I am sick of windows firewall

Do you or do you not know that those programs are legit and should be connecting to the Internet?

Overrated

Worthless

OK if you say so.

Why would you want to stop it?

Overrated

OK

It's a crutch you don't need the good old Application Control in personal FW(s).

BlackIce has one of the best Application Control solutions and I disabled it on my laptop long ago with it asking the worthless questions about what I should and should not allow to run or access the Internet.

I started using other tools and started looking for myself as to what was happening on the machine and abandoned worthless App. Control.

Duane :)

So what is your problem? This is not supposed to happen.

And your point being?

ZoneAlarm tries to get attraction to make the impression it's actually good for something?

Huh?

And why where you searching for it at this place?

So this is a flaw of ZA.

Fine, but please disconnection your computer from the net when you're doing.

Get a Gameboy or some disco lights if you want some blinking stuff.

Yes. And this is intended.

No. Zone Alarm was tricking you by claiming this - as a matter of fact, Zone Alarm only shows what it notices - it only controls, what lets Zone Alarm control it.

So this is useless anyways.

Better keep your system up to date. A firewall cannot protect you from every exploit in your operating systems or applications.

So, Windows-Firewall does a good job here.

Yours, VB.

You're wrong with that assumption, at least for me.

Why should it? The list only lists programs which are allowed to listen() Thunderbird does not.

Why should it? The list only lists programs which are allowed to listen() Hamster does not.

See above.

See above.

Because this is crazy?

Yours, VB.

Nice to find three die-hard Gates fans in Duane, Sebastian and Volker.

That does bring some question about basic working of net connections before I decide upon firewall.

I use Thunderbird as mail reader. It directly connects to net and fetches mails. Then Why should it not appear in the list of windows firewall?

I use Hamster to download my news. It directly connects to net and fetches newsposts. Then Why should it not appear in the list of windows firewall?

Both the above are appearing in za.

Now, I use xananews as my newsreader, but it doesn't connect to net. it connects to localserver in hamster which has got downloaded posts, and fetches posts from there.

It is not connecting to net, then why does it appear in za list? It is not appearing in windows firewall list.

I use firefox for browsing, it is not appearing in windows firewall list. it is appearing in za list.

I use free download manager. it is not appearing in windows firewall list. it is appearing in za list.

When I click on a link in metapad (a notepad replacement), that link should open in firefox. Thus, metapad doesn't directly connect to net. firefox does.

In that case, why the hell za asks internet access permission for metapad?

hope that will clear the fog and would help me see clearly.

Windows firewall prevents incoming connections, not outbound ones. I believe that will clear the fog from all of your other questions.

-Russ.

It doesn't look that way to me.

Because the windows firewall does not concern itself with applications which make outbound connections. To control whether or not such an application can make an outbound connection or not, you simply decide whether to install it or not. If you install a mail reader it does what was intended - it fetches mail.

See above.

Of course, ZA will tell you anything in an attempt to look useful, but you already knew your applications were making outbound connections didn't you? Why else did you install a mail reader and a news reader?

Probably because ZA likes to filter localhost. This increases the number of unnecessary popup messages which make ZA look useful but which are completely useless to users like yourself.

An application which makes outbound connections does not appear in the Windows firewall list. An application which accepts inbound connections (listens) may appear in the list.

The fact that you use it says it has to make outbound connections, so what is the problem??

The fact that you use it says it needs to make outbound connections, so what is the problem??

Side note - free download managers sometimes come with spyware or other crapware

Probably because netpad is using firefox.

See above.

Have you removed ZA and got your external firewall box yet? It will help clear the fog.

Jason

Most likely it will, as only the use of Raw Sockets is an exception. Anyway, this is limited to Administrator users by default.

What's Gates got to do with it?

My advice is turn the crap off it's got you paranoid needlessly.

Why do you care you know it's legit?

Why do you care you know it's legit?

Why do you care you know it's legit.

Why do you care you know it's legit?

Why do you care you know it's legit?

Why do you care you know it's legit?

Why do you care? Why don't you ask Firefox and metapad if it's that much of a concern to you?

You're being blinded by snake-oil and smoke being put into your eyes.

You are sure using ZA or any personal FW like some kind of a crutch. You should know what's running on your machine and what's accessing the Internet and not a PFW trying to tell you what's going on. By using tools like Active Ports, Process Explore, TCPview and other such tools as needed, one can easily see what is running and accessing the Internet. In addition, tools like Process Explorer and Prcview allow you to drill down into a running process that is accessing the Internet and tell you the program/process that is making the request to the program/process that is accessing the Internet on it's behalf.

Stand on your feet and get off the crutch. You go find out for yourself what's running on the machine with you making some kind of determination as to what is legit to be running on the machine, needs to be assessing the Internet on its own, what it is piggy backing off a running process to access the Internet or what's legit or dubious traffic between your machine and a remote site it may be trying to connect with over the Internet.

