Would a repository of predefined firewall policies be helpful when installing and setting up new applications?
Imagine you are installing a new IRC chat client and when you initially run it the Firewall Alert not only alerted you but stated something along the lines of:
There are three predefined Firewall Policies available for ([application name] or [application type if application specific policy isn't found]):
Limited Trust: Opens primary chat port only.
Normal Trust: Opens the most common ports for this application for chatting and DCC.
Trusted: Opens ports for chat, DCC, and Identd
To add this policy and define the ports to be used click here
In order to get some conversation going on about this perhaps the reason we like or don’t like the idea would be good…
I like this idea because going through defining a policy is a good practice to get into, but it takes research and knowledge to properly setup a policy for specific applications. For instance, when setting up a torrent client, do you define a policy for ‘torrent clients’ or do you assign one of the pre-built policies to the application? I setup a torrent policy, but I only trust that application and policy when I am purposefully running the application; other than that I block all traffic to/from it by assigning ‘blocked’. It tooks quite a bit of time to determine which ports to open up for my specific client (BitTyrant) to get the maximum results. I’d love to be able to submit this policy to a respository, have it ‘approved’ and available so that when someone else installs the same application they could just select and use it. It would save time, and for novice users allow them to be safe instead of just marking it ‘Trusted’ and leaving it at that without understanding the risks that it opens up.
I’m now more paranoid after my pc was infected with a rootkit (it had norton antivirus and comodo firewall) It was a comodo popup that say “windows operating system want to connect the internet, comodo cannot id the process that generate the request” that alerts me of the infection.
Now, I have a new (low end) pc dedicated for online banking, and I try to set up comodo as restricted as it can be. However, it is not an easy task, and given the UI of comodo interface, it becomes more tedious labor.
A pre-approved plugin for some common apps. should be a good starting point for a lot of us.
PS.
Also a new feature allow us to combine several predefine policies into a new one (meta-rule/pseudo-rule) should also help. However this should be in a new thread of it own.
It would be nice to have the option to at least use a pre-defined policy for common applications, rather than hand checking all tcp/ip connections to know that they are safe, I would be happy accepting a predefined policy and then editing it myself in many cases.
For example MSN messenger, I am pretty sure that this could be a common template that would not vary very often. Even on high security mode.