Comodo 2.4.18.184
I wonder if I may ask for some help?
I’m trying to put together a definitive answer to the question regarding ‘loopback’, and various applications that insist upon using this feature, such as Firefox and Thunderbird.
The first question is with regard to the security implications of enabling the ‘skip loopback (127…)’ for TCP and UDP under Advanced\Misc. Having read various threads on this forum, I still cannot answer, with authority, that by enabling these check boxes, one either increases or decreases the overall security of Comodo.
If the assumption is, that enabling these check boxes, in pursuit of an easy life, decreases security then another solution must be sought.
This leads me to the second question, which regards rule creation for each application to allow for ‘loopback’
Let us use, as an example Firefox, although one may assume that what ever rules are created for this application, would also pertain to similarly inclined applications.
what then, in seeking to create a highly secure rule set, are the steps needed to cater for these applications?
Having followed the information posted by jp1971 in his post https://forums.comodo.com/index.php/topic,4040.msg30686.html#msg30686 as I am also a user of Proxomitron, I still find I receive ‘pop-ups’ for Firefox, such as the one shown below.
http://img184.imageshack.us/img184/7254/ffconnect1ge3.th.jpg
My current Application Rules are as follows:
Firefox.exe 127.0.0.1 1024-4999 TCP In Allow
Firefox.exe 127.0.0.1 1024-4999 TCP Out Allow
Firefox.exe ANY 443 TCP Out Block (I use the Proxomitron Cert to filter HTTPS)
Proxomitron.exe 127.0.0.1 8080 TCP In Allow
Proxomitron.exe 127.0.0.1 1024-4999 TCP Out Allow
Proxomitron.exe ANY 80,443 TCP In Allow
Proxomitron.exe (MY ISP DNS1) 53 UDP Out Allow
Proxomitron.exe (MY ISP DNS2) 53 UDP Out Allow
Let me explain:
From what I understand, the two loopback (127.0.0.1) entries for Firefox, should, in theory, negate the need to check the ‘skip loopback (127…)’ for TCP and UDP under Advanced\Misc. In addition it should allow Firefox to communicate with Proxomitron, which listens for connections on 127.0.0.1:8080. Personally I would prefer to allow Firefox to communicate with Proxomitron, only on that port, so the rule would be:
Firefox.exe 127.0.0.1 8080 TCP Out Allow
Alas, these leads to a great many ‘pop-ups’ from Comodo with ‘skip loopback (127…)’ disabled.
So, with Firefox configured (Options\Advanced\Network\Connection\Settings\Manual Proxy Configuration) to use 127.0.0.1:8080 and Proxomitron configured to do DNS etc. I still receive requests from Comodo to allow Firefox to connect to the Internet?
As you may be wondering about my Network Monitor rules, I will add those here:
Allow & log UDP Out ANY 255.255.255.255 68 67 (DHCP)
Allow & log UDP Out ANY (My ISP DNS1) 1024-4999 53 (DNS)
Allow & log UDP Out ANY (My ISP DNS2) 1024-4999 53 (DNS)
Allow & log TCP Out ANY ANY 1024-4999 21,25,80,110,119,443,587,995 (Allowed Ports)
I also have the default ICMP rules.
All of the above also applies to Thunderbird for which I have similar rules defined i.e. UDP for DNS and TCP for mail ports.
Finally, I do not allow any application to update automatically, which includes Firefox and installed extensions. Also I am on dial-up, single PC, no other network connections. My system is also free of any malware.
I appreciate the aforementioned is a little long, I will, therefore, summarise my question here:
Without enabling the ‘skip loopback (127…)’ for TCP and UDP under Advanced\Misc. what specific rules do I need to create in Network Monitor and Application Monitor to cater for loopback so that ‘pop-ups’ are eliminated?
I have another question but I’ll create a new thread for that.
Thanks for any help.
Only kidding.