XP firewall

[°Mike°]

Oh. Well I can only report what I saw, which was notepad being hi
jacked to connect out on port 80. The fact that you say 'it can't;
hardly advances the disccussion.

You are totally wrong. Notepad is physically INCAPABLE
of connecting out; it DOES NOT have the code in it.
Tooleaky is merely grabbing text from a window, any
window, and then (trying to) using a browser to
display what it has grabbed. Nothing more.

And here, tooleaky can connect out using IE even if it is closed.

I don't see how. Please explain how this is possible.

And, as I have said a few times, it does not have to be your
browser; it's just that the browser seems to be the softest
target.

Again, you are mistaken. ANY application that does not
have the required code, is INCAPABLE of connecting out,
period.

 

[°Mike°]

I did; you didn't answer the question there either.

Yes, I did.

 

[jo]

You are totally wrong. Notepad is physically INCAPABLE
of connecting out; it DOES NOT have the code in it.
Tooleaky is merely grabbing text from a window, any
window, and then (trying to) using a browser to
display what it has grabbed. Nothing more.

It was the pcaudit test I was referring to here. You saying that
something cannot happen is not an adequate way of describing my
observations no matter how you might capitalise. And pcaudit does not
need a window to grab text, it is using a keylogger.

I don't see how. Please explain how this is possible.

I have no idea; again, I am simply reporting my observations.

Again, you are mistaken. ANY application that does not
have the required code, is INCAPABLE of connecting out,
period.

It seems to me that I have put quite a bit more work into this than
you have.
Since you appear to be interested only in going round and round in
circles, I will shut up now and leave you to it.

 

[derek / nul]

Oh. Well I can only report what I saw, which was notepad being hi
jacked to connect out on port 80.

Notepad has no code for internet access, you have been misled like a lot of
other people.

The fact that you say 'it can't;
hardly advances the disccussion.


And here, tooleaky can connect out using IE even if it is closed.

It would have to start it first.

There are a number of firewall that pass the test though!

And, as I have said a few times, it does not have to be your browser;
it's just that the browser seems to be the softest target.

A browser is usually trusted that's all.

 

[Rod]

IMHO pcaudit pretends to be another program, and trying to fool your
firewall like that. It somehow scans the names of other applications and
uses those names to mislead your firewall. So the program it pretends to be
doesn't even have to run, or be able to connect out.

Rod

 

[°Mike°]

°Mike° wrote:


It was the pcaudit test I was referring to here.

You were referring to notepad being hijacked "to connect
out on port 80", which is NOT possible.

You saying that something cannot happen is not an
adequate way of describing my observations

And you saying something can happen doesn't
make it so.

no matter how you might capitalise.
Emphasis.

And pcaudit does not need a window to grab text, it
is using a keylogger.

Oh, nice twist there. The program specifically asks
you to type text in a window, and how many people
go around typing WITHOUT a window?

I have no idea;

That's plain.

It seems to me that I have put quite a bit more work into this
than you have.

How so? Please explain to me how notepad can "connect
out on port 80".

Since you appear to be interested only in going round and
round in circles,

You're the one spinning.

I will shut up now and leave you to it.

Yeah, right.

 

[jo]

IMHO pcaudit pretends to be another program, and trying to fool your
firewall like that. It somehow scans the names of other applications and
uses those names to mislead your firewall. So the program it pretends to be
doesn't even have to run, or be able to connect out.

Yeah, that works. You are probably right. I'm not sure why it asks for
a bit of typing, since a mouse click on the desktop followed by a few
clicks on the k/b are quite enough for it.

 

[jo]

It would have to start it first.

Rule 1: Give port 80 permission to IE
Rule 2: Deny port 80 permission to everything

tooleaky connects out whether IE is opened or closed. tooleaky does
not open/load IE in any way that I can see.

Disabling Rule 1, or denying IE port 80 in Rule 1 and tooleaky cannot
connect out.

Is tooleaky simply pretending to be IE?

 

[Michele]

I was curious about this one myself and I failed with Zone Alarm (free) too.
To make matters worse, I then installed Sygate p.f (as well as) Z/A, and I
failed again!
You're not on your own Rod.

 

[Michele]

My comment after installing the free trial of pcInternet Patrol: >>>>>>>>

This is a trojan which we are 'allowing' to be downloaded to our systems,
and now I've installed pcInternet Patrol, it detects it as being so. Of
course it will, the company have designed it to!
If I hadn't been in such a rush, I should have scanned it first with a
trojan scanner out of curiosity to see if it was detected. Usually, I would
scan first before running anything, so that's something I did this time a
little different. Silly me!

I think I'm going to uninstall it, as it's already getting on my nerves and
it's only been here for a matter of minutes.
I think I'll maybe go back to Zone Alarm pro rather than the free zone
alarm, and see how I fare with that one.
I'm still looking out for 'good' free firewalls here though, any
suggestions? I'm not talking trial, I'm talking 'completely' free, with the
password option if at all possible. I've already tried Sygate.

 

[KungFusion]

I'm still looking out for 'good' free firewalls here though, any
suggestions? I'm not talking trial, I'm talking 'completely' free, with
the password option if at all possible. I've already tried Sygate.

I've been using Outpost Firewall free personal edition V 1.0
for several years with various versions of Windows. I like
it. I don't know about the "password option" you mention
but it's easy to configure and use.

http://www.agnitum.com/products/outpost/

 

[Rod]

You're not on your own Rod.

My comment after installing the free trial of pcInternet Patrol:

This is a trojan which we are 'allowing' to be downloaded to our
systems, and now I've installed pcInternet Patrol, it detects it as
being so. Of course it will, the company have designed it to!
If I hadn't been in such a rush, I should have scanned it first with a
trojan scanner out of curiosity to see if it was detected. Usually, I
would scan first before running anything, so that's something I did
this time a little different. Silly me!

My thoughts exactly, I put the pcaudit test on my machine on purpose, and
ran it on purpose and I even smiled at my firewall warning me that a lot of
programs were trying to call out. 'Normally' I would have taken some action.
Glad to know I'm not on my own

Rod

 

[jo]

My thoughts exactly, I put the pcaudit test on my machine on purpose, and
ran it on purpose and I even smiled at my firewall warning me that a lot of
programs were trying to call out. 'Normally' I would have taken some action.
Glad to know I'm not on my own

Now Google for pcaudit2.

 

[Rod]

Now Google for pcaudit2.

http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/leaks/pcaudit2.exe

Failed with both kerio and zonalarm with OE and/or MyIE2 open, passed with
both when OE and MyIE2 closed.

Rod

 

[Rod]

Lot's of tests here: http://www.firewallleaktester.com/

HTH Rod

 

[Frank Delamarre]

Lot's of tests here: http://www.firewallleaktester.com/

Indeed, and the firewalls don't look good at all. Rather worrying.

Frank

 

[jo]

Indeed, and the firewalls don't look good at all. Rather worrying.

This is the point where interested parties take a 30 day trial of look
'n' stop:

http://www.looknstop.com/

 

[Bigfred]

I used Zone Alarm Free Edition for along time however I recently tried
online gaming and found I could not host with it. I then tried Norton
firewall 2004 what a mistake a dreadful piece of software read the reviews
on Amazon, I whish I did before buying this crap. I am now using Outpost Pro
on a Trial and I can host games but more importantly it works and is a very
impressive firewall.The free version is also very impressive.