Page 1 of 1
Checking freeware connections [resolved]
Posted: Fri Mar 20, 2020 9:40 pm
by webfork
I've been considering adding a connection check as part of my standard testing for some time, but I've delayed it a bit because I don't want to mess with more system noise that might affect the registry. However, recent news about
Wacom devices tracking WAY more than is necessary made me start to wonder.
Now the initial checks about the Wacom issue above were using a network sniff tool (like Wireshark) to sort out what was being sent, but that's a more intensive test. At this stage, I'd just like to know what Baas used to call a "phoning home": where a program doesn't need to connect to the internet but does anyway. Maybe it's just auto-checking for updates, but maybe I'd prefer it didn't.
There are a few tools to test for this, including
PortExpert (and several others that
Special mentioned in that thread), but does anyone have any recommendations? Do you run tests like these? Bonus points if you can point me to a program that makes it easy to block local software connections.
--
Update: the excellent Simplewall
viewtopic.php?p=86582#p86582 did the trick here
Re: Checking freeware connections
Posted: Fri Mar 20, 2020 9:57 pm
by billon
When
Wireshark is overkill, for me it's
CurrPorts
Maybe also
LiveTcpUdpWatch for all UDP activity
Re: Checking freeware connections
Posted: Sat Mar 21, 2020 6:28 am
by juverax
simplewall
viewtopic.php?f=4&t=23397
asks for the user's permission to establish a new connection.
Re: Checking freeware connections
Posted: Sat Mar 21, 2020 7:38 am
by Midas
webfork wrote: ↑I've been considering adding a connection check as part of my standard testing for some time...
That should be standard procedure, yes.
It's just that it's not that easy or straightforward as checking for system traces -- e.g., there have been cases where programs delay days or even weeks before '
phoning home'...
Re: Checking freeware connections
Posted: Sat Mar 21, 2020 11:09 am
by webfork
Midas wrote: ↑Sat Mar 21, 2020 7:38 am
It's just that it's not that easy or straightforward as checking for system traces -- e.g., there have been cases where programs delay days or even weeks before '
phoning home'...
It's sounding like for the test I'm going to need something comprehensive, like a more robust firewall or some 3rd party program that notifies me when there's a new connection.
For users, is there a way to new programs as blocked-by-default from the Windows firewall? Does anyone know of a program or tweak?
Re: Checking freeware connections
Posted: Sun Mar 22, 2020 10:37 am
by Midas
See juverax previous post, I think Simplewall does just that. Correct me if I'm wrong, please.
Re: Checking freeware connections
Posted: Sun Mar 29, 2020 6:05 pm
by webfork
Midas wrote: ↑Sun Mar 22, 2020 10:37 am
See
juverax previous post, I think
Simplewall does just that. Correct me if I'm wrong, please.
I completely missed that, thanks both juverax and Midas.
And yes, this definitely works, though not by default. You've got to select
Enable Filters. In any case, the result (when used with Splat's update checker):
So this indicates 1). it's definitely blocking connections based on the error and 2) this is easily resolved by allowing the connection. Furthermore, it shows both what IP is being contacted, as well as the protocol used (in this case TCP). It even solved a problem I didn't know I had by pointing out a system process that was long overdue to get removed. Marking this as resolved. Thanks!
Re: Checking freeware connections
Posted: Mon Mar 30, 2020 8:29 am
by bitcoin
webfork wrote: ↑Sat Mar 21, 2020 11:09 am
For users, is there a way to new programs as blocked-by-default from the Windows firewall? Does anyone know of a program or tweak?
i use the free (installer) "Windows Firewall Control" - now owned by Malwarebytes
by default any new programs are blocked from connecting to the internet - will trigger a popup so you can see immediately who is calling home
may not be 100% though as in the past i think there were a few programs that were able to launch the default browser and open to their home page but i haven't seen this happen in a few years now. Also sometimes i wonder if clever programs are able to use something like svchost.exe, which has to be allowed to access internet
Re: Checking freeware connections
Posted: Wed Apr 01, 2020 6:59 pm
by webfork
bitcoin wrote: ↑Mon Mar 30, 2020 8:29 am
i use the free (installer) "Windows Firewall Control" - now owned by Malwarebytes
Are you talking about the Binisoft program? because it looks like Majorgeeks has that program listed but has malwarebytes screenshots:
https://www.majorgeeks.com/files/detail ... ntrol.html
bitcoin wrote: ↑Mon Mar 30, 2020 8:29 am
i wonder if clever programs are able to use something like svchost.exe, which has to be allowed to access internet
Someday down the road I'd like to figure out how to catch stuff like that, but at the moment my goal is just finding out when a connection attempt happens and maybe where it points to.
Re: Checking freeware connections
Posted: Thu Apr 02, 2020 9:06 am
by bitcoin
webfork wrote: ↑Wed Apr 01, 2020 6:59 pm
bitcoin wrote: ↑Mon Mar 30, 2020 8:29 am
i use the free (installer) "Windows Firewall Control" - now owned by Malwarebytes
Are you talking about the Binisoft program? because it looks like Majorgeeks has that program listed but has malwarebytes screenshots:
https://www.majorgeeks.com/files/detail ... ntrol.html
yeah it was Binisoft
i wonder how much he got for selling the program
webfork wrote: ↑Wed Apr 01, 2020 6:59 pm
bitcoin wrote: ↑Mon Mar 30, 2020 8:29 am
i wonder if clever programs are able to use something like svchost.exe, which has to be allowed to access internet
Someday down the road I'd like to figure out how to catch stuff like that, but at the moment my goal is just finding out when a connection attempt happens and maybe where it points to.
there are two different svchost.exe that popup although supposedly only one needs to be allowed. There are also a few others like NT Kernel and System that i allow for now just because i'm too weary to look all these things up.
Re: Checking freeware connections [resolved]
Posted: Sun Oct 17, 2021 8:24 pm
by webfork
Old thread update: I tested out
Tinywall's connections view: