Firewall nothing but an exercise in frustration

[macx]

I asked what was a good firewall that was easy to use and Online Armor was
suggested, so I installed and am using it.

But - every time I do something like download and install a new application,
such as I've recently been trying to do to get a decent music file downloader
and editor for copying music off of an old reel to reel - at every step along the
way of installing the program I get a question from Online Armor about should
they allow or block something - but there's no way of knowing what that
"something" is. So what good is that?

Case in point - I couldn't get Audacity to run, even with turning off all my security
apps, so I downloaded another suggeted app. While trying to install that, I again got
question after question from Online Armor asking if it should allow or block
something - and the only information given was the name of the file or whatever
it is - i.e. "IGB4TP1 10.03.02" Now just how am I supposed to have any
idea of what that is? And if it's harmful or not?

Just because it's associated with the application doesn't necessarily mean it's OK -
I once lost an entire nearly new hard drive and all the info to a bug placed in a security
program I downloaded off of this very site. And after over an hour working with an MS tech -
not just the help desk - he told me I was screwed.

So how does asking all those questions actually help someone if you have no clue
and no way of finding out what the item is?

Isn't there any kind of firewall that can determine what is harmful and what is not
on it's own? Or at least not ask so many useless questions?

 

[Bobbye]

Thread appears to have been moved out of V&M to another forum.

A comment about firewalls: they can be frustrating, they are easy to use, but you will need to do some research on how to determine what to and not to allow.

In answer to your question:

Isn't there any kind of firewall that can determine what is harmful and what is not on it's own?

The answer is Yes and No!

• All firewalls come with the 'basics' such as closing ports known to be use for malware.
• Some firewalls, like the Windows firewall, only listen at incoming ports.
• Better firewalls, like Zone Alarm or Comodo, are known to be bidirectional. That is, they listen at both incoming and outgoing ports.
  [o] Incoming means access is coming from the internet to your computer.
  [o] Outgoing means something from within your computer is attempting to access the internet.
• No firewall can make all the decisions without input from the user> this is because the user has to define which of his/her programs and apps should have internet access and what type of access.

=====================================================
Here is something I've saved about a firewall- non-geek, the basic understanding:

In the beginning was the firewall, and it was pretty good. A big box of rules that sat between your network and the evils of the Internet, the firewall examined ports and protocols to decide which packets got in and which were barred at the door. Then things got, as things often do, complicated. New threats came sneaking in on trusted protocols, ports and protocols became tangled, and looking inside packets became just as important as noting their source, destination, and type.

A firewall is a way of restricting access to your computer. It's a software program that monitors signals sent from the Internet. The firewall helps filter out the signals you don't want, and allows only the ones you do.

Electronically, a firewall is software you install, such as the Norton Personal Firewall. That software monitors all input from the Internet to your computer, restricting access from those "ports" you don't want open, but allowing access to those "ports" you do. In fact, you can restrict access to only certain IP addresses or domain names, depending on the flexibility of the firewall software.

When the Internet was created, it was an open forum. All computers had all their ports open. So you could telnet, or FTP or basically "walk" into any computer on the Internet. But when the Hackers showed up, they had to develop software to lock everything down. That's where firewalls came in

For example, any PC running Windows NT, 2000 or XP Pro has dozens of these so-called "ports" that can be opened and allow Internet traffic to wander in and poke around your computer. Unless you specific plug those holes, a Hacker could find them and exploit your system. This s how worms such as Code Red and Nimda spread; people don't plug up those ports!.

To see which ports are "open" on your Windows computer, open an MS-DOS or Command Prompt window and type: NETSTAT -AN. The list that scrolls up the screen tells you what's hot and open. Of course, that's just information; to close the ports requires more work and more detail than I can tell you here -- unless you get a firewall!

With thanks to Kathleen, Smart Computing.
=================================================
What are Ports?
Ports are not actually physical connections, they're software connections. A port will not be opened unless there's a program listening on that port. Close the ports by closing whatever program is opening them. If you have the ports open, and you didn't know it, then you've got to find what program has opened them.
Ports are usually designated for the same tasks in most computers. For example, port 80 is generally HTTP and port 139 is generally NetBIOS.

You can manually assign ports, but the receiver of your signal has to have their port on the same setting.
For instance, if you want to use FTP on something other than the generally assigned port 21, both ends of the communication will need to be on the same setting. It's like broadcasting on a CB radio. If you are broadcasting on channel 6, nobody will hear you unless they are listening on channel 6.

Those who are using Microsoft Proxy server can also restrict ports on a NIC (network interface card) that is connected to the Internet by going into the "network" properties, selecting TCP/IP, and advanced security. Other proxy servers offer similar features.
======================================
What are Server Rights?
Some applications require server rights in order to receive incoming connections from the Internet. You can assign the application server rights in ZoneAlarm's Programs Panel. Examples of these would be programs that need to "listen" for connections, such as some chat software, FTP and Internet servers, etc. Netscape's browser also requires server rights to function properly.

On occasion, applications that are configured with server privileges start before ZoneAlarm, in which case they will not be granted server privilege. To resolve this situation, you will need to quit the application in question and then launch it again.

