DigeratiPrime Posted February 25, 2006 Share Posted February 25, 2006 (edited) This guide will show you how to setup and use Winpooch to act as a firewall and block everything from the internet except those programs we want to allow, I will use Firefox as an example. Winpooch is Free and OpenSource and is a very small and portable application.You can learn more about Winpooch and download it at these links:http://winpooch.free.fr/http://sourceforge.net/projects/winpooch/Instructions:Start by closing any programs that are actively connecting and/or downloading from the internet.Open Winpooch and you will see these included in the default set of filters:Delete all of these except those except those with the '*' for both Param1 and Param2, those we are going to modify. It should now look like this:Double click on each one and change the Reaction to Ask/Reject and the Verbosity to Log. If you read and followed these instructions you should have this:Now when a program tries to access the internet you will get a popup asking for permission, if you are AFK after 30 seconds it will automatically reject, and will log that request in the History window.Now Lets add a Rule to allow Firefox to connect. In the Filter window click on the '+' button near the top-right and either navigate to the program or select it from the hooked processes list. That will add Firefox to the program list but you need to create rule(s) for it still. So click on the '+' button below to add a rule.That It! I created this guide because alot of the software firewalls are complicated to configure, eat ram, are expensive, and sometimes just dont work! Edited December 13, 2006 by DigeratiPrime Link to comment Share on other sites More sharing options...
Gouki Posted February 25, 2006 Share Posted February 25, 2006 I dont use Firewalls (Software Firewalls), but Ill give that a try just because of the cool graphs! Link to comment Share on other sites More sharing options...
jaclaz Posted February 25, 2006 Share Posted February 25, 2006 Thanks DigeratiPrime, it looks like nice!jaclaz Link to comment Share on other sites More sharing options...
boooggy Posted February 25, 2006 Share Posted February 25, 2006 very nice ..but i want to see it at work Link to comment Share on other sites More sharing options...
trickytwista Posted February 26, 2006 Share Posted February 26, 2006 hmmm anyone else tested it? looks quite good and prob worth a try Link to comment Share on other sites More sharing options...
GeneralMandible Posted June 6, 2006 Share Posted June 6, 2006 I just came across this thread and it looks very interesting. Looks like it would take a little more work to configure it compared to Sygate (as far as firewall, might change in 0.6). I have it installed on a Virtual Machine & might have to see how it works with some spyware. Link to comment Share on other sites More sharing options...
Scubar Posted June 6, 2006 Share Posted June 6, 2006 I havent used a software firewall in about 4 yrs but i decided to give this a try a few months back , I got so annoyed with it barking at me constantly when i first set it up i decided it wasnt worth it. Link to comment Share on other sites More sharing options...
DigeratiPrime Posted June 6, 2006 Author Share Posted June 6, 2006 you can turn off the bark...I suggested they seperate the wav file from the exe, so the user can easily choose a sound, still waiting on an update though.I still use this, because its light and does the job. It does appear susceptible to dll injection and launchers, meaning another program could trick Winpooch to allow it to connect to the internet, by calling Internet Explorer, that is if you have Internet Explorer on your computer and allow it to connect. Link to comment Share on other sites More sharing options...
_sergio_ Posted August 17, 2006 Share Posted August 17, 2006 is there a way to configure this unattended? Link to comment Share on other sites More sharing options...
GeneralMandible Posted October 2, 2006 Share Posted October 2, 2006 Has anyone tried the 0.6 version? I get an error when installing it.This works nice for blocking sites. It would be nice if there was some documentation that came with it. Link to comment Share on other sites More sharing options...
epic Posted December 5, 2006 Share Posted December 5, 2006 Nice find Digi. Though I don't use these types and stick with sygate and tcpviewpro to explicitly deny/allow applications. This app seems to be fairly basic but, may do the trick for novice users. Link to comment Share on other sites More sharing options...
Delprat Posted December 5, 2006 Share Posted December 5, 2006 (edited) (...) that is really powered by only two files: Winpooch.exe (356kb) and SpyDll.dll (42.5kb).Quote from Winpooch.com :API HookingWinpooch uses the API Hooking method. It spies programs when they are running and gives to the user a powerful control of their activity.For example, you can forbide a program to write in a system directory or in the registry, or else to connect to internet. That makes the difference between others anti spywares using a database of known signatures.This is a powerful method under 9x systems, but AFAICT, under NT, drivers can be ran at a lower level (like file system filters) and then fool Winpooch.My advice : do not trust Winpooch if you're not planning to use it on a 100% clean system.btw, very nice graphics.PS: the first URL link on free.fr is 404++edit: my advice was about installing it on a clean system. sorry. Edited December 5, 2006 by Delprat Link to comment Share on other sites More sharing options...
DigeratiPrime Posted December 5, 2006 Author Share Posted December 5, 2006 Well I havent been using Winpooch or any firewall lately, just careful about what I install. I tried the new 0.6 version about a month ago and it worked fine - I used the zip binary though. As for defeating Winpooch as a firewall I understand its not difficult. I ran some programs that used launchers or dll injection i think back when I first posted this topic and they got through. I regret I do not know if that only works with admin access. Link to comment Share on other sites More sharing options...
LLXX Posted December 6, 2006 Share Posted December 6, 2006 I don't remember any names but I know that some firewalls replace the standard winsock DLLs with their own (which performs the filtering) after renaming the originals and then forwards the allowed requests into the real DLLs.Would be very difficult to get around, unless the malware checked specifically for the DLLs being replaced or carried its own TCP/IP stack. Link to comment Share on other sites More sharing options...
GeneralMandible Posted December 8, 2006 Share Posted December 8, 2006 Quote from Winpooch.com :API HookingWinpooch uses the API Hooking method. It spies programs when they are running and gives to the user a powerful control of their activity.For example, you can forbide a program to write in a system directory or in the registry, or else to connect to internet. That makes the difference between others anti spywares using a database of known signatures.This is a powerful method under 9x systems, but AFAICT, under NT, drivers can be ran at a lower level (like file system filters) and then fool Winpooch.My advice : do not trust Winpooch if you're not planning to use it on a 100% clean system.edit: my advice was about installing it on a clean system. sorry.The latest version (0.6.2) uses kernel mode hooking. It appears to hook all the processes now.http://sourceforge.net/forum/forum.php?forum_id=611545 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now