Are there any firewall programs that will block apps from running? I know norton does this 2005, but I'm looking to possibly not use it and go a better route cus of system resources and norton just causes some issues with its firewall. what i was hoping i could do is in a firewall program just tell it to find an installer file or the actual program file or both and just not allow it to run. even if you try to download another of the same program like a demo or trial version it still also would not run. even if you renamed the program name it wouldn't run.
You want something with pure application control. Try BlackIce PC Protection. After you baseline your system it will prompt you for permission to run any new application, components, or newer versions of the applications and components baselined. You can also change permissions to run a program or allow a program to communicate over a network.
I use the freebie Kerio firewall 2.1.5 to keep IE from running. After installing Kerio, I just denied each access IE requested. Now it cannot run. Its icon sits on my desktop reminding me of what slop MS has foisted on us through the years.
Oh, yeah, now they say they are interested in security. I guess enough companies in Europe have dumped them. Good!
thanks guys, what i want to do is have it block virtual pc and vmware workstation. so, if you say download the file from usenet illeaglally and i want to block it so no one could install it or if it is installed, block it from running. then if you change the installer.exe filename it still would need to be blocked, so just renaming it wouldn't work, or if you download a demo trial version from microsoft.com/virtualpc that would be blocked and so would the vmware workstation trial, also if they released a new version of the demo software or software itself and someone downloaded it from usenet or something and installed, it would need to be blocked as well, not each time blocking each one, but blocking what's currently on the system and then no future one would work. or if it is even possible to just tell it don't let this run and it somehow knows via a database or whatever.
It's not quite the same. BlackIce controls all applications, regardless of whether or not they access a network. Kerio only controls network applications.
Else it is running already? huh? Ok, inside norton firewall you manually configure access rules for programs or it is automatically done by norton. so, you can go in and disable access. you tell it to search computer for all programs, it does and puts them all in a list where you can edit the access rules such as manually configure or automatic. it doesn't let the program online if you disable that. also it may not even let it open but i am not sure cus i havent looked for a while. i do know it prevents online access though totally. i also know that cyberpatrol www.cyberpatrol will block files from opening at all. but it sucks for some stuff so i never use it anymore.
a firewall in my opinion and i don't really know hardly anything about firewalls, but in my opinion it should do it by code. it needs to know the code in the exe or something. i don't know. like ok, it can come with a pre defined list of programs and you can enable or disable them. then if you rename the file thinking it might bypass it, it would not work because the code is still the same in the exe file or whatever file it may be. downloading new versions the firewall still would block them not having to manually block them each time you get the file. maybe the code would have to be similar so much that the firewall knows, ok i already have this blocked. even tho some or most of the code in the new version might be different.
i don't know anything, but i have my ideas and opinions on how it could work.
i just know that at least for me, i want to be able to tell something to block vmware workstation and virtual pc. and if someone downloads a new version from their web sites or newsgroups, it is still blocked.
Joe wrote in news:20050305001139.056 $ snipped-for-privacy@news.newsreader.com:
regardless
installed,
BlackIce's Application Control is good, but BlackIce Application Control or for that matter any other PFW solution with App Control or any other type of software App Control can only do so much. There is no *pie in the sky* solution that's going to save anyone from them self or someone trying to help someone save them self is the bottom line.
The user has to be computer savvy enough to even recognize various threat situations when they arise and most don't. Therefore, an application control solution is worthless for those type of users.
If you want app control do the following:
1) Don't install it.
2) If it is installed, remove it.
3) If one doesn't want something to run, then one does #2 or if one can one goes to the O/S and stops execution of an application.
If you're looking for some kind of *saves all, ends all and pie in the sky crutch* app. control solution, it is simply not there. ;-)
That is not a firewall program. That is something only the operating system can do. The firewall cannot decide what you can run or not. It can only control (or try to control) what is already running. What you can do in XP is to lock down the computer that users cannot install software anymore. You can limit what applications installed users can use (software policies). That is the best you can get. Some software deciding what is a good program and what is a bad is pretty much impossible if you don't have a very specific set of requirements on the programs that you are able to specify in detail. Virus scanner do something like that but are only able because basically they have a list of the bad stuff...
You are correct and I was not and I am sorry. About the firewall not blocking apps from opening. They can block net access. I'm sorry I was not more clear.
I just want to not to be able to get on the internet with vmware workstation or virtual pc. I do not know how to do this if it is possible. I can install it and want to block them from getting online. Is this even possible?
Please don't say, then don't allow someone to install. This isn't an option because I'm the admin and no one else uses the pc. So I'm just wondering if there was a way to block net access to vmware and vpc.