Be aware that allowing incoming connections for such "server" applications will open one or more ports on you computer. These ports will show as an open ports when you test your computer with a security test program.

Sometimes you may see a message that ZA/ZAP is asking for server rights (this simply means that the program is listening on certain ports). Often this is caused by enabling the ICS check boxes. ZA/ZAP should not require server rights as the ICS compatibility is built-in, but it may show up as "listening". The ICS ports it might listen on are ports 17985 and 17987 - note that it listens on these ports on the internal network only, and NOT from the Internet.
========================================
Having a basic understanding of what a firewall is, what it does, how you set the firewall for your system can take much of the frustration out!

 

[macx]

Over the past 3 or 4 years I have tried both Zone Alarm and Comodo, and rather quickly ditched those because they kept locking up my computer and creating all kinds of similar frustrations. Zone Alarm was even very difficult to completely get rid of - had to ask on this forum and go thru a rather complicated rigamarole but finally did completely escape it. So no go on either of those for me.

But back to my basic point - what is the value of asking if I want to block something if all it gives me is a file or app name? With all the windows Online Armor opens, and I'm talking probly well over 50 today without trying anything major, even with selecting "remember", I'd spend way more time researching all those than doing anything else. And just finding out what they stand for doesn't do any good without knowing a whole lot of background info. Just totally impractical and useless.

I've heard the new MS security suite for Win 7 is pretty much "hands free" and operates mostly in the background without pestering the user with all those mystery block/allow windows. That's the kind of thing I'm looking for - but at the present while staying with XP.

 

[Bobbye]

I'm sorry you didn't realize the value of the information I gave you. If you had a "hands free" firewall, I guarantee you'd be complaining about being blocked! Put some effort into it- I used ZoneAlarm for years. It has one of the best 'Help' sections of any software on the internet. I used the paid version.

You aren't grasping the purpose of a firewall and until you do, you will continue to be frustrated. Suggest you get a router for the hardware firewall.

 

[macx]

I don't mind learning the ins and outs of some software, and believ e me I spent many hours struggling with Zone Alarm and finally just got tired of fighting with some effect or other it had on my attempts to access the internet.

And I know darn well what a firewall is, been on the internet for many years and have lost much data and even physically lost a hard drive. I have been using a router for most of those years for that very purpose. I may not be an IT engineer but I'm not a total *****, either. I don't expect everything to be totally hands free but I also don't expect to have to spend more time with what should be resonably straightforward than I do on the main purpose of accessing the internet.

 

[macx]

Case in point - I just now attempted to scan a document for the first time since I installed Online Armor.
With other firewalls I'd maybe have 1 or 2 windows open the first time with the scanner asking about allowing or blocking. This time I had 8 - that's EIGHT - windows, one after the other, that I had to answer before I could proceed to the next step in just setting up my scan preferences. And that was before it locked up the scanner software altogether. I had to quit that and start over. But before I started over I shut off Online Armor - then things worked just fine.

That, IMHO, is totally ridiculous and nothing but excessive. I've got better ways to spend my time.

 

[macx]

I went into the downloads section on this site, security, firewalls, arranged by popularity.

A phrase in the description of one of the most popular ones, the PC Tools firewall, caught my eye - "without all the questions" - that sounded pretty good after spending more time answering Online Armor windows - which gave no useful explanation at all about what I was being asked to allow or block- than using the internet.

So uninstalled OA and installed the PC Tools firewall. Then tried my scanner again for comparison.
I did have to answer 4 windows, but I noticed right away they were even in more of a layman's language and gave a bit of an explanation of what I was being asked to allow or block. That in itself was highly refreshing and the first firewall I've come across that gave that much consideration to the user. Oh, and my scanner proceeded to work quite normally with that firewall operational.

With all my other active protection apps and my router firewall, I'm going to try this one for awhile
and see how it behaves.

So far so good.

 

[LNCPapa]

Maybe this can help you speed up your research on what some of the things being blocked are. I use this site often when looking up process names to get an idea of whether they are safe or not: http://www.liutilities.com

Also, the Windows 7 firewall is bidirectional - but I don't think I can recommend you install it based on your hardware. It would just add another level of frustration for you if you did.

 

[DelJo63]

let's bolt down some basics

All firewalls protect access to ports (both in+out bound traffic) [let's not discuss the XP firewall which only had inbound]

Several newer FWs add application access for outbound traffic

Some also protect application A from launching another App-B.

So for example, given Thunderbird writes [depending upon the target smtp configuration] to port 25,
and that the firewall wants to help you, it will prompt :: Allow Thunderbird port 25? [x] remember and click yes
and that should be the last time for the prompt for Thunderbird.

Now some trojan attempts to phone home on port 25;
you get the same prompt as it's a different application - -
and the goofy name shown on the prompt should clue you that the correct response is [x] remember and NO

Looking that the reverse, you can just allow all requests to port 110,143 as this is the email reader,
and you may have more than one, so forget the application part.

I ran with Comodo for some time, but gave up when the update process took too much effort
and moved to Sunbelt Personal Firewall 4. It behaves like Comodo but no hastles.