Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


DigeratiPrime

Winpooch - Free & OpenSource Firewall Guide

Recommended Posts

This guide will show you how to setup and use Winpooch to act as a firewall and block everything from the internet except those programs we want to allow, I will use Firefox as an example. Winpooch is Free and OpenSource and is a very small and portable application.

You can learn more about Winpooch and download it at these links:

http://winpooch.free.fr/

http://sourceforge.net/projects/winpooch/

Instructions:

  • Start by closing any programs that are actively connecting and/or downloading from the internet.

  • Open Winpooch and you will see these included in the default set of filters:
    Winpooch-DefaultRules.png

  • Delete all of these except those except those with the '*' for both Param1 and Param2, those we are going to modify. It should now look like this:
    Winpooch-DefaultRulesKeep.png

  • Double click on each one and change the Reaction to Ask/Reject and the Verbosity to Log.
    Winpooch-Rule.png

  • If you read and followed these instructions you should have this:
    Winpooch-ModifiedRules.png

  • Now when a program tries to access the internet you will get a popup asking for permission, if you are AFK after 30 seconds it will automatically reject, and will log that request in the History window.

  • Now Lets add a Rule to allow Firefox to connect. In the Filter window click on the '+' button near the top-right and either navigate to the program or select it from the hooked processes list. That will add Firefox to the program list but you need to create rule(s) for it still. So click on the '+' button below to add a rule.
    Winpooch-RuleFirefox.gif

That It! I created this guide because alot of the software firewalls are complicated to configure, eat ram, are expensive, and sometimes just dont work!

Edited by DigeratiPrime

Share this post


Link to post
Share on other sites

I just came across this thread and it looks very interesting. Looks like it would take a little more work to configure it compared to Sygate (as far as firewall, might change in 0.6). I have it installed on a Virtual Machine & might have to see how it works with some spyware.

Share this post


Link to post
Share on other sites

I havent used a software firewall in about 4 yrs but i decided to give this a try a few months back , I got so annoyed with it barking at me constantly when i first set it up i decided it wasnt worth it.

Share this post


Link to post
Share on other sites

you can turn off the bark...

I suggested they seperate the wav file from the exe, so the user can easily choose a sound, still waiting on an update though.

I still use this, because its light and does the job. It does appear susceptible to dll injection and launchers, meaning another program could trick Winpooch to allow it to connect to the internet, by calling Internet Explorer, that is if you have Internet Explorer on your computer and allow it to connect.

Share this post


Link to post
Share on other sites

Nice find Digi. Though I don't use these types and stick with sygate and tcpviewpro to explicitly deny/allow applications.

This app seems to be fairly basic but, may do the trick for novice users.

Share this post


Link to post
Share on other sites
(...) that is really powered by only two files: Winpooch.exe (356kb) and SpyDll.dll (42.5kb).

Quote from Winpooch.com :

API Hooking

Winpooch uses the API Hooking method. It spies programs when they are running and gives to the user a powerful control of their activity.For example, you can forbide a program to write in a system directory or in the registry, or else to connect to internet. That makes the difference between others anti spywares using a database of known signatures.

This is a powerful method under 9x systems, but AFAICT, under NT, drivers can be ran at a lower level (like file system filters) and then fool Winpooch.

My advice : do not trust Winpooch if you're not planning to use it on a 100% clean system.

btw, very nice graphics.

PS: the first URL link on free.fr is 404

++

edit: my advice was about installing it on a clean system. sorry.

Edited by Delprat

Share this post


Link to post
Share on other sites

Well I havent been using Winpooch or any firewall lately, just careful about what I install. I tried the new 0.6 version about a month ago and it worked fine - I used the zip binary though. As for defeating Winpooch as a firewall I understand its not difficult. I ran some programs that used launchers or dll injection i think back when I first posted this topic and they got through. I regret I do not know if that only works with admin access.

Share this post


Link to post
Share on other sites

I don't remember any names but I know that some firewalls replace the standard winsock DLLs with their own (which performs the filtering) after renaming the originals and then forwards the allowed requests into the real DLLs.

Would be very difficult to get around, unless the malware checked specifically for the DLLs being replaced or carried its own TCP/IP stack.

Share this post


Link to post
Share on other sites
Quote from Winpooch.com :

API Hooking

Winpooch uses the API Hooking method. It spies programs when they are running and gives to the user a powerful control of their activity.For example, you can forbide a program to write in a system directory or in the registry, or else to connect to internet. That makes the difference between others anti spywares using a database of known signatures.

This is a powerful method under 9x systems, but AFAICT, under NT, drivers can be ran at a lower level (like file system filters) and then fool Winpooch.

My advice : do not trust Winpooch if you're not planning to use it on a 100% clean system.

edit: my advice was about installing it on a clean system. sorry.

The latest version (0.6.2) uses kernel mode hooking. It appears to hook all the processes now.

http://sourceforge.net/forum/forum.php?forum_id=611545

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...