Checking freeware connections [resolved]

Share interesting information or links related to portable apps here.
Post Reply
Message
Author
User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Checking freeware connections [resolved]

#1 Post by webfork »

I've been considering adding a connection check as part of my standard testing for some time, but I've delayed it a bit because I don't want to mess with more system noise that might affect the registry. However, recent news about Wacom devices tracking WAY more than is necessary made me start to wonder.

Now the initial checks about the Wacom issue above were using a network sniff tool (like Wireshark) to sort out what was being sent, but that's a more intensive test. At this stage, I'd just like to know what Baas used to call a "phoning home": where a program doesn't need to connect to the internet but does anyway. Maybe it's just auto-checking for updates, but maybe I'd prefer it didn't.

There are a few tools to test for this, including PortExpert (and several others that Special mentioned in that thread), but does anyone have any recommendations? Do you run tests like these? Bonus points if you can point me to a program that makes it easy to block local software connections.

--

Update: the excellent Simplewall viewtopic.php?p=86582#p86582 did the trick here

billon
Posts: 843
Joined: Sat Jun 23, 2012 4:28 pm

Re: Checking freeware connections

#2 Post by billon »

When Wireshark is overkill, for me it's CurrPorts
Maybe also LiveTcpUdpWatch for all UDP activity

User avatar
juverax
Posts: 355
Joined: Mon Jun 11, 2018 5:19 am

Re: Checking freeware connections

#3 Post by juverax »

simplewall viewtopic.php?f=4&t=23397
asks for the user's permission to establish a new connection.

User avatar
Midas
Posts: 6705
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Checking freeware connections

#4 Post by Midas »

webfork wrote: I've been considering adding a connection check as part of my standard testing for some time...

That should be standard procedure, yes.

It's just that it's not that easy or straightforward as checking for system traces -- e.g., there have been cases where programs delay days or even weeks before 'phoning home'...

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Checking freeware connections

#5 Post by webfork »

Midas wrote: Sat Mar 21, 2020 7:38 am It's just that it's not that easy or straightforward as checking for system traces -- e.g., there have been cases where programs delay days or even weeks before 'phoning home'...
It's sounding like for the test I'm going to need something comprehensive, like a more robust firewall or some 3rd party program that notifies me when there's a new connection.

For users, is there a way to new programs as blocked-by-default from the Windows firewall? Does anyone know of a program or tweak?

User avatar
Midas
Posts: 6705
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Checking freeware connections

#6 Post by Midas »

See juverax previous post, I think Simplewall does just that. Correct me if I'm wrong, please.

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Checking freeware connections

#7 Post by webfork »

Midas wrote: Sun Mar 22, 2020 10:37 am See juverax previous post, I think Simplewall does just that. Correct me if I'm wrong, please.
I completely missed that, thanks both juverax and Midas.

And yes, this definitely works, though not by default. You've got to select Enable Filters. In any case, the result (when used with Splat's update checker):

Image

So this indicates 1). it's definitely blocking connections based on the error and 2) this is easily resolved by allowing the connection. Furthermore, it shows both what IP is being contacted, as well as the protocol used (in this case TCP). It even solved a problem I didn't know I had by pointing out a system process that was long overdue to get removed. Marking this as resolved. Thanks!

bitcoin
Posts: 285
Joined: Sun Dec 31, 2017 6:32 pm

Re: Checking freeware connections

#8 Post by bitcoin »

webfork wrote: Sat Mar 21, 2020 11:09 am For users, is there a way to new programs as blocked-by-default from the Windows firewall? Does anyone know of a program or tweak?
i use the free (installer) "Windows Firewall Control" - now owned by Malwarebytes

by default any new programs are blocked from connecting to the internet - will trigger a popup so you can see immediately who is calling home

may not be 100% though as in the past i think there were a few programs that were able to launch the default browser and open to their home page but i haven't seen this happen in a few years now. Also sometimes i wonder if clever programs are able to use something like svchost.exe, which has to be allowed to access internet

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Checking freeware connections

#9 Post by webfork »

bitcoin wrote: Mon Mar 30, 2020 8:29 am i use the free (installer) "Windows Firewall Control" - now owned by Malwarebytes
Are you talking about the Binisoft program? because it looks like Majorgeeks has that program listed but has malwarebytes screenshots: https://www.majorgeeks.com/files/detail ... ntrol.html
bitcoin wrote: Mon Mar 30, 2020 8:29 am i wonder if clever programs are able to use something like svchost.exe, which has to be allowed to access internet
Someday down the road I'd like to figure out how to catch stuff like that, but at the moment my goal is just finding out when a connection attempt happens and maybe where it points to.

bitcoin
Posts: 285
Joined: Sun Dec 31, 2017 6:32 pm

Re: Checking freeware connections

#10 Post by bitcoin »

webfork wrote: Wed Apr 01, 2020 6:59 pm
bitcoin wrote: Mon Mar 30, 2020 8:29 am i use the free (installer) "Windows Firewall Control" - now owned by Malwarebytes
Are you talking about the Binisoft program? because it looks like Majorgeeks has that program listed but has malwarebytes screenshots: https://www.majorgeeks.com/files/detail ... ntrol.html
yeah it was Binisoft

i wonder how much he got for selling the program

webfork wrote: Wed Apr 01, 2020 6:59 pm
bitcoin wrote: Mon Mar 30, 2020 8:29 am i wonder if clever programs are able to use something like svchost.exe, which has to be allowed to access internet
Someday down the road I'd like to figure out how to catch stuff like that, but at the moment my goal is just finding out when a connection attempt happens and maybe where it points to.
there are two different svchost.exe that popup although supposedly only one needs to be allowed. There are also a few others like NT Kernel and System that i allow for now just because i'm too weary to look all these things up.

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Checking freeware connections [resolved]

#11 Post by webfork »

Old thread update: I tested out Tinywall's connections view:

Image

Post Reply