• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

Firewall does not monitor applications like IE or Firefox

K

kd833

Flightless Bird
I have a WinXP Home desktop. I'm trying to stop (block) IE6 and
Firefox from having access to the Internet. The firewall does nothing
to prevent either of them from accessing the Internet. I never get the
"Keep Blocking", "Unblock" popup message. Is this the way the Windows
firewall suppose to work? Then I have a application called Tardis
2000. It keeps the system time current. After the first start, I was
asked whether to "Keep Blocking" or "Unblock". I then unchecked the
box to the application in the firewall properties. But the application
continues to access the Internet. I'm unable to get the firewall to
block it again. This firewall makes no sense.
 
K

kd833

Flightless Bird
On Jul 4, 8:33 am, kd833 <kevind...@gmail.com> wrote:
> I have a WinXP Home desktop. I'm trying to stop (block) IE6 and
> Firefox from having access to the Internet. The firewall does nothing
> to prevent either of them from accessing the Internet. I never get the
> "Keep Blocking", "Unblock" popup message. Is this the way the Windows
> firewall suppose to work? Then I have a application called Tardis
> 2000. It keeps the system time current. After the first start, I was
> asked whether to "Keep Blocking" or "Unblock". I then unchecked the
> box to the application in the firewall properties. But the application
> continues to access the Internet. I'm unable to get the firewall to
> block it again. This firewall makes no sense.

Well I have my answer to the second question. I had to remove the
Tardis program from the exceptions list inorder for the firewall to
again ask the question to Keep Blocking or Unblock. But just removing
the check in the box does nothing. I guess the firewall will allow all
outgoing communications through. But I wonder how it determines which
programs to monitor for blocking. The browsers are apparentng not
monitored.
 
B

Bruce Chambers

Flightless Bird
kd833 wrote:
> I have a WinXP Home desktop. I'm trying to stop (block) IE6 and
> Firefox from having access to the Internet. The firewall does nothing
> to prevent either of them from accessing the Internet. I never get the
> "Keep Blocking", "Unblock" popup message. Is this the way the Windows
> firewall suppose to work?


Yes, it is. WinXP's native firewall doesn't monitor out-going traffic
at all, other than to check for IP-spoofing. It assumes that any
application you have on your hard drive is there because you want it
there, and therefore has your "permission" to access the Internet.


> Then I have a application called Tardis
> 2000. It keeps the system time current. After the first start, I was
> asked whether to "Keep Blocking" or "Unblock". I then unchecked the
> box to the application in the firewall properties. But the application
> continues to access the Internet. I'm unable to get the firewall to
> block it again. This firewall makes no sense.


WinXP's built-in firewall is usually adequate at stopping incoming
attacks, and hiding your ports from probes. What WinXP SP2's firewall
does not do, is protect you from any Trojans or spyware that you (or
someone else using your computer) might download and install
inadvertently. It doesn't monitor out-going traffic at all, other than
to check for IP-spoofing, much less block (or at even ask you about) the
bad or the questionable out-going signals. It assumes that any
application you have on your hard drive is there because you want it
there, and therefore has your "permission" to access the Internet.
Further, because the Windows Firewall is a "stateful" firewall, it will
also assume that any incoming traffic that's a direct response to a
Trojan's or spyware's out-going signal is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even the commercially
available Symantec's Norton Personal Firewall is superior by far,
although it does take a heavier toll of system performance then do
ZoneAlarm or Sygate.

Having said that, it's important to remember that firewalls and
anti-virus applications, which should always be used and should always
be running, while important components of "safe hex," cannot, and should
not be expected to, protect the computer user from him/herself.
Ultimately, it is incumbent upon each and every computer user to learn
how to secure his/her own computer.


--

Bruce Chambers

Help us help you:
http://www.catb.org/~esr/faqs/smart-questions.html

http://support.microsoft.com/default.aspx/kb/555375

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot
 
K

kd833

Flightless Bird
On Jul 4, 11:27 am, Bruce Chambers <bchamb...@cable0ne.n3t> wrote:
> kd833 wrote:
> > I have a WinXP Home desktop. I'm trying to stop (block) IE6 and
> > Firefox from having access to the Internet. The firewall does nothing
> > to prevent either of them from accessing the Internet. I never get the
> > "Keep Blocking", "Unblock" popup message. Is this the way the Windows
> > firewall suppose to work?
>
>         Yes, it is.  WinXP's native firewall doesn't monitor out-going traffic
> at all, other than to check for IP-spoofing.  It assumes that any
> application you have on your hard drive is there because you want it
> there, and therefore has your "permission" to access the Internet.
>
> > Then I have a application called Tardis
> > 2000. It keeps the system time current. After the first start, I was
> > asked whether to "Keep Blocking" or "Unblock". I then unchecked the
> > box to the application in the firewall properties. But the application
> > continues to access the Internet. I'm unable to get the firewall to
> > block it again. This firewall makes no sense.
>
>    WinXP's built-in firewall is usually adequate at stopping incoming
> attacks, and hiding your ports from probes.  What WinXP SP2's firewall
> does not do, is protect you from any Trojans or spyware that you (or
> someone else using your computer) might download and install
> inadvertently.  It doesn't monitor out-going traffic at all, other than
> to check for IP-spoofing, much less block (or at even ask you about) the
> bad or the questionable out-going signals.  It assumes that any
> application you have on your hard drive is there because you want it
> there, and therefore has your "permission" to access the Internet.
> Further, because the Windows Firewall is a "stateful" firewall, it will
> also assume that any incoming traffic that's a direct response to a
> Trojan's or spyware's out-going signal is also authorized.
>
>      ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
> built-in firewall, and are much more easily configured, and there are
> free versions of each readily available.  Even the commercially
> available Symantec's Norton Personal Firewall is superior by far,
> although it does take a heavier toll of system performance then do
> ZoneAlarm or Sygate.
>
>      Having said that, it's important to remember that firewalls and
> anti-virus applications, which should always be used and should always
> be running, while important components of "safe hex," cannot, and should
> not be expected to, protect the computer user from him/herself.
> Ultimately, it is incumbent upon each and every computer user to learn
> how to secure his/her own computer.
>
> --
>
> Bruce Chambers
>
> Help us help you:http://www.catb.org/~esr/faqs/smart-questions.html
>
> http://support.microsoft.com/default.aspx/kb/555375
>
> They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety. ~Benjamin Franklin
>
> Many people would rather die than think; in fact, most do. ~Bertrand Russell
>
> The philosopher has never killed any priests, whereas the priest has
> killed a great many philosophers.
> ~ Denis Diderot


I was able to run mmc.exe from Windows XP and build firewall rules to
allow/block TCP/UDP ports for incoming and outgoing traffic from my
PC. Works reat too. Just like my Win2000 PC.
 
You must log in or register to reply here.
Top