Personal Firewall - Block all but some application

Archived from groups: comp.security.firewalls,comp.security (More info?)

We have a client server java application. The communication is provided by

using the Verizon's wireless internet cards. That means that the computer is

connected to the internet all the time. Now we wanted to install a firewall

that would block all the other applications like internet explorer, chat

programs and mainly all the spyware. But the thing is we do not want pop up

messages that ask for our approval to allow or deny any application. We just

want our application which runs on a specific ports using static ip

addresses on the server and the client PC's to access the internet. The user

using the system is not very computer literate and we would not like for him

to see any of such messages. We tested some personal firewalls but all would

pop up the message. Could anybody suggest a firewall that has such options?

All ideas are welcome
9 answers Last reply
More about personal firewall block application
  1. Archived from groups: comp.security.firewalls,comp.security (More info?)

    You're not going to find anything that's going to give you what you're
    looking for. It's either App Control is enabled and one has to deal with it
    or App Control is disabled in the PFW solution and it's not used at all.

    App Control in PFW(s) is overrated and can be easily circumvented and
    defeated by malware.

    The end-user has to be somewhat aware of what he or she is doing is the
    bottom line when it comes to controlling malware making it to the machine.

    Duane :)
  2. Archived from groups: comp.security.firewalls,comp.security (More info?)

    Ashish Joy wrote:

    >All ideas are welcome

    Don't post through Google... you will miss loads of replies.
  3. Archived from groups: comp.security.firewalls,comp.security (More info?)

    In comp.security Ashish Joy <ashishjoy@gmail.com> wrote:
    > We have a client server java application. The communication is provided by

    > using the Verizon's wireless internet cards. That means that the computer is

    > connected to the internet all the time. Now we wanted to install a firewall

    > that would block all the other applications like internet explorer, chat

    > programs and mainly all the spyware. But the thing is we do not want pop up

    > messages that ask for our approval to allow or deny any application. We just

    > want our application which runs on a specific ports using static ip

    > addresses on the server and the client PC's to access the internet. The user

    > using the system is not very computer literate and we would not like for him

    > to see any of such messages. We tested some personal firewalls but all would

    > pop up the message. Could anybody suggest a firewall that has such options?

    > All ideas are welcome

    Install Linux on the computer, using java environment, and move the
    application. Make shure no services are started amd you are safe.

    No need for "firewall-software" in a secured computer system.

    --
    Peter Håkanson
    IPSec Sverige ( At Gothenburg Riverside )
    Sorry about my e-mail address, but i'm trying to keep spam out,
    remove "icke-reklam" if you feel for mailing me. Thanx.
  4. Archived from groups: comp.security.firewalls,comp.security (More info?)

    Ashish Joy wrote:

    > We have a client server java application. The communication is provided by
    >
    > using the Verizon's wireless internet cards. That means that the computer is
    >
    > connected to the internet all the time. Now we wanted to install a firewall
    >
    > that would block all the other applications like internet explorer, chat
    >
    > programs and mainly all the spyware. But the thing is we do not want pop up
    >
    > messages that ask for our approval to allow or deny any application. We just
    >
    > want our application which runs on a specific ports using static ip
    >
    > addresses on the server and the client PC's to access the internet. The user
    >
    > using the system is not very computer literate and we would not like for him
    >
    > to see any of such messages. We tested some personal firewalls but all would
    >
    > pop up the message. Could anybody suggest a firewall that has such options?
    >
    > All ideas are welcome


    Sygate Personal Firewall has application level blocking and DDL
    authentication.

    www.sygate.com
  5. Archived from groups: comp.security.firewalls,comp.security (More info?)

    So, to answer both of your questions, 10 times out of 10 when someone
    stops svchost.exe from accessing the Internet, it's not svchost.exe that
    wants the access as it is only the messenger. It's always some other
    program element on the machine that wants to use svchost.exe on its
    behalf. That would be an O/S or malware program wants usage of
    svchost.exe.

    So, one stops Svchost.exe from accessing the Internet with App Control
    not knowing what really wants the access. Then one turns around and
    allows svchost.exe to access the Internet for some other reason. What
    happened to the reason that svchost.exe was stopped not knowing who, what
    and why one stopped svchost.exe. The other reason didn't go anywhere and
    is still on the machine. Many elements on the O/S that provide Internet
    access are treated in the same manner. One stops the access for an
    element but one knows not the reason why and then let's it have access
    for some other reason.

    Malware can beat a PFW with App Control at system boot and get to the
    TCP/IP first and be done before any non-integrated O/S component such as
    a PFW solution with App Control can even get their and stop it. MS XP for
    SP2 is supposed to have App Control that will get to the TCP/IP first
    since it will be integrated with the O/S.

    Secondly, most users use App Control as a crutch and if it's not sounding
    off, then one thinks everything is an OK when malware has circumvented
    and defeated the APP Control solution. Or it sounds off so much that the
    user just resorts to blowing it off and clicks *yes* let it go as I am
    tired of it asking.

