Jump to content

Winpooch - Free & OpenSource Firewall Guide


Recommended Posts

This guide will show you how to setup and use Winpooch to act as a firewall and block everything from the internet except those programs we want to allow, I will use Firefox as an example. Winpooch is Free and OpenSource and is a very small and portable application.

You can learn more about Winpooch and download it at these links:

http://winpooch.free.fr/

http://sourceforge.net/projects/winpooch/

Instructions:

  • Start by closing any programs that are actively connecting and/or downloading from the internet.

  • Open Winpooch and you will see these included in the default set of filters:
    Winpooch-DefaultRules.png

  • Delete all of these except those except those with the '*' for both Param1 and Param2, those we are going to modify. It should now look like this:
    Winpooch-DefaultRulesKeep.png

  • Double click on each one and change the Reaction to Ask/Reject and the Verbosity to Log.
    Winpooch-Rule.png

  • If you read and followed these instructions you should have this:
    Winpooch-ModifiedRules.png

  • Now when a program tries to access the internet you will get a popup asking for permission, if you are AFK after 30 seconds it will automatically reject, and will log that request in the History window.

  • Now Lets add a Rule to allow Firefox to connect. In the Filter window click on the '+' button near the top-right and either navigate to the program or select it from the hooked processes list. That will add Firefox to the program list but you need to create rule(s) for it still. So click on the '+' button below to add a rule.
    Winpooch-RuleFirefox.gif

That It! I created this guide because alot of the software firewalls are complicated to configure, eat ram, are expensive, and sometimes just dont work!

Edited by DigeratiPrime
Link to comment
Share on other sites


  • 3 months later...

I just came across this thread and it looks very interesting. Looks like it would take a little more work to configure it compared to Sygate (as far as firewall, might change in 0.6). I have it installed on a Virtual Machine & might have to see how it works with some spyware.

Link to comment
Share on other sites

I havent used a software firewall in about 4 yrs but i decided to give this a try a few months back , I got so annoyed with it barking at me constantly when i first set it up i decided it wasnt worth it.

Link to comment
Share on other sites

you can turn off the bark...

I suggested they seperate the wav file from the exe, so the user can easily choose a sound, still waiting on an update though.

I still use this, because its light and does the job. It does appear susceptible to dll injection and launchers, meaning another program could trick Winpooch to allow it to connect to the internet, by calling Internet Explorer, that is if you have Internet Explorer on your computer and allow it to connect.

Link to comment
Share on other sites

  • 2 months later...
  • 1 month later...
  • 2 months later...

Nice find Digi. Though I don't use these types and stick with sygate and tcpviewpro to explicitly deny/allow applications.

This app seems to be fairly basic but, may do the trick for novice users.

Link to comment
Share on other sites

(...) that is really powered by only two files: Winpooch.exe (356kb) and SpyDll.dll (42.5kb).

Quote from Winpooch.com :

API Hooking

Winpooch uses the API Hooking method. It spies programs when they are running and gives to the user a powerful control of their activity.For example, you can forbide a program to write in a system directory or in the registry, or else to connect to internet. That makes the difference between others anti spywares using a database of known signatures.

This is a powerful method under 9x systems, but AFAICT, under NT, drivers can be ran at a lower level (like file system filters) and then fool Winpooch.

My advice : do not trust Winpooch if you're not planning to use it on a 100% clean system.

btw, very nice graphics.

PS: the first URL link on free.fr is 404

++

edit: my advice was about installing it on a clean system. sorry.

Edited by Delprat
Link to comment
Share on other sites

Well I havent been using Winpooch or any firewall lately, just careful about what I install. I tried the new 0.6 version about a month ago and it worked fine - I used the zip binary though. As for defeating Winpooch as a firewall I understand its not difficult. I ran some programs that used launchers or dll injection i think back when I first posted this topic and they got through. I regret I do not know if that only works with admin access.

Link to comment
Share on other sites

I don't remember any names but I know that some firewalls replace the standard winsock DLLs with their own (which performs the filtering) after renaming the originals and then forwards the allowed requests into the real DLLs.

Would be very difficult to get around, unless the malware checked specifically for the DLLs being replaced or carried its own TCP/IP stack.

Link to comment
Share on other sites

Quote from Winpooch.com :

API Hooking

Winpooch uses the API Hooking method. It spies programs when they are running and gives to the user a powerful control of their activity.For example, you can forbide a program to write in a system directory or in the registry, or else to connect to internet. That makes the difference between others anti spywares using a database of known signatures.

This is a powerful method under 9x systems, but AFAICT, under NT, drivers can be ran at a lower level (like file system filters) and then fool Winpooch.

My advice : do not trust Winpooch if you're not planning to use it on a 100% clean system.

edit: my advice was about installing it on a clean system. sorry.

The latest version (0.6.2) uses kernel mode hooking. It appears to hook all the processes now.

http://sourceforge.net/forum/forum.php?forum_id=611545

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...