Web Browser

Should your default web browser, Chrome in this case be run as a “web browser” or just leave it as is which is custom? Is there an advantage to having Chrome run as a “web browser” under application rules?

What is your custom rule?

I didn’t make a custom rule. Thats what is the default after your browser is launched.

Ah! That custom rule :slight_smile: It’s really a matter of personal preference. If you want more control over what your browser can and can’t do, use the pre-defined browser rule, or create your own. If you are happy to allow the browser to make all outbound connections without discrimination, use the ‘custom’ rule.

Some people prefer to leave the ‘custom’ policy as they don’t want to be bothered creating rules, which may be necessary if you ever connect to a resource that uses non-standard ports, such 3128 or 81 etc. For the most part a browser needs the ability to connect over TCP on ports 80 and 443. The pre-defined rule caters for this and also allows FTP connections and DNS queries, which you may or may not need.

Bottom line, go with whichever you feel comfortable with.

Doesn’t exactly answer my question but thanks for trying.

You’re welcome. If you’d like me to try and simplify the answer, I’ll see what I can do.

Well no where in your reply did you answer my question. Please re-read it.Thanks.

Could a mod step up and answer my question. Thanks.

The choice is yours.

or just leave it as is which is custom? Is there an advantage to having Chrome run as a "web browser" under application rules?

You can leave it at ‘custom’ but if you want more control over the types of connection it can make, which some may perceive as an “advantage” , change it to ‘web browser’

If you’re looking for some other type of answer, perhaps you could re-phrase the question.

The question is phrased very easily. If you cannot provide me a proper explanation then please do not reply anymore. I will wait for a mod/dev to explain the differences to me. First post says it all. All I needed was a proper explanation of the differences between the two and the advantages. Details would suffice.

So are the answers, but the answer you seem to be seeking is not related to the question you’ve asked.

If you cannot provide me a proper explanation

I have, twice!

then please do not reply anymore

My pleaseure :slight_smile:

I will wait for a mod/dev to explain the differences to me. First post says it all.

Be my guest :slight_smile:

Step one. Explain the advantage of running Chrome as a “web browser” over the default “custom” state. If a Chrome should be run as a “web browser” what are the security advantages of that option over default “custom”.
Step two. Refer to step one.

I’ve already answered this in my second post in the thread, however, I’ll try to simplify things.

Step one. Explain the advantage of running Chrome as a "web browser" over the default "custom" state.

First, the generation of firewall rules is controlled by the settings found under Firewall/Firewall Behaviour Settings. Depending on which settings you’ve chosen, there will be differences in the amount of detail used in rule creation.

Taking a simple example, and running Chrome for the first time, the firewall will present an alert:

http://i41.tinypic.com/9zwqv4.jpg

You may answer this in a number of ways, however, for the sake of simplicity, we’ll look at two options:

  1. Take the default action
  2. Change the rule to ‘web-browser’

If we take the first option, CIS will automatically create a firewall rule that allows Chrome to connect. the details of the rule are:

Allow IP Out From MAC Any to MAC Any Where Protocol is Any

Or:

Application Name - Chrome
Action - Allow
Protocol - IP
Direction - Out
Source Address - Any
Destination Address - Any
IP Details - Any

Basically Chrome is allowed to make connections to anywhere using any protocol.

If you choose to select the ‘web-browser’ option, you’re actually selecting the ‘pre-defined web browser’ policy:

http://i43.tinypic.com/15mecrl.jpg

This policy contains rules that specify the type of connections the browser can make. For example, it restricts the protocols used to TCP and UDP, it also only allows HTTP(s) connections out on standard ports (80 and 443) In addition, it has rules for allowing the browser to be used as an FTP client and also supports loopback, which some types of application require. In a nutshell, more control.

If a Chrome should be run as a "web browser" what are the security advantages of that option over default "custom".

As stated previously, choosing to run any browser with the pre-defined web browser rule provides more control and thus, potentially more security. As also mentioned, restricting the browser to the ‘web-browser’ policy may mean you will have to create additional rules, depending on your habits.

Wow…Thats what I wanted. Now was that so hard? Thanks. Kudos to you.

Not at all, I gave you the same information in my second post, but you know what they say about pictures :slight_smile:

Thanks. Kudos to you.

No worries :slight_smile:

Haha
You’re not going to find a more knowledgeable…patient…and polite forumer than Radaghast.