Sign in to follow this  
iWarren

an urge to reconsider. a firewall story.

Recommended Posts

it has been but a year, since you have made the changes, to go without a firewall.

my urge for you to reconsider the firewall.

I sincerely believe, that your firewall made a difference,
because the people who used it.... understood that what was not implicitly allowed,
would be denied. and thus, there would be no service, for what was not implicitly allowed.

i know i have come a bit late into the game, but i still believe, one year later. that the Emsisoft
firewall, did me more good, than any other alternative. I do not trust the Microsoft firewall, and for
good reason... because Microsoft, is only interested in selling itself.

There must always be a system of checks and balances, one thing, that checks another... i think
the one thing that needs to be checked, is Microsoft.  and not just that, but its firewall.

There is a reason why, people were upset with you for giving up on the firewall, its because,
we knew that you were diligent in your efforts. 

Yes, a breach of security is often dealt with, with a change of file architecture, which your software
monitors closely.... but i also believe, the strength behind your software, relied on the multiple approaches
in security... a close watch on the traffic.

i say all of this, from a session i have had... i play a game called HalfLife, but it runs from a platform
called Steam.  

in order to support the servers, the servers make requests to host ads on their servers, which comes through
the steamwebhelper.exe application, which seems to accommodate itself as a web application... but now i suspect
it might even circumvent that..... and may even be going through the steam executable itself.

in the past, i was able to block the traffic and allow what was absolutely necessary, but now, i am fairly certain,
my system is exposed, vulnerable to every attack.

i trust in Emsisoft, to leave no stone unturned... and if all else, an investigation.... into whether the software of today
is  providing the same service, if not better, from the one of last year.

My urge to bring back the software firewall, is as dire, as the day it was taken away.  please reconsider.

  • Upvote 1

Share this post


Link to post
Share on other sites
44 minutes ago, iWarren said:

... the people who used it.... understood that what was not implicitly allowed,
would be denied. and thus, there would be no service, for what was not implicitly allowed.

The firewall in Emsisoft Internet Security didn't work that way. Under certain circumstances, with unknown applications, it would display notifications for certain behavior. That being said, most activity was allowed automatically.

Even Online Armor, which was far more advanced (at least when it came to the features and configuration), did not operate that way by default. When someone did configure Online Armor to block anything that was not explicitly allowed, they were usually rather confused as to why everything suddenly stopped working.

 

49 minutes ago, iWarren said:

I do not trust the Microsoft firewall, and for
good reason... because Microsoft, is only interested in selling itself.

There must always be a system of checks and balances, one thing, that checks another... i think
the one thing that needs to be checked, is Microsoft.  and not just that, but its firewall.

Then my recommendation is a hardware firewall. Get a cheap router that you can install pfSense on, and you can configure it to your heart's content. It should be vastly more advanced than the firewall in EIS was, and you don't have to worry about whether or not you can trust Microsoft's firewall.

 

53 minutes ago, iWarren said:

in order to support the servers, the servers make requests to host ads on their servers, which comes through
the steamwebhelper.exe application, which seems to accommodate itself as a web application... but now i suspect
it might even circumvent that..... and may even be going through the steam executable itself.

Steam is safe.

Steam is built on Chromium, and thus its other processes require the steamwebhelper.exe process in order to handle not only viewing web pages in the Steam browser, but also to handle layout and rendering of the Steam interface (both in the Steam application itself and in the Steam Overlay). Keep in mind that Chromium is built around a multi-process design where there are multiple rendering processes running to handle rendering different content, and Steam (since it is based on Chromium) will inherit this behavior, and thus there will be numerous instances of steamwebhelper.exe running.

Share this post


Link to post
Share on other sites

I think v9 of 'Online Armor' could be configured to work that way,
as i remembered having it setup in such a manner.

You could turn on/off whether OA used settings from trusted applications,
and if it was off, it would rely on your own settings (via firewall menu)

Which, then if you had another option in the firewall settings, to always treat
new connections as "trusted/untrusted/ask for permission",   and this was
really helpful, because you could be informed of connection attempts by particular
programs, and then make informed decisions, on whether to allow/deny.

Once you took care of the basics, of allowing all of the common Windows programs/services
through. (Which.... case depending, may or may not be in your best interest) 

Then it just became a matter of your common every day applications being allowed, and then,
everything else.... you really did want to be notified about what was "trying" to connect. 

