locked
One Care Firewall no Rules Update RRS feed

  • Question

  • While reviewing my OneCare monthly report I noticed there were no firewall rules updates for the last 4 months.  Is this possible, or how can I force a rules update?

    Saturday, October 4, 2008 2:03 AM

Answers

  • To help you understand why this might be, you must first understand why these policies exist. The base firewall policy is that any executable software that contains a digital signature (certificate) is automatically allowed access through the firewall. This is, of course, unless the software has a signature included in the antivirus/antispyware definitions and is thus considered malware.

     

    The additional items included in the firewall policy updates exist because they are exceptions, since they don't contain a digital signature. Since most current software now contain such signatures, it would be rare for any new firewall policies to be required for this software. Also by this point most older programs with a wide distribution (popular) would have been identified and have a firewall policy already included within the existing database.

     

    So at this point it's really not likely we'll see many, if any new firewall policy entries, though it's possible. Any software developer not including a digital signature in their executables at this point would simply be asking for problems, since the Windows Vista OS requires them and some other security vendors have also begun to use them.

     

    OneCareBear

    Sunday, October 5, 2008 7:02 AM
    Moderator

All replies

  • In viewing my last monthly report I see that there have been no firewall rules updates in the last four weeks. I wouldn't be concerned by this since if any One Care updates were missing your status would not be green.

     

    Sunday, October 5, 2008 3:01 AM
    Moderator
  • To help you understand why this might be, you must first understand why these policies exist. The base firewall policy is that any executable software that contains a digital signature (certificate) is automatically allowed access through the firewall. This is, of course, unless the software has a signature included in the antivirus/antispyware definitions and is thus considered malware.

     

    The additional items included in the firewall policy updates exist because they are exceptions, since they don't contain a digital signature. Since most current software now contain such signatures, it would be rare for any new firewall policies to be required for this software. Also by this point most older programs with a wide distribution (popular) would have been identified and have a firewall policy already included within the existing database.

     

    So at this point it's really not likely we'll see many, if any new firewall policy entries, though it's possible. Any software developer not including a digital signature in their executables at this point would simply be asking for problems, since the Windows Vista OS requires them and some other security vendors have also begun to use them.

     

    OneCareBear

    Sunday, October 5, 2008 7:02 AM
    Moderator