Firewall Questions
Hi-- I just upgraded my trial version from BD "Basic" (AV) to BD "Internet Security." I have several questions...
Stealth/Whitelist:
1. There is an extensive Whitelist shown. After each Application name, there is a description, "<Application Name> is part of the well known... " And that's it! Where can I see the rest of those descriptions and what a particular application does? (I slid my horizontal scroll bar as far as it would go, and there is no more description than "part of the well known...." I double-clicked on one of them thinking that would give me specifics, and nothing happens.
2. A desired "Ask" scenario: I have a software program which, when I close it, it asks if I want it to go to its website and check for updates. I don't want any updates, because I use that particular software version in conjunction with other software that is an older version. They work together just fine "as is." I always click "No." Well, sure enough, I've closed that program and I'm going on to something else, and I get a pop-up that says "X program needs no updates." In other words, it did it anyway after I answered No. That irritates me!
Another program that doesn't need to take me to its website is accounting software. (They want you to subscribe to their "online-backup service)." Every time I close that program, a pop-up says "X Company has detected that updates are available for your version of <name of program>. Can we run updates now?" I say No. Then 30 seconds later, another pop-up comes up asking if I want to back-up my data online. I say No. Well, somehow this software is configured so that it appears, at least, that it has already contacted its website to determine whether updates are available for the version I'm running.
I do not want any of my software, that is not for the purpose of internet work, to be initiating contact with its home website or any other website NOR any website achieving contact with my software programs unless I specifically ask it to do so, or approve it. I bought these, they work for me, I'm happy with them "as is," and they do not need any internet connection to function in house. Yet they seem to be talking to their websites, or vice versa.
So how do I disable a software program from either self-contacting (or being contacted by) its website when I don't need it for any internet work? I would like to change cases like that to "Ask" before any communication, coming from either direction, can be achieved.
3. Firewall/Stealth description says, "Stealth Mode makes your computer invisible to other computers in the network." (My underlining). Does that mean my own internal network? (Meaning, perhaps, an administrator may want her computer invisible to employees?) I was under the impression that Stealth made my computer invisible to other (outside) computers via internet/internet connections/ports/etc. But it says "in the network." (???)
4. On Firewall Settings (Main Console-->Firewall icon-->Advanced)
a. What is ICMP?
b. What is "multicast traffic"?
c. What do the choices mean -- Echo, Re-direct, Destination Unreachable, and Any Other Package Type?
d. What is "Internet Connection Sharing"?
(Whew!) I hope Tech Support isn't hating me by now, but I haven't been able to find what these things refer to, or how BD deals with them based on the settings I leave enabled by default or want to change.
I think those are the main questions I have about the firewall so far. I THINK that I'm understanding a lot more about BD's Antivirus section, thanks to Cris, but the Internet Security product (Firewall/Stealth) is new to me and I would appreciate your help in the answers and clarifications I need.
Thanks in advance,
Carol
Comments
-
About the section 4 of your post, you can try to read from here : http://en.wikipedia.org/wiki/Ping
That is a place to start, and also you can search on google. If a member will reply to your question, probably he had read the info on the net
ICS: http://www.microsoft.com/windowsxp/using/n...d_02july01.mspx
All you have to do is to use the internet.0 -
Hi Carol,
1. There is an extensive Whitelist shown. After each Application name, there is a description, "<Application Name> is part of the well known... " And that's it! Where can I see the rest of those descriptions and what a particular application does? (I slid my horizontal scroll bar as far as it would go, and there is no more description than "part of the well known...." I double-clicked on one of them thinking that would give me specifics, and nothing happens.
There is no such thing. If you want more info about a certain application, just search it on the net. You have to understand that BitDefender checks those applications so that they are proven to be safe, so internet connection can be granted automatically. However, BitDefender is not/will not be an application database, from where people can see detailed descriptions about software applications. That would be:
1) useless: users can always find out more on the web
2) too much work to do: people at BitDefender have to focus on finding virus/security threats and finding solutions for them. They are not paid to write software reviews.
3) memory eating: storing descriptions for all those applications on you HDD would mean a lot of space wasted.
There are many websites dedicated to "process descriptions". Just make a fast internet search, and you'll find exactly what you need.2. A desired "Ask" scenario: I have a software program which, when I close it, it asks if I want it to go to its website and check for updates. I don't want any updates, because I use that particular software version in conjunction with other software that is an older version. They work together just fine "as is." I always click "No." Well, sure enough, I've closed that program and I'm going on to something else, and I get a pop-up that says "X program needs no updates." In other words, it did it anyway after I answered No. That irritates me!
