal, but it would be much better if everything is shown, no matter what. I think i'll ask this on their forum to be sure why.

I don't know if this is hard coded, i guess you mean not having the possibility of changing the rule. That's very bad .
Or does my example also fall in the category?

By trusting the FW, i didn't bother to look into this. It's an important point

 

I did not/ do not intend this thread to name the firewalls that have hard_coded rules. Of course I do know which do/do not have such coding, but naming would bring flames, and this is not my intention.

From my posts, giving my reviews on firewalls, I always state if I see any comms that are not authorised.

 

I'm also against hard_coded rules.

A truly firewall should alert us about every program that wants to use the Internet...
Some are adding the option to use a white-list to avoid more alert windows, so the user just have to decide to use it or not...

A good log feature is very important too, even if most not use it because aren't interested on it or just because it use more system resources. At least, should have an option for that...

Stem, thanks for your question...

 

You should have to disable the option "Do not show any alerts for the applications certified by COMODO"...

 

VC, i installed with that unchecked, ie, i wanted no alerts for that. But i do want them in the rules list
I ticked that, and they don't appear as magic

This is what i'm saying, that's all. I'm sure if i do that from install, i'm in control. But not doing that, i expect that Comodo shows the rule created.

 

To the process appears on list, after disable that option, you should click on update again and you will be prompted about it...

But I agree with you that even with that option disable the processes should appears on the applications list.

When I will have some time, I will have to check this and others things on it...

 

Someone and V_C,

Please don't hijack this important and useful thread from Stem and turn it into YET ANOTHER "Comodo" thread!!! There are more than enough of those already to go around in this forum......

 

Sorry for that. It helped me a bit to define what are hard coded rules. I guess that means you can't change them, you're not in control.

It's bad and they make the firewall lousy too
I guess it was a bit OT. Sorry again

 

Which is safest.I have just installed virgin media pc guard.No way to edit rules so utorrent is just allowed in and outbound ,allow or block.Is a firewall like pc tools safer where i can select one port.Or even safer like comodo, where i can edit application rules and network monitor rules so i can restrict utorrent to a single port.

 

No problem, Someone. I just didn't want this to turn into a Comodo or OT thread, when I have a feeling Stem is using this to show to some of the software firewall vendors (Comodo may possibly even be one of them, who knows) in order to help them in the development of their firewalls. I'm guessing that if these vendors see just how users feel and read what we say and think about hard-coded rules, then they may adjust and/or rethink their research and development strategies for future versions.

Not to mention, it's a good learning experience for all of us as well....

 

I wouldn't want a firewall with rules that can't be edited, especially if the rules are for the firewall itself. If a usable exploit is developed for that firewall, those rules could be a major security breach. I'd be more concerned about the privacy implications of those permanent rules. It would be too easy for that firewall to call home for whatever purpose, be it auto-updating or some form of data mining, checking if the copy is legal, etc. For me, security and control are inseparable, especially with internet traffic. No calling home, no auto-updating, and definitely no uncontrolled internet access is acceptable.
Rick