In other words, you need to learn what is happening and how to go look for yourself and not use something like ZA or any other personal FW with their worthless Application Control features in the solutions to tell you what is happening on the machine that can easily be circumvented and defeated by malware.

Long

Short

Let the PFW or personal machine level packet filter (you don't have a FW as it doesn't separate two networks the one it's protecting from and the one it's protecting) do its job of filtering unsolicited inbound packets to the machine or stop outbound packets from leaving the machine for those PFW solutions that you can set outbound packet filtering rules and forget the rest of the worthless sake oil and window dressing in those solutions that can be defeated.

Also, the link below is where you need to be configuring in the protection of the Windows XP O/S that has a direct connection to the Internet and not the PFW solution as it starts and stops with the O/S and not some PFW solution.

Duane :)

The crowd parts as Volker runs towards the new guy....

-Russ.

It is. If the program wants to connect to the net, no Personal Firewall or whatsoever will stop it.

So why do you install such programs?

Rightout, why don't you configure the programs to not do so? So far I haven't seen any pseudo-legitimate program that doesn't allow to do so.

Then don't install them or pull the plug!

Well, why not running TcpView?

This is not true and you know that is isn't!

So? Configuration is necessary anyway!

Yeah, so far the only known are ZoneAlarm (!) and DC++. DC++ can be recompiled from source with the according option disabled.

Wrong. WMP update check can be disabled in Group Golicy.

HKLM\\SW\\M$\\MediaPlayer\\PlayerUpgrade -> "EnableAutoUpgrade"="no" HKLM\\SW\\Policies\\M$\\WindowsMediaPlayer ->"DisableAutoUpdate"=dword:1

Disabled within Group Policy.

No, you can't. You can try to, but you'll most likely fail.

Wrong. It is fully aware that such a control doesn't work, so it doesn't even try, doesn't implement and therefore has reduced complexity. Actually a very good design decision!

report: netstat, TcpView, ActivePorts... control: you'd wish to have control!

So far not.

It was not known to me the windows firewall concentrates only on incoming traffic, and not on outgoing traffic.

That does clear a lot of fog about the peculiar presence and absence of program names in windows firewall.

However, it is certainly not correct that when I install a program that means I have given a blanket permission to connect to net. There are several programs which have made a habit of connecting to net.

Most common excuse is to check their updates, or to download some driver or extensions.

I don't want them to do it without my permission, at least not without my knowledge. And all their options are quite hidden somewhere is millions of options/ preferences/ settings, that it will make one go mad if he tries to silent every program right at the time of installing xp.

Then, several programs just don't have any option to make them totally silent. Several program will not give any option to manually check for updates. It is necessary to select the biggest duration, like monthly in wmp.

Then, windows own programs like automatic update, connect at their wish, or nag you ad nauseum. windows just need an excuse to go to net. If you try to install a hardware, first option you get is "find driver on net", even if the most likely option is that when you have the device, you are likely to have its driver.

When I use za, then I, at least, come to know that a program is trying to make a connection. At that time, I can stop it for then, or for ever by refusing to za. or go to that program and change the settings in the program itself, if possible.

Thus, windows firewall is a cripple that it does not control, nor report outbound traffic.

Those who are using windows firewall have made a wrong choice.

1. Now, if there is some other firewall that controls/ reports outbound traffic, please do suggest it to me. Till then, goodbye to windows firewall. za stays.

1. Is there any method of silensing za from reporting internal traffic on the pc. Like, it should not report when data is getting transferred within my disk from one program to another program which are no way related to net. It should report only those traffics which are getting/sending data from net. Is there any other firewall with this feature?

thanks.

This is incorrect, and is probably one reason why others have given up responding to you. If we restrict the discussion to TCP (Transmission Control Protocol) then a TCP connection can be made either inbound or outbound. Once a connection (inbound or outbound) is established then traffic can flow in both directions.

See

Which are?

If the updates are security related then you should get them. If not then there should be an option to disable updates. If not then don't use that software.

The XP SP2 PC I'm currently sitting at was installed roughly 10 days ago. I did not install and will not be installing any additional firewall software on it. It is on a network which has an external firewall to the Internet.

If you want to use wmp then you will have to trust Microsoft. Your choice.

Not if you spend a little time configuring them.

So choose the option to search your own media, it's not difficult.

Yes but you'll get yourself in to a complete mess. It's much cleaner to do it behind a real (external) firewall.

Game over. Just do things behind a proper firewall and forget ZA.

I use it. For roughly the past 5 years (Yes I know it hasn't been called Windows firewall for that long). And I'm still here, with no evil hackers in my boxes, so what's your problem?

ZA is crap, for reasons you don't understand yet. That's ok; you're not exactly the minority.

Sure, uninstall the crap.