I didn't fully understand your problem. "Who" asks you if you want X application to access the web? Does BD ask you that, or X application itself?
If you block an application from BD firewall, it will be blocked from accessing the web. If you don't get any BD warnings and a certain app accesses the web, maybe BD already has a rule that says "let X access the web". That rule might have been created as a result of the option Allow whitelist. Check the Traffic list to see if that application is granted access
to the web.
If you can't find the reason, please post more details (what application you're talking about, what sire is it accessing, etc..) and maybe someone can find the cause.Another program that doesn't need to take me to its website is accounting software. (They want you to subscribe to their "online-backup service)." Every time I close that program, a pop-up says "X Company has detected that updates are available for your version of <name of program>. Can we run updates now?" I say No. Then 30 seconds later, another pop-up comes up asking if I want to back-up my data online. I say No. Well, somehow this software is configured so that it appears, at least, that it has already contacted its website to determine whether updates are available for the version I'm running.
See above.I do not want any of my software, that is not for the purpose of internet work, to be initiating contact with its home website or any other website NOR any website achieving contact with my software programs unless I specifically ask it to do so, or approve it. I bought these, they work for me, I'm happy with them "as is," and they do not need any internet connection to function in house. Yet they seem to be talking to their websites, or vice versa.
Also, see above. Check the Traffic list for rules for those applications.
If you want to check wheter the Firewall is working, open BD Management Console, go to Firewall and click Block all traffic. That should end any communication between you PC and the internet. If anything can communicate with some website, then the Firewall hasn't been installed correctly.So how do I disable a software program from either self-contacting (or being contacted by) its website when I don't need it for any internet work? I would like to change cases like that to "Ask" before any communication, coming from either direction, can be achieved.
BD will alert you before any traffic is made from you PC and into your PC. If BD already has rules about a certain situation (about a certain application that wants to access the internet), it will allow/block it automatically (depending on the rules).
3. Firewall/Stealth description says, "Stealth Mode makes your computer invisible to other computers in the network." (My underlining). Does that mean my own internal network? (Meaning, perhaps, an administrator may want her computer invisible to employees?) I was under the impression that Stealth made my computer invisible to other (outside) computers via internet/internet connections/ports/etc. But it says "in the network." (???)
The network is the same thing as the internet. If you want to test the protection, go to www.grc.com and make the PortScanner tests.
4. On Firewall Settings (Main Console-->Firewall icon-->Advanced)
a. What is ICMP?
b. What is "multicast traffic"?
c. What do the choices mean -- Echo, Re-direct, Destination Unreachable, and Any Other Package Type?
d. What is "Internet Connection Sharing"?
I already answered you about a, b and c. You already asked these question here: http://forum.bitdefender.com/index.php?showtopic=1280
d. Internet Connection Sharing (ICS) is a system that allows you to give access to the internet for other PCs, using your own Internet Connection. This system makes your PC act somehow like a server. If you don't use your PC to give internet access to other PCs, leave this option disabled.(Whew!) I hope Tech Support isn't hating me by now, but I haven't been able to find what these things refer to, or how BD deals with them based on the settings I leave enabled by default or want to change.
These options are very well explained in the BitDefender Help file. When you open BD Management Console, you'll see in the lower-right corner of the window, just above the BitDefender logo, a button that says "Help". Click on it and search what you need there.
If you don't find/don't understand, you can always ask for help here, or search the web (Wikipedia is a good place to search )
If you have any other questions, just ask
Cris.0 -
Thanks Cris!
You answered the quickies (quite well) and gave me how to get a better understanding of just what it is I'm really asking about.
At this point I don't yet know what's a BD question and what's a General Knowledge question, lol.
Carol0 -
First of all, the WhiteList:
Mine has a gigantic list of applications. Some of which don't even apply to anything I've done.
Examples...
McAfee applications, AVG "setup Launcher," "Auto Update" which is "part of the AT&T WorldNet Service, "AT&T Setup... AOL United Kingdom..." Lots of them.
Is this White List simply generic applications that BitDefender is just showing as all the ones it isn't concerned about? Or are these applications ones that have somehow been generated within my computer that BitDefender has allowed to happen automatically?
Secondly, I know we've covered this topic before, but that was more general than specific. If this is a repeat question, then I guess I didn't understand the first time. (Too much was covered in that query anyway--my bad.)
My question remains... if one of my programs tries to contact its manufacturer's website or any other (or vice versa) and I did not initiate that contact event, would BD put up a screen asking me if I wanted to approve that contact taking place?
Thanks in advance,
Carol0 -
Hi Carol,
I deleted your double Topics and I merged one of them with this thread, because they are on the same subject.
