Personal Firewall - Block all but some application

We have a client server java application. The communication is provided by

using the Verizon's wireless internet cards. That means that the computer is

connected to the internet all the time. Now we wanted to install a firewall

that would block all the other applications like internet explorer, chat

programs and mainly all the spyware. But the thing is we do not want pop up

messages that ask for our approval to allow or deny any application. We just

want our application which runs on a specific ports using static ip

addresses on the server and the client PC's to access the internet. The user

using the system is not very computer literate and we would not like for him

to see any of such messages. We tested some personal firewalls but all would

pop up the message. Could anybody suggest a firewall that has such options?

All ideas are welcome

Reply to
Ashish Joy
Loading thread data ...

You're not going to find anything that's going to give you what you're looking for. It's either App Control is enabled and one has to deal with it or App Control is disabled in the PFW solution and it's not used at all.

App Control in PFW(s) is overrated and can be easily circumvented and defeated by malware.

The end-user has to be somewhat aware of what he or she is doing is the bottom line when it comes to controlling malware making it to the machine.

Duane :)

Reply to
Duane Arnold

Don't post through Google... you will miss loads of replies.

Reply to
jo

Install Linux on the computer, using java environment, and move the application. Make shure no services are started amd you are safe.

No need for "firewall-software" in a secured computer system.

Reply to
phn

AtGuard will, er... won't it?

Reply to
jo

jo wrote in news: snipped-for-privacy@dyke.uk.clara.net:

I don't put a whole lot into App Control period. It's damn near worthless as far as I am concerned.

Duane :)

Reply to
Duane Arnold

Sygate Personal Firewall has application level blocking and DDL authentication.

formatting link

Reply to
Vacant

So, to answer both of your questions, 10 times out of 10 when someone stops svchost.exe from accessing the Internet, it's not svchost.exe that wants the access as it is only the messenger. It's always some other program element on the machine that wants to use svchost.exe on its behalf. That would be an O/S or malware program wants usage of svchost.exe.

So, one stops Svchost.exe from accessing the Internet with App Control not knowing what really wants the access. Then one turns around and allows svchost.exe to access the Internet for some other reason. What happened to the reason that svchost.exe was stopped not knowing who, what and why one stopped svchost.exe. The other reason didn't go anywhere and is still on the machine. Many elements on the O/S that provide Internet access are treated in the same manner. One stops the access for an element but one knows not the reason why and then let's it have access for some other reason.

Malware can beat a PFW with App Control at system boot and get to the TCP/IP first and be done before any non-integrated O/S component such as a PFW solution with App Control can even get their and stop it. MS XP for SP2 is supposed to have App Control that will get to the TCP/IP first since it will be integrated with the O/S.

Secondly, most users use App Control as a crutch and if it's not sounding off, then one thinks everything is an OK when malware has circumvented and defeated the APP Control solution. Or it sounds off so much that the user just resorts to blowing it off and clicks *yes* let it go as I am tired of it asking.

I use to be a big fan of App Control in the PFW solutions. I am not anymore and I have looked at App Control in some of the other products as well. I use other tools and means to tell me what's happening. BlackIce with its App Control is active on the machines. I consider BI's App Control to be one of the best but I don't depend upon it either. I don't consider App Control to be the stop all and end all solution in any PFW solution as many others do.

IMHO, it's damn near worthless as far as I am concerned. :)

Duane :)

Reply to
Duane Arnold

Why? Is this not a bit like saying that since software firewalls have inherent flaws, there is no point talking about them?

I reckon that a software firewall is better than no firewall, and that app control is better than no app control.

There are several fw's that will give the OP what he is after... the fact that they can be circumvented does not invalidate his question.

Security is not really black and white; most people work in shades of grey

It did amuse me a bit to see that a selling point for Outpost Pro was that it blocked leak tests; it is hardly difficult to configure a firewall to block specific tests...

Reply to
jo

As long as it stops IE, the biggest malware of all... :)

Reply to
Odd H. Sandvik

Odd H. Sandvik wrote in news: snipped-for-privacy@news.online.no:

I don't have any problems with IE. :) But If I wanted to stop IE on a NT based O/S using NTFS, I would go to the Securty Tab and Deny Read/Execute permissions for all accounts on IExplore.exe.

Duane :)

Reply to
Duane Arnold

Not a bad idea! :)

Reply to
Odd H. Sandvik

Reply to
Ashish Joy

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.