Software firewalls

[stevvi]

This subject came up in another thread that I can't seem to find anymore, so apologies if I'm repeating stuff. Also, please direct me to the old thread too.

There seem to be a lot people out there who diss software firewalls at every opportunity but offer no alternative to monitoring outgoing connections to the internet. In that other thread someone even said they knew their computer so well they knew what was connecting and not connecting without using a software firewall! Tha's impressive but way beyond me as it seems a significant proportions of programs try to connect to the internet during installation without asking for permission or saying that they are doing so. The only thing that stops these programs connecting is my software firewall.

So... the thing I want to know is, is there a simple program that will monitor outgoing traffic, an outgoing only firewall if you like? My router takes care of the inbound stuff so I really don't need a full software firewall.

Also, all those folks who refuse to use software firewalls, assuming you're not all connected to your computers via a 6th sense, how do you monitor what your computer is sending out?

[Firon]

Common sense with what I install/run basically. I just don't really need it... just like an anti-virus. I don't use either, and I've yet to have a problem. And finding a virus manually is generally quite easy, I've done it on other PCs. But that's just me.

http://forum.utorrent.com/viewtopic.php?id=1634 is the thread you're looking for, I think...

[tumu]

Any good trojan/virus/worm/spyware will bypass software firewalls running on same computer.

[BoC]

There's a new programme called AppDefend which can amongst other things control which programmes have internet access. After the trial expires it turns into a crippled free version, but I can't find any information on what features will be dropped.

Or there are free programmes like Active Ports which monitor network connections, although can't be used to block anything.

I don't have a router. I used to run Kerio, but have now switched to the Windows XP firewall (because it's apparently one of the most efficient packet filters) plus Active Ports.

[Inf]

...it seems a significant proportions of programs try to connect to the internet during installation without asking for permission or saying that they are doing so. The only thing that stops these programs connecting is my software firewall.

I am just wondering, why do you care ? It connects to the internet, so what ? It may send stats to the server so the company knows how many ppl had it installed. Or, for example it, may check for critical updates. Anyway, if your popular software firewall is able to intercept that connection, its very unprobable that the program is attempting to hide it.

So... the thing I want to know is, is there a simple program that will monitor outgoing traffic, an outgoing only firewall if you like? My router takes care of the inbound stuff so I really don't need a full software firewall.

If i would like to test some particular software on the topic of making outgoing connections, i would use a network sniffer running on a separate PC, and connect it on the same hub with the tested one. Yet, still, if the program wants to spy on you, it wont send anything in a sterile environment, it will only do so after you have tons of things running, so you will probably miss its connection while manually going through the sniffer log.

IMHO the bottom line about all this, if you dont trust the program - dont run it. At the moment you did, it can do anything.

Also, all those folks who refuse to use software firewalls, assuming you're not all connected to your computers via a 6th sense, how do you monitor what your computer is sending out?

I just dont :-)

[stevvi]

Firon, unfortunately I seem to install (and then unistall) just about anything and everything, even so I haven't had a virus in 12 odd years, but that may be down to never having used Outlook.

tumu, I do realise what you say is true but that doesn't mean I shouldn't stop the "bad" ones, and also any old program from contacting the net.

BoC, big thanx for the AppDefend link. It seems to be just what I'm looking for.

Inf, I care about what programs contact the net from my computer for the same reason that I don't want to carry an identity card, or have CCTV in my living room, or have perfectly harmless and honest people wandering about my house, or have a store "bonus card". Although I have nothing to hide, I just like to keep my privacy. I am sure that when most programs try to connect to the net they are doing something harmless but surely the software programmers should have the respect to let me know exactly why the program is trying to connect, and then let me decide if I want it to? This isn't really a matter of trust, it's uncertainty... and my software firewall stops it to a certain level.

Cheers all.

[ColdArmor]

The last time I had a vrius was about 3 years ago.. o_o

[splintax]

Common sense with what I install/run basically. I just don't really need it... just like an anti-virus. I don't use either, and I've yet to have a problem.

Me too. I have avast for on-demand scanning when I'm suspicious, but just use the WinXP firewall - mainly to get it to shut up.

Like others have said, a decent virus can bypass them. However, I have to admit that back when I was on dialup using ZoneAlarm (ie. no router and no WinXP firewall back then) it saved me from the Blaster worm after I reformatted my PC..