I would have answered at your qeustions earlier, but just when I clicked Post reply I realized that I had no internet connectionFirst of all, the WhiteList:
Mine has a gigantic list of applications. Some of which don't even apply to anything I've done.
Examples...
McAfee applications, AVG "setup Launcher," "Auto Update" which is "part of the AT&T WorldNet Service, "AT&T Setup... AOL United Kingdom..." Lots of them.
Is this White List simply generic applications that BitDefender is just showing as all the ones it isn't concerned about? Or are these applications ones that have somehow been generated within my computer that BitDefender has allowed to happen automatically?
The whitelist is updated once with the virus signatures and other BD updates. It contains applications that have been checked by the BD Team and which are safe to be allowed to connect to the internet.
This list is unique for everyone and it's not generated by anything you have in your PC.My question remains... if one of my programs tries to contact its manufacturer's website or any other (or vice versa) and I did not initiate that contact event, would BD put up a screen asking me if I wanted to approve that contact taking place?
It depends on the settings.
If you have chosen the option Ask, you'll be alerted about any Inbound/Outbound connections (Inbound = from your PC out; Outbound = vice versa). However, if BD Firewall already has a rule for a certain connection, you won't get any alerts.
If you have chosen Allow whitelist, then all applications from that list will be allowed automatically (BD will create rules for them). You'll only get alerts for applications that are not in the whitelist, but request internet connection.
If you have chose Allow all / Deny all, then any connection that hasn't a rule in BD firewall will automatically be allowed/blocked, without any alerts.
Cris.0 -
Hi Cris--
Thank you so much for helping. I'm feeling rather stupid at this point, but here's where I now need clarification of the first part your answer (quoted below). Any further questions I have (or not) will depend on that.The whitelist is updated once with the virus signatures and other BD updates. It contains applications that have been checked by the BD Team and which are safe to be allowed to connect to the internet.
This list is unique for everyone and it's not generated by anything you have in your PC.
It depends on the settings.
(NOTE: My underlining was added to your post, for easy reference).
_________________
Cris, just so I understand... if the whitelist is "unique for everyone" then that would mean it's tailored to each individual PC depending on what BD finds on that PC. If you meant that the whitelist is not generated by anything I have on my PC (or at least influenced in what to include), then that would mean the whitelist is "universal to everyone."
I need to clarify which of those you meant, because "unique" and "not generated by anything you have in your PC" are mutually exclusive. Any remaining questions I have regarding settings will depend on which of those you meant.
Meanwhile, regardless of your answer to the above, I have not yet found anything with the option "Ask." In the whitelist itself and in Traffic section, any application I highlight and click "add rule" or "edit rule" -- I get two choices under "Action." One is Allow, the other is Deny. No Ask.
Thanks in advance for clarifying which you meant, and for giving me a hint WHERE "Ask" is.
Thanks,
Carol0 -
Hi Carol,
I need to clarify which of those you meant, because "unique" and "not generated by anything you have in your PC" are mutually exclusive.
OK, my mistake for using the wrong words. I wanted to say that there is only one list, which everybody has. As you say, it's "universal for everyone"
It doesn't depend on your PC's configuration.Meanwhile, regardless of your answer to the above, I have not yet found anything with the option "Ask." In the whitelist itself and in Traffic section, any application I highlight and click "add rule" or "edit rule" -- I get two choices under "Action." One is Allow, the other is Deny. No Ask.
The Ask option is not on the Traffic tab. It is on the Status tab, at the section called Level of protection.
I've attached a screenshot with it's location (my BD is in Romanian, but the layout is exactly the same).
Cris.0 -
Hi Carol,
OK, my mistake for using the wrong words. I wanted to say that there is only one list, which everybody has. As you say, it's "universal for everyone"
It doesn't depend on your PC's configuration.
The Ask option is not on the Traffic tab. It is on the Status tab, at the section called Level of protection.
I've attached a screenshot with it's location (my BD is in Romanian, but the layout is exactly the same).
Cris.
Okay. That gives me a much better understanding about the whitelist. I'm glad that's cleared up, lol.
I just went to the Status page, and "Ask" is apparently an all-or-nothing thing regarding the whitelist. I went ahead and selected Ask. So I'm assuming that now, EVERY connection that is attempted to be made into my computer will bring up an "Ask" screen--those not on the whitelist as well as those on it.
I'm also assuming that I will have a choice of "allow now" or "allow always" when that happens, so that as time goes on, certain connections will be allowed automatically, and certain ones will remain on Ask status depending on my answer.
