Jump to content

Not allowing programs to automatically access the internet.


qwerty
 Share

Recommended Posts

I was a little worried when I started reading the online help/manual (which, incidentally, needs to be made into a downloadable, offline accessible file, such as .pdf or something - even PrivateFirewall has a downloadable manual) and saw that, seemingly, most programs will be allowed to do whatever they want, whenever they want (that doesn't sound like much of a firewall to me). However, reading on, I soon found...

Automatically allow Trusted programs to access the internet – Allows you to change whether Online Armor will automatically allow programs on the Trusted list. Disabling this option will cause Online Armor to pop-up when any program attempts to connect to the internet. This option is enabled by default.

Autoconfigure trusted programs (Advanced mode only) – Allows you to change whether Online Armor will automatically create rules to allow ports and protocols as programs use them. Disabling this option will cause Online Armor to pop-up any time a program uses a new port or protocol not covered by an existing rule. This option is enabled by default.

So, if I untick both of these, then Online Armor will ask when any program or file tries to access the internet? All protocols, all addresses, all ports, In and Out?

Also, I'm sure there is some subtle difference between the two options (and they can be selected individually or together), but at the moment, I can't seem to figure it out. Could someone explain these to me in more detail please?

Thank you.

Link to comment
Share on other sites

So, if I untick both of these, then Online Armor will ask when any program or file tries to access the internet? All protocols, all addresses, all ports, In and Out?

Yes, if any program tries to access the internet you will be asked.

Also, I'm sure there is some subtle difference between the two options (and they can be selected individually or together), but at the moment, I can't seem to figure it out. Could someone explain these to me in more detail please?

"Automatically allow trusted programs to access the internet" covers only the first time a particular Trusted program wants to access the internet. If this option is ticked, but "Auto-configure trusted programs" isn't ticked, then the next time the Trusted program wants to access the internet using a different port or protocol that you didn't allow the first time, you will be asked for this.

If "Automatically allow trusted programs to access the internet" and "Auto-configure trusted programs" are both ticked, you will not be asked when any Trusted programs first access the internet or when they wish to use additional ports or protocols. These actions will all be configured by OA automatically.

If "Auto-configure trusted programs" is ticked, but "Automatically allow trusted programs to access the internet" is not ticked, then you will be asked if you want to allow a Trusted program to access the internet when it first requests it, but any further access on other ports or protocols will configured for you automatically.

Please note that these settings only apply to Trusted programs :) You will always be asked for Unknown programs regardless.

Link to comment
Share on other sites

Thank you for the quick response catprincess.

Yes, if any program tries to access the internet you will be asked.

So, what else could access the internet that wouldn't be asked about?
"Automatically allow trusted programs to access the internet" covers only the first time a particular Trusted program wants to access the internet. If this option is ticked, but "Auto-configure trusted programs" isn't ticked, then the next time the Trusted program wants to access the internet using a different port or protocol that you didn't allow the first time, you will be asked for this.

Your (full) explanation was completely thorough and just what I needed, thank you. I'm not sure I would have worked that out, even if I was wide awake. Just to clarify on this (quoted) point though, when you say "a different port or protocol that you didn't allow the first time", surely if "Automatically allow trusted programs to access the internet" is selected, then the first time is not allowed by me, but automatic? (I'm not being pedantic, well maybe I am, but only because I want to be sure I understand how this works.) Finally, in this situation, if a program only used one protocol aimed at one port (I can't think of an example right now), I would never be alerted? However, if a program, say, tried to load a webpage, it would (almost simultaneously) start a UDP connection to port 53 and a TCP connection to port 80. So, whichever was first (the DNS request, I suppose) would be automatically allowed, but whichever came second would ask for permission?

Link to comment
Share on other sites

Hi querty :),

So, what else could access the internet that wouldn't be asked about?

Non-executable files can't access the internet (for example mydocument.doc can't access the internet although the program you use to open it, for example Word etc, can). I used the word "programs" just to refer to executable files in general.

Your (full) explanation was completely thorough and just what I needed, thank you. I'm not sure I would have worked that out, even if I was wide awake. Just to clarify on this (quoted) point though, when you say "a different port or protocol that you didn't allow the first time", surely if "Automatically allow trusted programs to access the internet" is selected, then the first time is not allowed by me, but automatic? (I'm not being pedantic, well maybe I am, but only because I want to be sure I understand how this works.)

Yes, that's correct. If "Automatically allow trusted programs to access the internet" is ticked, the first request for internet access will be automatic. Sorry if I didn't make that clear originally.

Finally, in this situation, if a program only used one protocol aimed at one port (I can't think of an example right now), I would never be alerted?

Yes, if "Automatically allow trusted programs to access the internet" is ticked this would be the case for Trusted programs.

However, if a program, say, tried to load a webpage, it would (almost simultaneously) start a UDP connection to port 53 and a TCP connection to port 80. So, whichever was first (the DNS request, I suppose) would be automatically allowed, but whichever came second would ask for permission?

Yes. I'm not sure what O/S you have and I'm not all that familar with Vista/Windows 7, but with XP, DNS requests are handled by svchost, so for other programs there'd never be any prompts for port 53 unless you had disabled the DNS Client Service. Assuming you had disabled this service though, then yes, port 53 would be automatically allowed and then you'd prompted for any further ports or other protocols.

Link to comment
Share on other sites

Non-executable files can't access the internet (for example mydocument.doc can't access the internet although the program you use to open it, for example Word etc, can). I used the word "programs" just to refer to executable files in general.

OK. Just checking, but what about...

with XP, DNS requests are handled by svchost, so for other programs there'd never be any prompts for port 53 unless you had disabled the DNS Client Service. Assuming you had disabled this service though, then yes, port 53 would be automatically allowed and then you'd prompted for any further ports or other protocols.

...svchost. This was going to be my next question, is there any way to specify services within an svchost.exe? My previous firewall only recognised svchost.exe in general, but of course, there are dozens of services running inside several svchosts. I know of Automatic Updates, BITS, DNS Client, DHCP Client and I think one or two others that run inside svchost.exe and access the internet. Also, I don't know if it's completely impossible for malware to run inside an svchost.

Thank you catprincess, you seem very knowledgeable.

Link to comment
Share on other sites

...svchost. This was going to be my next question, is there any way to specify services within an svchost.exe? My previous firewall only recognised svchost.exe in general, but of course, there are dozens of services running inside several svchosts. I know of Automatic Updates, BITS, DNS Client, DHCP Client and I think one or two others that run inside svchost.exe and access the internet. Also, I don't know if it's completely impossible for malware to run inside an svchost.

There's no direct way to tell which service is attached to which svchost from within OA itself. However if you look in the Firewall Status window, each svchost has it's own PID (Process Identifier). If you have a program like Process Explorer installed, you can then mouseover each svchost process in Process Explorer to see the service involved and then match the PID in Process Explorer to the PID shown in OA's Firewall Status window.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...