Checking freeware connections [resolved]
Checking freeware connections [resolved]
I've been considering adding a connection check as part of my standard testing for some time, but I've delayed it a bit because I don't want to mess with more system noise that might affect the registry. However, recent news about Wacom devices tracking WAY more than is necessary made me start to wonder.
Now the initial checks about the Wacom issue above were using a network sniff tool (like Wireshark) to sort out what was being sent, but that's a more intensive test. At this stage, I'd just like to know what Baas used to call a "phoning home": where a program doesn't need to connect to the internet but does anyway. Maybe it's just auto-checking for updates, but maybe I'd prefer it didn't.
There are a few tools to test for this, including PortExpert (and several others that Special mentioned in that thread), but does anyone have any recommendations? Do you run tests like these? Bonus points if you can point me to a program that makes it easy to block local software connections.
--
Update: the excellent Simplewall viewtopic.php?p=86582#p86582 did the trick here
Now the initial checks about the Wacom issue above were using a network sniff tool (like Wireshark) to sort out what was being sent, but that's a more intensive test. At this stage, I'd just like to know what Baas used to call a "phoning home": where a program doesn't need to connect to the internet but does anyway. Maybe it's just auto-checking for updates, but maybe I'd prefer it didn't.
There are a few tools to test for this, including PortExpert (and several others that Special mentioned in that thread), but does anyone have any recommendations? Do you run tests like these? Bonus points if you can point me to a program that makes it easy to block local software connections.
--
Update: the excellent Simplewall viewtopic.php?p=86582#p86582 did the trick here
Re: Checking freeware connections
simplewall viewtopic.php?f=4&t=23397
asks for the user's permission to establish a new connection.
asks for the user's permission to establish a new connection.
Re: Checking freeware connections
webfork wrote: ↑I've been considering adding a connection check as part of my standard testing for some time...
That should be standard procedure, yes.
It's just that it's not that easy or straightforward as checking for system traces -- e.g., there have been cases where programs delay days or even weeks before 'phoning home'...
Re: Checking freeware connections
It's sounding like for the test I'm going to need something comprehensive, like a more robust firewall or some 3rd party program that notifies me when there's a new connection.
For users, is there a way to new programs as blocked-by-default from the Windows firewall? Does anyone know of a program or tweak?
Re: Checking freeware connections
See juverax previous post, I think Simplewall does just that. Correct me if I'm wrong, please.
Re: Checking freeware connections
I completely missed that, thanks both juverax and Midas.
And yes, this definitely works, though not by default. You've got to select Enable Filters. In any case, the result (when used with Splat's update checker):
So this indicates 1). it's definitely blocking connections based on the error and 2) this is easily resolved by allowing the connection. Furthermore, it shows both what IP is being contacted, as well as the protocol used (in this case TCP). It even solved a problem I didn't know I had by pointing out a system process that was long overdue to get removed. Marking this as resolved. Thanks!
Re: Checking freeware connections
i use the free (installer) "Windows Firewall Control" - now owned by Malwarebytes
by default any new programs are blocked from connecting to the internet - will trigger a popup so you can see immediately who is calling home
may not be 100% though as in the past i think there were a few programs that were able to launch the default browser and open to their home page but i haven't seen this happen in a few years now. Also sometimes i wonder if clever programs are able to use something like svchost.exe, which has to be allowed to access internet
Re: Checking freeware connections
Are you talking about the Binisoft program? because it looks like Majorgeeks has that program listed but has malwarebytes screenshots: https://www.majorgeeks.com/files/detail ... ntrol.html
Someday down the road I'd like to figure out how to catch stuff like that, but at the moment my goal is just finding out when a connection attempt happens and maybe where it points to.
Re: Checking freeware connections
yeah it was Binisoftwebfork wrote: ↑Wed Apr 01, 2020 6:59 pmAre you talking about the Binisoft program? because it looks like Majorgeeks has that program listed but has malwarebytes screenshots: https://www.majorgeeks.com/files/detail ... ntrol.html
i wonder how much he got for selling the program
there are two different svchost.exe that popup although supposedly only one needs to be allowed. There are also a few others like NT Kernel and System that i allow for now just because i'm too weary to look all these things up.