If that is correct, then where does that list reside in case I want to change the status of a particular connection that I had previously marked "allow-without-asking-each-time"?0 -
Hi Carol,
I just went to the Status page, and "Ask" is apparently an all-or-nothing thing regarding the whitelist. I went ahead and selected Ask. So I'm assuming that now, EVERY connection that is attempted to be made into my computer will bring up an "Ask" screen--those not on the whitelist as well as those on it.
Yes, you will get a warning everytime a connection is starting. In the pop-up that will appear, there are multiple choices:
Allow > Allow all traffic by this application over the specified protocol.
Deny > Block all traffic by this application over the specified protocol.
Allow all traffic by this application > Allow all traffic by this application over all IP protocols.
Deny all traffic by this application > Block all traffic by this application over all IP protocols.
Allow this remote host only > Allow traffic by this application over the specified protocol with the specified remote host.
Allow this port only > Allow traffic by this application over the specified protocol on specified port for any destination.
Deny this remote host only > Block traffic by this application over the specified protocol with the specified remote host.
Deny this port only > Block traffic by this application over the specified protocol on specified port for any destination.
Also, that pop-up will contain the info whether or not the application is Trusted. In other words, it will tell you if that application is in the Whitelist, or not.I'm also assuming that I will have a choice of "allow now" or "allow always" when that happens, so that as time goes on, certain connections will be allowed automatically, and certain ones will remain on Ask status depending on my answer.
At the bottom of the pop-up, there's a checkbox named Remember Option. If you check that checkbox, BD will not ask you again about that certain application.
Also, if you do not check Remember Option, BD will still remember the chosen setting but only until BD Management Console is restarted (this means you restart your PC, BD makes an update in which case bdmcon is restarted, or if you close and re-open BD Management Console).
Of course, if you chose in that pop-up the option 5, 6, 7 or 8, BD will ask you again if that application tries to connect to another destination or if it uses another port.If that is correct, then where does that list reside in case I want to change the status of a particular connection that I had previously marked "allow-without-asking-each-time"?
This list you want is nothing more then the Traffic list. Everything BD applies when different applications request internet access is in that list and can be modified at any time.
Cris.0 -
Okay, that all sounds pretty complete. With my not understanding what "protocol" means or the effect of "port" in this context (it was described with the boat/slip analogy regarding computer connection into the internet, not a specific application within the computer) -- what box would I check if I want to allow contact "here and now, in this case only," but I still want to be asked if that same company generates a different kind of contact at another point in the future?
Meanwhile, I will see if I can find a very simple explanation of those two terms (and "remote host") as used in this context.
Thanks,
Carol0 -
Hi Carol,
Okay, that all sounds pretty complete. With my not understanding what "protocol" means or the effect of "port" in this context (it was described with the boat/slip analogy regarding computer connection into the internet, not a specific application within the computer)
The Potocol is reprezented by: Transmision Control Protocol (TCP), User Datagram Protocol (UDP) and Internet Protocol (IP).
About the port... just like I said: it's a door used by applications to communicate with the internet. One port can be used, in the same time, by more then one applications and for more then one different connections. If the port is closed/blocked, no connections can be made through that port.
A simple example of port is port 80 (HTTP). Through this port communicate all applications that want to access web pages (as you can see in your browser, almost all pages have in their address http://, which means that they are accessed through port 80. There are other web-pages which use HTTPS, which means they use a secure connection and use port 443). If you block, using a firewall, port 80, you won't be able to see any web-pages, whatever browser you use.-- what box would I check if I want to allow contact "here and now, in this case only," but I still want to be asked if that same company generates a different kind of contact at another point in the future?
For this situation, select Allow and leave the Remember option checkbox unchecked.Meanwhile, I will see if I can find a very simple explanation of those two terms (and "remote host") as used in this context.
Remote host means the address you want to access. For instance, when you log into this forum, the remote host is forum.bitdefender.com (and whatever IP this server has).
Local host is your PC. Inside your PC, the IP address that is used is 127.0.0.1. When you access the internet, you will have another IP.
Cris.0 -
Super thanks, Cris.
I have the general gist, and I clicked on the links you so helpfully provided. All I can say is, it appears they explain it very well. (Now, as for my own understanding what they're talking about... They put terms that you may not understand in blue <hyperlink>. Well, when most of an explanation's sentences are ALL written in blue except for words like "the," "and"... Arrrrrghh!
Anyway, I think I have a reasonable facsimile of a vague idea from what you wrote (a whole lot more than from the article) So thanks for that!
Meanwhile, boiling it down to what it means to me in terms of what I'm allowing or denying, your list of choices on the Ask screen are 2 posts back. (I tried a copy/paste but they lost their formatting.) Is there anywhere in the BD Help file that explains, in very lay terms, the practical, real-life effect of each of those 8 choices?
