Apps acting as Servers?? [resolved]

I’ve used ZoneAlarm forever, from the free version to the whole suite. My main problem with it has always been the performance hit. So it was time to try something different. Of course, with change comes the inevitable “gee, I wonder how they do that ZA thing in this other program?..”.

One of the things I liked about ZA was that it gave me the option to specify that an app could act as a server in the trusted zone but not in the Internet zone. This has always worked well for me and made for good compatibility and full functionality with most every app and, as far as I know, has never allowed my computers to be compromised.

So… Comodo has asked for “server” permission for lots, and I do mean LOTS, of apps but I can’t find any way to restrict the server app’s access to the local network only. How important is this? Should I just simply deny every app “server” access, period? If so, how’s that going to affect the functionality of all those programs?

Thanks for any info or comments.

A very interesting question. On mine most of them act normally even if they are blocked. but i guess that you can allow full access on the IP 127.0.0.1 which is the native IP of your locale machine that most of them use for fuctioning properly :wink:

Yeah a good question, needs answering…

IE7 and some other apps, won’t connect unless “act as server” is permitted in Comodo.

  1. Why is this? Kerio and Sygate dont need “act as server”. In fact if you do in them, port 80 is only closed, not stealth.

  2. Does the “Block IP IN network rule” mean “Stealth Mode” - regardless of any “act as server” permissions.

  3. How can you permit “act as server” and be Stealth at the same time? If its possible then surely this is still a risk.

I am using avast! AV which uses a type of proxie, but even with it disabled, it still needs “act as server”.

I have temporarily gone back to Kerio until I understand why and if theres any risk of “act as server”.
Cheers
Steve

CPF will not open any port unless you explicitly create a network rule for this purpose. Even if you open a port in network monitor, if there is no application listening on that port, it will still stealth the port.

Egemen

Cheers. Yeah Ive been reading a thread on wilders site which also explained this in detail, but I think I understand it now with SPI at network level it works different to Kerio and Sygate.

Yes. CPF is a double layer firewall. Network monitor is the real gate keeper.

Well, OK then, I’m glad (I think) that others find this interesting. Please forgive me for being a newbie at some of this but I’m not sure the replies so far actually answered the question so that I can figure what I should be doing (I promise I read them all more than once) :slight_smile:

So, is it OK to give the programs carte blanche that you trust by granting server access, or do I trust no one (…Mulder, is that you?) and deny all then see what doesn’t work?

Thanks again everyone!

If I were you, I would not worry about act as a server popups. In my computer, I allow such requests.

For example, internet Explorer, although tries to acts as a server, it only accepts connections on loopback(127.0.0.1) interface, which is not accesible from outside.

Even if you allow an application with full network access rights, unless you explicitly allow the inbound traffic at network monitor, no incoming connections will be accepted. So from the “remaining stealth” point of view, you do will not have any problems.

Hope this helps,

Egemen

Thanks, egeman,

I’ll try to quit worrying about the issue. What I’m hearing is that if it was a severe security issue CFP would have already addressed it.

Regards,
Howard

Egemen,

I think maybe some of us are suffering from a ZoneAlarm paradigm where we were taught that any app acting as a server was to be viewed with suspicion. We worked around ZA’s server alerts by adding the Loopback Adapter (127.0.0.1), the DHCP server (192.168.1.1 for those of us with routers) and the DNS servers (ISP IP’s) to our trusted zone. Or perhaps we blocked things like iTunes from being a server.

So to put this another way for CPF we should not be concerned about applications wanting to be servers as we can trust CPF’s Stateful Package Inspection to assure that no malicious/unsolicited packets reach the ports being monitored by these apps. Am I correct ?

AJB

Hi Guys,

Yes exactly. CPF and ZA works quite differently. “Acting as a server” poses “no threat” while network monitor is filtering packets actively. Here in-house we always say “If there were something really serious, CPF would warn you seriously” :slight_smile:

Good luck,
Egemen