Just to verify: Norton Firewall does prevent a program from running (that means obviously that it prevents it from starting because else it is running already)? On what basis should it do so? How should a firewall decide which program it prevents from running? Please elaborate...
Well, umm, I want vmware and virtual pc to not be able to access the net. the app itself which of course then no apps inside vmware and vpc would be online either. a firewall program may or may not work because then if you redownload it then yer screwed and vmware and vpc get online again. what i want is not to have to each time manually block them. i don't know if norton can do this or other apps maybe can.
Yes, this is for content filtering. To protect my family and mostly myself from accessing certain content online. using vmware and vpc you can bypass newsgroup filtering on my network. because no router in the world filters newsgroups based on content/keywords etc. so you can install vpc and vmware, install windows, load up a newsgroup program to get at the p*rn newsgroups and so on. by not letting vmware or vpc online this can't happen. since i am the only one using this pc really i need to set up something so that if i try to re download it from newsgroups or a demo from ms.com and vmware.com sites, it won't install or it just won't go online.
please don't mention stuff other then my orriginal question as i am not here to debate or argue about myself. i only wish to discuss the main topic at hand, nothing else. I'd really appreciate it a lot because every time someone posts in newsgroups, the subject always goes onto something else and i don't want that here.
Access is something completely different than blocking a program from running. Malware is running and tries to access the internet. Your firewall may or may not block this access, i.e. the malware gets an error message telling it that it cannot open that connection (just like it would get an error message if the host was unreachable). However, it is still running. The program can afterwards still try to do something else.
As I understood your original posting you wanted something that blocks something completely from running, i.e. prevent a trial demo (which does not necessarily require the network at all) from running (in my sense from starting as after the start it is running...). Preventing a program from execution in the first place cannot be achieve by any firewall as firewalls detect network traffic and for network traffic a program must be running already.
So, you could block URLs to prevent downloads but that is not what you wanted. You can implement software policies and prevent software from starting and installing. If it is running all the PFWs I know detect network traffic and block connections but do not shutdown the application that tries the access. As PFWs are linked to network traffic of actual running application a PFW can obviously not block an application from starting as it does not know what it will do. A anti-virus prevents malware from starting.
It does block some online access but it cannot block all. If some software uses the internet explorer to tunnel and IE can access the internet software can tunnel through IE. I just want to make that clear as people are often quick if absolute statements like yours although it is not possible and others are very surprised to find out about software that talks to the internet and their (properly configured) PFW does not detect it...
I still don't quite understand what you exactly want to block. If you have a computer installed and just want to run what is on there, software policies. You can prevent normal users from installing software at all. If you just want some specific software from blocking it gets extremely tricky just like anti-virus is difficult and your problem is basically an anti-virus problem. Any new version or built of a software has different EXEs and looks different. To block vmware you must identify all possible vmware version (like anti-virus companies create signature for all possible variations of a virus) and list them. This is easy for anti-virus company because they define what is malware but in general the number of applications available is just to big to list them all. The only proper way to do this is to prevent users from installing anything and running anything else that what is present on the computer. IMHO this is the only way that you have control...
My windows does not have "sharing" for invidiual files including exes. It does have it only for folders.
I suppose you mean the security tab of windows to set permissions on the executable. These however do not apply to applications that people download from somewhere. Downloaded files have the permissions of the user who downloaded them and he can execute it. You cannot define permissions on files that do not yet exists on your computer. What you suggest would give some control on the application that have been installed already. However, I think setting individual permissions on executables is a very difficult and cumbersome process. XP's software policies allow access control to applications in a much easier way...
O.K. I see. You want to run vmware or virtual pc on your Windows machine. You do not want vmware, virtual nor the applications running inside the virtual environment to have access to the internet. Is that correct? Or do you only want to block the applications running inside the virtual environment?
To restrict the inside applications I think vmware or virtual pc should have options to configure the network access for the virtual environment (basically if the host network settings should apply also or not). As an alternative you should be able to configure the inside OS in the same way: just remove the route to the gateway so that only LAN addresses are accessible. This way an inside application would get an host unreachable for any address outside of your LAN (if you have a LAN).
This would be the reasonable way to do it if you want to use vmware. This way vmware for example can download updates if necessary but the inside environment is limited.
If you want to block vmware/virtual pc as well (assuming that way you block vmware and the inside applications at the same time). Well, in this case you want a host based application-network filter just like a PFW or what the other posters have mentioned. I don't want to give a recommendation here as I generally prefer not to use PFWs and alike for reliable security purposes...
But why do you use ZoneAlarm instead of configuring the virtual machine and removing the network adapters? Would it be better to fix the original problem instead of installing something else to cover it up?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.