For instance, if I wanted to let one of my installed software applications get updated, or accessed in some specific way, by its company's website, but I did not want its company to access any other part of that software then or in the future, which of the eight choices would that be? Would "protocol" be the keyword there, e.g., choice #1, #5 or #6??) Or am I misunderstanding what protocol means here. I wouldn't know which of the choices would be correct.
Carol0 -
Hi Carol,
First of all, take a look at the screenshot I attached. The numbers in it represent:- the icon and name of the application that requests access
- the protocol. In the screenshot, the protocol is TCP
- the remote host. It is formatted like this: <remote IP>:<remote port>
- local host. It is formatted like the remote host
- the application's path
- the action. It's a drop-sown list in which you can select the action you want
- the explanation of the action (what I've posted before)
- What BD suggests about this application (if it is in the whitelist or not)
Remember option checkbox- and, of course, the OK button
Meanwhile, boiling it down to what it means to me in terms of what I'm allowing or denying, your list of choices on the Ask screen are 2 posts back. (I tried a copy/paste but they lost their formatting.) Is there anywhere in the BD Help file that explains, in very lay terms, the practical, real-life effect of each of those 8 choices?
No, there isn't anything more in the Help file then what I already posted. I'll try to explain them better:
Allow > Allow all traffic by this application over the specified protocol: this means that the application will have access to all IPs, on all ports, but it is restricted to the protocol listed at #2 (at the beginning of this post)**
Deny > Block all traffic by this application over the specified protocol.: this is the exact opposite of the first choice. The application will be blocked from accessing anything (any IP, on any port) if it uses the specified protocol, listed at #2
Allow all traffic by this application > Allow all traffic by this application over all IP protocols.: I don't think this requires more explanation. In pure English, the application will have absolute full internet access**
Deny all traffic by this application > Block all traffic by this application over all IP protocols.: the opposite of the previous one. The application is fully blocked from accessing any resource on the internet
Allow this remote host only > Allow traffic by this application over the specified protocol with the specified remote host: the application is allowed to use any protocol and any port, but it is limited to connect only to the IP listed at #3.**
Allow this port only > Allow traffic by this application over the specified protocol on specified port for any destination: the application is allowed to use any protocol and to connect to any IP, but it is limited to using the specified port, listed at #3**
Deny this remote host only > Block traffic by this application over the specified protocol with the specified remote host: the application is blocked from accessing the IP listed at #3, whatever port/protocol it uses
Deny this port only > Block traffic by this application over the specified protocol on specified port for any destination: the application is blocked from using the port listde at #3, whatever destination it is trying to reach and whatever protocol it uses.
When you receive an alert from BD about an application, the rule generated by your choice will be added at the bottom of the Traffic list. If you want an application to have full access, you have to add it to the list (when BD asks you to), then go to Edit Profile and move the rule to the top.
One more thing about the BD alerts: if you don't answer in a specific time (I never really measured the exact time ), BD will automatically block the request. The rule created will not be permanent, so if this happens, that rule will disappears when BD restarts (after an update or after a PC restart) and, nect time that application requests access, BD will warn you again.For instance, if I wanted to let one of my installed software applications get updated, or accessed in some specific way, by its company's website, but I did not want its company to access any other part of that software then or in the future, which of the eight choices would that be? Would "protocol" be the keyword there, e.g., choice #1, #5 or #6??) Or am I misunderstanding what protocol means here. I wouldn't know which of the choices would be correct.
Umm... it depends if the application makes it's updates using TCP and other contacts with the website using UDP.
What you ask... I don't think it's possible. First of all, the company usually has the same IP for product updates and for other types of communication with the product. So limiting the application by IP is not possible.
Then, the application might be using the same port all the times. If this happens, blocking that port (for that application) might block updates also. If the application uses different ports for updates and other thing, then you can limit the access by ports.
But what you ask is too general. I don't think anyone can give you an exact answer. Could you give the name of the application that you are talking about? It will help me (or someone else) to better explain, and it will help you to better understand.
Cris.0 -
Cris, thank you very much for the detail! I will have a couple of questions, but am unable to write them right now. I just wanted to get a quick note back to you to thank you for the explanations you put in the post, and also to say that I did look at the screen shot, which is in Romanian? Well, I was almost able to read it! LOL. Seriously, I learned some Spanish and a lot of the words are very similar. Interesting!
Thanks, I will return to your post and screen shot just as soon as I am able to focus on it. I'm running behind on some projects I have been putting off until the last minute, and it's now "the last minute."
Carol0