Twenty five years of firewall innovation

Discussion in 'other firewalls' started by ronjor, Oct 10, 2014.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,742
    Location:
    Texas
    http://www.net-security.org/article.php?id=2142
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yes firewalls, are kinda cool. Especially outbound access control can stop lots of attacks. :)

    The one thing that I would like to see in a firewall, is a way to stop apps from phoning home, without blocking them from network access completely. Yes this can already be done, but I'm talking about doing it out of the box. But, how would firewalls know if the outbound request is done by you (a person) or by the app itself?
     
  3. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    This is an old discussion in the privacy community to say the least; especially when spyware was first discovered and defined. The issue then as it is now is not the ability to block what you want blocked within the rule sets, but with the user getting appropriate notice of the COSTS for using any given application (usually free or shareware). With a transparent understanding of the costs of using the program then comes an easier decision as to whether or not to even install and use the product in question.

    The point here being that if you think the costs of a specific application are too high without spending time and resources to configure and then test a specific set of rules for outbound communications, you should perhaps look for a different solution that may require paid licensing - the developer has to get paid one way or another and the best results with the highest all-around customer satisfaction comes with a paid relationship in general (yes there are exceptions).
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    @ Coldmoon

    Well, you're looking at it from a different point of view. Most apps will not phone-home if you disable the "auto-update" setting. But there are some apps (like browsers, video downloaders and instant messengers) that always need to be connected, so they can use this advantage to make outbound connections that you did not request or approve. The question is also: what exactly are they uploading from your machine? Maybe browser or chat history, and a list of downloaded files?
     
  5. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Well, when one considers that most AM/AV/AS scanners are always behind the curve due to the sheer volume of malware and pup content that gets released to the wild on a daily basis; having automatic updates makes sense even with the occasional risk of a bad signature getting into the mix.

    Where browsers are concerned, you should be able to shut off the automatic updates in the configurations. Where this might come back to bite you in the rear is when a vulnerability is discovered, then eventually fixed, the unaware user is at greater risk as it is usually a blue moon when they actually get around to checking for updates. If my experience here is any guide, this usually comes after I clean up a relative's system when they get infected by something...

    The video downloads are a trickier issue as it may involve DRM requirements with the specific media you are downloading and then eventually playing back. This is one of the costs I mentioned previously though it is more about control of the content than it is about getting paid for that content. Games are even worse when you have to be on-line to even use the software so buyer needs to beware here...

    Instant messengers would need to establish outbound connections unless you didn't intend to actually talk to someone using the applicable program. This is also a tricky case where the server you are connecting through may also be used for other communications that make the software useless in some cases if you block that specific connection in the rules.

    Your final question however is where the firewall and a sniffer comes in handy. I would encourage everyone to get familiar with their FW logs and learn how to read them after they have had a sufficient intake of coffee. In this scenario you would be investigating the comm and then perhaps writing a temporary blocking rule to help identify the offending application and then removing it if this type of cost is too high for your preferences.

    Remember, every rule you deploy is eventually going to cost you some performance; especially if that rule is not properly formatted and specifically targeted. What I have seen and been guilty of in the early years is writing something too broad that then starts mucking up things it should not with the added joy of troubleshooting - testing - rewriting - troubleshooting - etc.
     
  6. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    What innovations? Firewalls are doing the same like 25 years ago, the only difference is, they added some partial protections against known attacks like DDoS and such. Implementing HIPS into a firewall (Comodo/Private Firewall), is not an innovation, that is symbiosis with a different product, which can be done using separate products.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Quite an extensive reply, but I now think I get what you're trying to say: it all comes down to trust. If you do not trust some app, don't use them. And yes, the only way to solve this problem is by making specific rules, like blocking apps from connecting to certain IP ranges.

    Perhaps it was a bit of a silly question, because I do not think that firewalls will ever be intelligent enough to distinguish between legitimate traffic and "phoning home" traffic. On the other hand, some advanced firewalls/HIPS are trying to spot suspicious traffic, in order to stop traffic to so called command-and-control (C&C) servers, which are used by malware/botnets.
     
  8. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    142
    You are right, firewalls are/becoming "Bloatware"
    A lot of nonsense adding AV and HIPS, with system corruption and slowdowns.

    Just want a basic firewall with out the extra crap. Can any of you big companies do that? I think not, worship the mighty $.
     
  9. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    494
    Windows has a built in firewall Circuit , no need to pay or wait for crapware.
     
Loading...