locked
Permanent Application Allow Rule RRS feed

  • General discussion

  • A great feature would be to have the ability to premanently allow a program access to the firewall, regardless of it's file version.  I have this issue with a program I run that can receive multiple updates a month, to which I find it very annoying having to re-allow it access everytime.  I realize this feature could have it's downfalls, but hiding it in an advanced section would probably do enough to keep away the average user.
    Tuesday, July 17, 2007 4:25 PM

All replies

  • We've discussed this here in the past and unfortunately this would create a huge hole for malware. All the malware would have to do is replace the executable that has been given this 'free pass' and it would have free reign to access the Internet. Since the programs that would require this ability are generally well known, cheaply produced programs like free games, they'd be easy to recognize and replace.

     

    It would be much better for these developers to 'get with the program' and perform certification of their applications, along with slowing down their development cycles and actually trying to get the code right in the first place. I'm sure there are reasons they change so often, but maybe they should look for better long term solutions to their problems instead?

     

    Since part of all Trusted Computing initiatives is being able to properly identify all of the code running on a system, I only expect these requirements to become more stringent over the next few years, so I wouldn't hold my breath.

     

    OneCareBear

    Tuesday, July 17, 2007 7:30 PM
    Moderator
  • I agree 100% with your opinion of the community as a whole, it would only makes sense that everyone start coding to some universal standards.  With that being said, would you not think that if a malware program was to overwrite an existing program executable that the average user would just allow the program anyways?  I realize either way it's a problem, and my suggestion just takes away that one safety step.  As you said the certification is truely the way to go.
    Tuesday, July 17, 2007 7:40 PM
  • I agree that WOC can't easily handle application updates. Right now, if I have updated an application, WOC doesn't even give me a warning that it is blocking the updated program. Once I discover that the app isn't getting through, then I have to go to advanced settings, etc., to give it an "allow". It would be MUCH better, once an app is updated, for WOC's firewall to give the "new or changed app" warning and allow the user to allow once, allow always, or block (which is how ZoneAlarm worked).

    Have a nice weekend, everyone, and go back to work Monday re-inspirited!
    Sunday, July 22, 2007 3:54 AM
  • Zonealarm and other firewalls have this feature. It allows you to tell it that hey, don't ask me about this program everytime it gets updated.

     

    Programs like online game files that get updated almost weekly sometimes, or files that change from recompiling a lot and so on, can get really annoying having to constantly allow it once again. Annoying isn't good. Obviously you would only use this feature sparingly but, it can make all the difference of whether you go through life with or without hair Smile

     

    It's a really nice feature to have. 

    Sunday, July 22, 2007 4:43 AM
  • I could be mistaken, but I thought ZA did alert me every time there is an update and ask about blocking the update.  I would quickly tell it "allow".  WOC, however, only seems to give an alert for a NEW program and won't even alert a person if an OLD program is updated.  It will just silently block the update.  THAT feature I do not like.
    Sunday, July 22, 2007 2:22 PM
  • You could right click on the program in the list and tell it that the program always changes, or something to that effect and it would no longer bother you. It's something you had to specifically go about changing. It didn't pop up that option when it warned you. At least it did back when I used it.

    Sunday, July 22, 2007 7:17 PM
  •  

    As a developer of Internet based software, this continues to make OneCare a no-go for me. Every time I recompile and "play" our software, OneCare prompts me again to allow access. Signing the application doesn't really help in this scenario. We sign our applications, but as part of the build process.
    Thursday, September 27, 2007 9:35 PM
  •  Nathanial Woolls wrote:

     

    As a developer of Internet based software, this continues to make OneCare a no-go for me. Every time I recompile and "play" our software, OneCare prompts me again to allow access. Signing the application doesn't really help in this scenario. We sign our applications, but as part of the build process.

    Until you are ready to finalize your application, you would need to temporarily drop the firewall or test on a PC that does not have OneCare running. Or, you'll need to allow the app each time, and clean up the allow list after a bit.

    -steve

    Friday, September 28, 2007 1:01 AM
    Moderator