Windows Software for Controlling Outgoing Packets?

non carborundum asks: "When using Windows I use Zonealarm because I like its ability to control outgoing packets. It's a good way to find out if some program is trying to call home. Zonealarm is much better than nothing, but 1 prefer open source solutions. Besides, it is overkill - I don't use it as a firewall, since I have a router, and it uses several megabytes of RAM. Better still would be a reverse honeypot - an app that catches outgoing requests, tests them against a database of known offending addresses and/or ports, and (optionally) tricks the offending application into thinking it has successfully phoned home. XP users in particular might be interested in such a tool."

Flame Bait

[Jouni]

I think the original news post should be modded down as flamebait for the XP reference. It's quite unnecessary. It would have been a better post if there was an *actual* stated need for such a software instead of speculating about cheating on security/authentity callbacks.

Just packet filtering won't trivially allow you to fake conversations between client software and servers anyway; it's very likely that the application wants to do much more than 'ping' the server so each solution would have to be custom made. Filtering is easy, talking back is hard.

Most of these custom solutions would probably involve stuff like hacking EverQuest, running your own unofficial Blizzard game servers, blocking Carnivore and stopping Bill from snooping around on your hard drive.

Now here's a controversial solution - if you are concerned about callback features, why not stick with open source software and operating systems in the first place? :-) I don't mean formatting your hard drive, as your packet filtering doesn't have to happen on the host machine. Wouldn't most people run this kind of software on the router, anyway?

That's what people hacking EverQuest usually do, anyway. :-)

Jouni

Re:Flame Bait

[Da+VinMan]

It would have been a better post if there was an *actual* stated need for such a software instead of speculating about cheating on security/authentity callbacks.

Perhaps you haven't had your morning coffee.

One word for you: Spyware. Spyware is any piece of software that attempts to "phone home" without my permission. By my definition spyware includes, but is not limited to, Windows XP (for several reasons - it's the worst offender), WinAmp, Kazaa and other P2P applications, etc. Besides this, it helps me the user know just what applications are accessing the network at a given time. If I can not determine why they're accessing the network, I smack 'em down.

In the future, outbound traffic control will be even more important to users. As far as a real firewall goes, I use an IPCop box in front of my (very small) home LAN. If you don't think that's a real firewall, I'd love to know your recommendations for home users.

Now, go get that coffee. ;+)

Obligatory Linux comment

[MobyDisk]

I am using XP right now, and I refuse to have my NIC card plugged in without a firewall running. It's silly: this is just another example of not being in control of your system, which is the most major reason I want to move to Linux. (I'm trying, really, it's very hard as a Windows coder.)

Taking this concept further, I am seeing that many Windows users are disgruntled with XP because it hides waay too much from them, and it becomes frustrating to use. It will be interesting to see how this plays out.

Re:These packages make your windows instable

[kawika]

Absolutely, you can render your system very unstable if you start using the firewall to block normal network messages. I've seen this quite often with novice users who install ZA and then block darned near everything going out of their PC. Then they're puzzled because their Internet connection doesn't work. "But thank goodness I stopped some hacker thing named 'svchost'..."

If you don't know how to use power tools, then stop before you lose a finger.