I can remember several instances, where, I was notified about an application making a connection attempt,
and for one reason or another, i blocked the attempt, because it was not in my best interest to allow it.
Many programs now days have these sort of "call home" procedures, that you may or may not want to allow.

I really do like your idea of a router firewall, like pfSense... and idealy, everyones router they use for their
internet, is taking care of their security like it is suggested.  However, I think there may be, people like me... who
may have router issues, for example.....

My current router seems to have some sort of flaw in it, where it won't let me access IRC ports by forwarding them,
i suspect because it is already listed in a set of pre-set firewall rules, so in order to get certain ports to be allowed in
conjunction with others, i have to kind of "glitch" the firewall router on/off.   I realize, it is hard to for-see junky router
setups like this... but perhaps this is why i believe, the hardware router should not be the last line of defense.
nor do i think that.... reaction to a programs bad behavior should be a last line of defense either.

It's that middle ground i liked.... where i kind of felt like i had some "control", over what was being allowed and denied.

Another thing to consider.... I do not consider myself to be an advanced user,  and whether you think i am an intermediate
user in reference to my knowledge of computers, i leave up to you. lol but... If it is suggested that if i truly want to worry
about a secure network solution.... that I should acquire router/software like pfSense.... what hope then, is there for people
with far less knowledge than me?  

I pose to you a question, that If you could go back in time, and create Online Armor, the exact same way as you have
created Emsisoft Anti-Malware, today.  Would you have done it?   If you had not created OA the exact way that you did....
I would have not acquired half as much knowledge of the necessary programs required to run.... and i would not have
learned all of the ports required for each windows program, for it to function normally.   For me,  OA was an invaluable stepping
stone.  Sure, it may have been frustrating for me at times when I blocked the wrong program, or blocked a wrong port.... but
i always knew that "I" did it, and that "I" was responsible for when my system crashed, not OA. 

I've never seen a system failure, that did not have some good reason behind it... (except for maybe Microsofts Windows 10 "Something happened. error")

People should be returning to the way of belief that.... Mistakes are a good thing, it is how we learn invaluable lessons.

Equally so with Firewalls.... Notifications are a good thing, it is how we learn what is happening behind the scenes.  If a firewall has little
to no notifications, and is just running quietly behind the scenes, is it truly serving its purpose?  

It goes back to the 3 elements of security,  "Ease of Use" -> "Security" -> "Functionality",   any sacrifice of one, and the security triangle
becomes weaker.  I think Emsisoft, should be sacrificing some "ease of use", in order to maintain the security of a system....

It is like a police man, who is always quiet..... is he quiet because... no crimes are being committed, or is he just being quiet so that
everyone has peace of mind that no wrongs are being committed. 

peace of mind, can be maintained not just by remaining on duty,  but also by demonstrating it is performing its duty.
you don't want a worker who shows up to work,  just to say "i am here",  you want to feel the presence of the worker.... by how much
it is accomplishing.  Whether it is by actually catching something in the act, or by it telling you what its been doing.

That is one way I had some peace of mind with the firewall system, is that... when i was addressing firewall notifications,  i had a good idea
of what was going behind the scenes, i maintained a sense of control.   once the system processes, and tpyical behavior is eliminated from the mix,
you are not faced with an over-abundance of notifications either.

anyways, i say all of this out of sincerity for computer security in general, and i hope that the developers/tech support, do not take
this as an insult for their current efforts... because I think the world of their accomplishments with Emsisoft and the efforts to
maintain security.  

I just strongly believe the infrastructure that was set up before, really made a difference...  for me, it was an extra layer of security,
that really put it over the competition.


 

 

 


 

 

 

 

 

Share this post


Link to post
Share on other sites

in regards to steam being safe.  i would say it is as safe, in the context of how safe we believe the Chrome browser to be.

Which, the chrome browser, would have to make any of the same allowances as any of the other browsers out there,
in regards to use of javascript and plugins.  We would also have to factor in.... that steam is going to have its own settings for
what the chromium browser would allow.

I play a game called "Half life 2: source", and there is an intro page, that back in the HL2 days, it was designed as a portal to offer
up a custom HTML page.  Apparently, some use it for hosting ads, and judging by what I seen allowed.... it allowed basically the
same things you would expect from any site riddled with spam links.   Also.... I had observed, literally 50 - 100 steamwebhelper
connections being opened from various ip's, so i think it is safe to say.... that quite a lot is being allowed.  I used to just block the
steamwebhelper and that was that.... but now i suspect that maybe it might be defaulting through Steam.exe or maybe even hl2.exe
as my ping jumps up to 500ms and when given a command to disable ads, it drops back down to 80ms.    so obviously, something
more is going on behind the scenes here.