Yes, it's called an external box.

Jason

Oh, please, Russ, do it for me ;-)

Yours, VB.

All FW's if you want to call a personal FW a FW concentrates on stopping unsolicited inbound traffic. They do NOT concentrate on stopping outbound traffic. If outbound traffic needs to be stopped by a user of a FW solution, then packet filtering rules are going to be set to stop the outbound traffic, which was determined by reviewing FW logs and making a determination that the traffic was dubious in some nature and stopping the traffic.

OK.

If it's an application that needs access to the Internet, then I think that you should know that it needs access to the Internet. And no program is doing nothing out of habit. It's doing what it has been programmed to do whether or not it's designed to connect to the Internet or not connect to the Internet.

They are doing what they are supposed to do and you know that.

That's why on the one PFW solution on the one machine a laptop I use while on the road that uses a PFW, I turned the crap off. I get better things to do. And besides I know what's running on the machine and who is doing what. I also know how to review things and make a determination if traffic coming to or leaving the machine is dubious in nature. Other than that, I don't use a PFW on any of my machines and when the laptop is at home connected to the FW appliance, it's turned off.

OK

The programs are doing their jobs. What do you want? And besides you can disable that option on the O/S and you can take control of that yourself if it's a concern to you.

It's not a FW's job to do that. It's job is to stop unsolicited inbound traffic from reaching the machine. Or if you have one that you can set outbound packet filtering rules is to stop outbound traffic when need be and logging traffic is the FW's job.

However, PFW(s) running on the Windows platform have this other junk in them trying to protect you from *you* that it cannot do.

The Windows FW or packet filter is doing its job, which is to stop unsolicited inbound packets from reaching the machine. The packet filter's job is not to be controlling what's running on the machine but has that feature in it like the other solutions have that worthless feature in it to keep pace with them.

However, the Windows FW will start first before any another application will start on the machine before the TCP/IP is made available to the Internet to protect the machine. Third party solutions such as ZA cannot protect the machine on the boot and logon process like the XP FW can do it.

You must be out of your mind and you do NOT know what you're talking about.

Go get a NAT packet filter FW router that meets the specs in the link and is ICSA certified. They don't cost that much. You can get a good one.

It should not be doing it in the first palace it's not a FW feature.

IPsec that's on the XP O/S too can be used to supplement the XP FW if you need to stop outbound packets. And it can do it by port, protocol, or IP.

However, it's use along with the XP FW is based on you know what's running on the machine in the first place.

I use IPsec and BlackIce on my XP Laptop machine while on the road. :)

I use the AnalogX IPsec rules to supplement BlackIce on the laptop.

If I needed to stop outbound traffic behind BlackIce by setting packet filtering rules for outbound, I would use IPsec. I have not needed to do it.

Duane :)

That's bad. You're always open to IP/50, IP/51 and UDP/500, and your rules will always let pass all Kerberos, NetBIOS, multicast and broadcast traffic. Some of those excemptions can be disabled, some cannot.

I have made my adjustments to IPsec to supplement BlackIce to fit my needs. BlackIce is set to stop all unsolicited inbound traffic and is letting nothing through that's not solicited. In addition to that, I have set rules with BlackIce to block TCP and UDP ports from 1-65535, which means if I take BI off of it highest configuration rule of stopping all unsolicited inbound traffic, it's still blocking all unsolicited inbound traffic.

IPsec is only a supplement to BlackIce or to any PFW solution. It's not a front line defense solution. If I need IPsec to stop outbound that BlackIce cannot do by setting rules, then I'll do that.

In addition, the alters on BlackIce's highest threat level that I was getting that were happening on the attempts on the Windows networking ports even though BI was stopping the attempts came to a complete stop on the notification and logging, once I implemented the AnalogX rules for IPsec, activated IPsec and configured IPsec to start block packets amid at those ports.

Again, IPsec is a supplement solution behind the PFW solution and I am pleased with it's ability to be a supplemental packet filtering solution.

Ipsec is doing its job on this laptop. If it comes past IPsec and BlackIce on unsolicited inbound traffic, then I'll worry about it. :)

I need IPsec to stop outbound if I need it to do it. That's its purpose and why it is there.

Duane :)

I once figured those out and added them to a custom WMP10 installer (skins.inf and skinsmui.inf are unauthenticated).

Group Policy, Computer Configuration, Administrative Templates, Windows Components, Windows Media Player, Prevent Automatic Updates

Group Policy might not be available on WinXP Home, but who likes to run crippleware anyway? Anyway, the registry values are fully documented,

Yeah, and changing them, including the Group Policy settings makes Windows Media Player silent as documented.

You techy or what?

Tools - Options - Player: Automatic updates: Check for updates: One a day/ Once a week/ Once a month (ticked) download codecs automatically.

plus there are several options which are selected as default. They all are to connect to net and download what not.