    I use to be a big fan of App Control in the PFW solutions. I am not
    anymore and I have looked at App Control in some of the other products as
    well. I use other tools and means to tell me what's happening. BlackIce
    with its App Control is active on the machines. I consider BI's App
    Control to be one of the best but I don't depend upon it either. I don't
    consider App Control to be the stop all and end all solution in any PFW
    solution as many others do.

    IMHO, it's damn near worthless as far as I am concerned. :)

    Duane :)
  6. Archived from groups: comp.security.firewalls,comp.security (More info?)

    In article <Xns951FB9F4F6063notmenotmecom@204.127.199.17>,
    notme@notme.com says...

    > I use to be a big fan of App Control in the PFW solutions. I am not
    > anymore and I have looked at App Control in some of the other products as
    > well. I use other tools and means to tell me what's happening. BlackIce
    > with its App Control is active on the machines. I consider BI's App
    > Control to be one of the best but I don't depend upon it either. I don't
    > consider App Control to be the stop all and end all solution in any PFW
    > solution as many others do.
    >
    > IMHO, it's damn near worthless as far as I am concerned. :)

    As long as it stops IE, the biggest malware of all... :)

    --
    Odd H. Sandvik
  7. Archived from groups: comp.security.firewalls,comp.security (More info?)

    Odd H. Sandvik <invalid@online.nivalid> wrote in
    news:MPG.1b58bc4227e7dc369896b3@news.online.no:

    > In article <Xns951FB9F4F6063notmenotmecom@204.127.199.17>,
    > notme@notme.com says...
    >
    >> I use to be a big fan of App Control in the PFW solutions. I am not
    >> anymore and I have looked at App Control in some of the other
    >> products as well. I use other tools and means to tell me what's
    >> happening. BlackIce with its App Control is active on the machines. I
    >> consider BI's App Control to be one of the best but I don't depend
    >> upon it either. I don't consider App Control to be the stop all and
    >> end all solution in any PFW solution as many others do.
    >>
    >> IMHO, it's damn near worthless as far as I am concerned. :)
    >
    > As long as it stops IE, the biggest malware of all... :)
    >

    I don't have any problems with IE. :) But If I wanted to stop IE on a NT
    based O/S using NTFS, I would go to the Securty Tab and Deny Read/Execute
    permissions for all accounts on IExplore.exe.

    Duane :)
  8. Archived from groups: comp.security.firewalls,comp.security (More info?)

    In article <Xns9521B8315D4EAnotmenotmecom@63.240.76.16>, notme@notme.com
    says...
    > Odd H. Sandvik <invalid@online.nivalid> wrote in
    > news:MPG.1b58bc4227e7dc369896b3@news.online.no:
    >
    > > In article <Xns951FB9F4F6063notmenotmecom@204.127.199.17>,
    > > notme@notme.com says...
    > >
    > >> I use to be a big fan of App Control in the PFW solutions. I am not
    > >> anymore and I have looked at App Control in some of the other
    > >> products as well. I use other tools and means to tell me what's
    > >> happening. BlackIce with its App Control is active on the machines. I
    > >> consider BI's App Control to be one of the best but I don't depend
    > >> upon it either. I don't consider App Control to be the stop all and
    > >> end all solution in any PFW solution as many others do.
    > >>
    > >> IMHO, it's damn near worthless as far as I am concerned. :)
    > >
    > > As long as it stops IE, the biggest malware of all... :)
    > >
    >
    > I don't have any problems with IE. :) But If I wanted to stop IE on a NT
    > based O/S using NTFS, I would go to the Securty Tab and Deny Read/Execute
    > permissions for all accounts on IExplore.exe.

    Not a bad idea! :)

    --
    Odd H. Sandvik
  9. Archived from groups: comp.security.firewalls,comp.security (More info?)

    Thanks everybody for such informational feedback. After doing some
    testing we have temporarily started using Norton Personal Firewall.
    Its performance so far seems good. Very few pop-ups and ease of use.
    We also tried Zone Alarm Pro. It also seems good and it has some nice
    features like creating custon rules. We went with Norton because of
    its popularity.

    Vacant <vacant@nonews.net> wrote in message news:<n6NGc.8114$LT3.310599@news.xtra.co.nz>...
    > Ashish Joy wrote:
    >
    > > We have a client server java application. The communication is provided by
    > >
    > > using the Verizon's wireless internet cards. That means that the computer is
    > >
    > > connected to the internet all the time. Now we wanted to install a firewall
    > >
    > > that would block all the other applications like internet explorer, chat
    > >
    > > programs and mainly all the spyware. But the thing is we do not want pop up
    > >
    > > messages that ask for our approval to allow or deny any application. We just
    > >
    > > want our application which runs on a specific ports using static ip
    > >
    > > addresses on the server and the client PC's to access the internet. The user
    > >
    > > using the system is not very computer literate and we would not like for him
    > >
    > > to see any of such messages. We tested some personal firewalls but all would
    > >
    > > pop up the message. Could anybody suggest a firewall that has such options?
    > >
    > > All ideas are welcome
    >
    >
    > Sygate Personal Firewall has application level blocking and DDL
    > authentication.
    >
    > www.sygate.com
Ask a new question

Read More

Firewalls Security Networking