Sadie
Sun May 23 14:18:14 CDT 2004
For a truly precise answer,I would suggest you post back
with details of the firewall you are running along with
your operating system.
Firewall configuration is a hugely variable area.For
example,if you own a standalone private computer that
corrects diectly to the internet,your firewall
configuration will differ from that of say,a home
business network running printers which may or may not
wish to grant access to them from the Internet,etc.
"making all applications run as client not server" is
more
>safe than making them as both client and server? Why is
that?"
It is not necessarily automatically safer.It might be
preferable not to transmit signals betraying your
computer's existance on the internet.
In addition,if the application has become contaminated
with "scumware",you absolutely do not want it to relay
information without you knowing.
If you go ahead and grant applications permissions that
effectively entitle them to bypass your firewall without
asking,you are making the system more vulnerable to
compromise.Malicious programmes can smurf out under the
guise of legitimate applications.
Keep everything on "prompt",until you know your O.S. well
enough to be certain of what is "normal".
Basically,if you have opened an application,deliberately
to perform a task,and your firewall notifies you that
said application is trying to access a relevant internet
address,it is up to you whether you allow it.
For example,you may have configured an application to
search for updates automatically on start up.You note the
details of the attempted connection,and allow it
because,you know *why* the application is attempting the
connection,where it's going and what it's intending to do-
retrieve updates.
Be wary of programmes you have not accessed suddenly
trying to "phone home".Equally,if your firewall alerts
you to a sudden incoming connection attempt,you would be
advised to block it.
There are registry hacks you can use to prevent certain
ports from "listening",but,most people find it preferable
to minimise the number of available "listening" ports by
simply closing down services which they have no need
for.Again,it all depends on your set up.
"And my
>firewall always shows that TWO Generic Host Processes
for win32 services are
>runing. What is that for?"
It is common to have two,maybe three,even four svchosts
running.Again,post back with your firewall and O.S
details.Svchost is the "services host"-the foundations of
the platform,if you like.
"Do you mean UDP? A few days ago my firewall asked me if
Internet Explorer
>could act as a server. I don't understand why IE can act
as a server."
Depends on the context.Personally,I have never had reason
to run I.E. as a server.
Not sure what you are asking,with regards to UDP in
relation to I.E..Plenty of Trojans will connect on UDP
ports.Infact,UDP is just as vulnerable/safe as any other
protocol.
The User Datagram Protocol (abbreviated to UDP),is a
connectionless protocol that, like TCP, runs on top of IP
networks. Unlike TCP/IP, UDP/IP provides very few error
recovery services, offering instead a direct way to send
and receive datagrams over an IP network. It's used
primarily for broadcasting messages over a network.
Maybe you have ticked/checked the box in Internet Options
to allow I.E.to automatically search for updates.This
might employ UDP.I don't know,I have never used that
setting.
http://www.faqs.org/rfcs/rfc768.html
Simple rule:If you aren't sure,don't allow it.Don't go to
the trouble of configuring a rule,just say "no" for that
instance until you figure out what it is.Nothing will
*break*,and it's a whole lot less trouble than allowing
something,then wishing you had not because it turns out
to be malware.
Sadie
.
>-----Original Message-----
>Thank you, Sadie,"making all applications run as client
not server" is more
>safe than making them as both client and server? Why is
that?
Do you mean UDP? A few days ago my firewall asked me if
Internet Explorer
>could act as a server. I don't understand why IE can act
as a server.
> And my
>firewall always shows that TWO Generic Host Processes
for win32 services are
>runing. What is that for?
>Lucy
>"Sadie" <anonymous@discussions.microsoft.com> ????
>news:109ff01c4404e$68926d70$a301280a@phx.gbl...
>> Hi,Lucy,
>>
>> Run a dll as an app is a legitimate Microsoft
utility.It
>> can be a lifesaver at times if a programme becomes
>> corrupted.Your firewall might have informed you
that "run
>> a dll as an app" was trying to connect to Microsoft,say
>> for example you'd run dxdiag.To that end,there is
nothing
>> to worry over.
>>
>> You do not specify which firewall you are running.You
may
>> not be aware that every single Windows application will
>> try to make an outgoing connection when run.
>>
>> If you can,configure a rule to make all applications
run
>> as client not server.The exception to this would be
>> certain chat software which may require both client and
>> server status.
>>
>> If you are still concerned,post back with the context
of
>> the firewall message you refer to.It would be a
different
>> matter if perhaps an outside entity had connected to
your
>> computer and started "running dlls as apps".
>>
>> Sadie
>> >-----Original Message-----
>> >My firewall showed "run an dll as an App" What does it
>> mean? Is it a high-rated risk?
>> >.
>> >
>
>
>.
>