What’s the point of the slightly above average computer user such as myself employing a bidirectional firewall when I often don’t have a clue as to whether or not to allow outbound access when I receive an alert? If I recognize the program trying to go out, I’ll allow it. If I don’t, I usually deny it and do an Internet search to see if I can identify it. I often wonder, does malware ever disguise itself as legitimate programs to gain outbound access? If so, what good is it to receive outbound alerts?
Hey Martin,
Being a slightly under-average user like myself, I find it extremely useful to have such warnings available at my disposal. I think the whole idea to have these alerts are to educate as well as to inform the user what is trying to get out. As you yourself have mentioned that you would block it and then try to find out whatever it is, then perhaps you have missed the point altogether.
Should the user be unaware in the first place of what’s going on, then how would the user have the idea to try to find out what it is? Most call-home bots call home or to some specified destination.
Dailyfree
CFP checks the cryptographic signature, so it would alert you when an allowed program has changed, and if you didn’t just update the moment before you ought to get suspicious. Malware could also use OLE automation etc. but CFP is also able to detect that.
Yes, happens all the time, malware creators can rename a program to appear to be legitamate. The best prevention is to use the firewall with anti-virus to ensure that malware is not hiding itself as a legitamate process. If you are suspicious of a program, you can always download a program that checks the MD5 hash signature of a program and check it on Google to see if it is legit. There are lots listed on Google: md5 check software - Google Search
Also you can use bit9.com to confirm if the program is listed as good or not, it checks the MD5 Signature against a large database of known windows files etc. http://www.bit9.com/products/fileadvisor.php