This is one instance that the software firewall used to be helpful to me... i could monitor such events, and could address them
accordingly, allowing only specific ports for the specific program.

and even a router solution, in this case, is not ideal... because on some servers, maps get served via port 80.

i do agree that.... chromium os would use additional rendering instances, but pretty sure that does not apply in this case, at least not
on such a large scale, and from so many ip's.  The host of the server already said it uses ads to host its server... and in the past, has
dealt with ads with somewhat nefarious intentions.

Share this post


Link to post
Share on other sites
5 hours ago, iWarren said:

I think v9 of 'Online Armor' could be configured to work that way,
as i remembered having it setup in such a manner.

I know that at least version 6 and newer had an "Advanced Mode" that worked that way.

 

5 hours ago, iWarren said:

... idealy, everyones router they use for their
internet, is taking care of their security like it is suggested.  However, I think there may be, people like me... who
may have router issues, for example.....

Many routers (especially those provided by Internet Service Providers) are easy for botnets to gain control of. Too many of them use hard-coded passwords, leave SSH and telnet ports open, and have various other security issues that make gaining control of them trivial.

Most home routers also have rather poor traffic controls. Since the average router manufacturer wants to sell devices with the sort of advanced control you want to corporations for a much higher price, you can usually only get home equipment that has that level of control if you install third-party firmware on it (DD-WRT, Tomato by Shibby, pfSense, etc).

 

5 hours ago, iWarren said:

It's that middle ground i liked.... where i kind of felt like i had some "control", over what was being allowed and denied.

You technically have that same level of control with the Windows Firewall. Windows also comes with some tools for monitoring TCP and UDP connections (hold down the Windows logo key, type resmon into the field, click OK, and switch to the Network tab), and these tools are better than similar features that were in Online Armor. The only area where the Windows Firewall might be considered "lacking" is in regards to how it handles creating firewall rules and presenting information about programs opening network connections to the user, which happens to be where third-party tools pick up and make the Windows Firewall more functional.

 

5 hours ago, iWarren said:

... what hope then, is there for people
with far less knowledge than me?

There are routers that can be purchased that come with Linux-based firmware and include better firewalls than what comes on home routers. Some setup is still required, however if someone is paranoid about security then the only real solution is to learn about it. After all, someone can install all of the security software in the world, but if they don't understand security then how with they ever be able to know for certain that their security measures are working. You can give them pretty graphs of network activity to look at and tables full of information about running processes and open sockets, however if they really are paranoid then there's no reason to believe that they would always be satisfied with that. Once they can analyze the packet captures themselves, the paranoia will start to go away, because they know what's going on.

 

5 hours ago, iWarren said:

I pose to you a question, that If you could go back in time, and create Online Armor, the exact same way as you have
created Emsisoft Anti-Malware, today.  Would you have done it?

You mean with no firewall?

 

5 hours ago, iWarren said:

Also.... I had observed, literally 50 - 100 steamwebhelper
connections being opened from various ip's ...

That's probably from all of the ads. If they're embeded in iframes, then the Chromium engine may start another process to render them. It really just depends on the settings, however now that Strict Site Isolation is mandatory in Chromium I imagine that you may even see more instances of the steamwebhelper.exe process running.

 

5 hours ago, iWarren said:

... now i suspect that maybe it might be defaulting through Steam.exe or maybe even hl2.exe
as my ping jumps up to 500ms and when given a command to disable ads, it drops back down to 80ms.

Steam.exe will launch steamwebhelper.exe and will make heavy use of it. I don't know exactly what all it handles (it may be responsible for some client/server connections as well), however I do know that nothing shady is going on with this process.

 

5 hours ago, iWarren said:

This is one instance that the software firewall used to be helpful to me... i could monitor such events, and could address them
accordingly, allowing only specific ports for the specific program.

You don't need a firewall to monitor stuff like that. Actually, Online Armor was less useful for monitoring this kind of thing that tools that come bundled with Windows (netstat, Resource Monitor, etc).

 

5 hours ago, iWarren said:

... on some servers, maps get served via port 80.

Many games with dedicated servers allow server administrators to configure a HTTP addresses for maps to be loaded from, as loading them over HTTP is faster than the game loading them directly from the dedicated server.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.