Security leak?

[lukor]

David, do you know if any other firewall does this job?
I mean, neither Kerio not Sygate seems to filter the outbound HTTP traffic if you're using a local proxy filter...
Does ZA do this job? Will the applications ask for connection even using a local proxy (this one allowed to connect)?

Technical, the firewall should ask you for permission whenever the app connects to the webshield proxy. That is you would see an outgoing connection attempt to localhost:12080 and you can permit or deny that. It's not that perfect as without the proxy but should provide you with sufficient amount of control. Kerio and ZoneAlarm can be configured to display these warnings.

[DavidR]

Until Sygate resolve the ablilty to monitor localhost proxy traffic, this issue has been know about for a very long time but it has yet to be resolved. So I doubt that this 4.6.623 release will make a blind bit of difference to the sygate security hole. http://forums.sygate.com/vb/showthread.php?s=de402c841bcc0b077d6bc116bcba5f47&threadid=12947

David, do you know if any other firewall does this job?
I mean, neither Kerio not Sygate seems to filter the outbound HTTP traffic if you're using a local proxy filter...
Does ZA do this job? Will the applications ask for connection even using a local proxy (this one allowed to connect)?

I think Keiro does, didn't Vlk recommend it as an option once to those having problems with ZA?

As far as I'm aware ZA does ask on the new programs connecting through the web shield local proxy, but that should/could be answered by the ZA users on the forum.

It works fine with Outpost Pro, though some don't like it (and you have to pay for it) and I did have initial teething problems as it didn't ask abut web shield.

But surely the new changes to web shield not routeing all http traffic through the local proxy, only certain applications, mainly the main stream browsers, then anything else will not go through the local proxy but regular outbound route and be queried by Sygate.

[Lisandro]

I think Keiro does, didn't Vlk recommend it as an option once to those having problems with ZA?

On Sygate forum is written that Kerio has the same trouble of Sygate...

As far as I'm aware ZA does ask on the new programs connecting through the web shield local proxy, but that should/could be answered by the ZA users on the forum.

It will be good to know...

It works fine with Outpost Pro, though some don't like it (and you have to pay for it) and I did have initial teething problems as it didn't ask abut web shield.

That what I suppose... I used it in the past and as far I know, it does not have this problem/bug with local proxies.

But surely the new changes to web shield not routeing all http traffic through the local proxy, only certain applications, mainly the main stream browsers, then anything else will not go through the local proxy but regular outbound route and be queried by Sygate.

But, will you trust IE http traffic, for instance? 
Or a malware that exploits the IE traffic and is 'kindly' tunnelled by WebShield 

[Lisandro]

Technical, the firewall should ask you for permission whenever the app connects to the webshield proxy. That is you would see an outgoing connection attempt to localhost:12080 and you can permit or deny that. It's not that perfect as without the proxy but should provide you with sufficient amount of control. Kerio and ZoneAlarm can be configured to display these warnings.

Can you help me configurating Advanced rules for:
1) Webshield: ports (local and remote), protocols, etc. to connect
2) All other applications: the same for ask. Maybe this is called a loopback... I'm not used to firewall things 
Thanks.

[Jarmo P]

I am sorry to say Technical, but I have read that you use also other local proxy software besides WebShield. So there is no help for you with Sygates otherwise great firewall. Proxy software and Sygate dont match. Outbound protection wil be lost.

You will have to use another firewall! There is nothing else to say.

Only I want to reminder you now that Avast's webshield is working pretty well with SPF now. So maybe you stop talking about Sygate problems, when they are not so many with Avast's web shield?

The other solution is to accept that your pc will let outbound connections to internet. That is not really so bad, so does XP SP2 firewall.

You will have to learn to live with your other proxies, or then change the firewall. ZA is the easiest, but it wont offer the same as Sygate. And with ZA there is the performance issue that seems to be really bad.

[DavidR]

But, will you trust IE http traffic, for instance?
Or a malware that exploits the IE traffic and is 'kindly' tunnelled by WebShield

I don't trust IE period, I try never to use it if possible. I use firefox as my primary browser because it doesn't have the embedded integration in the OS of IE. My secondary browser is Avant and that is rarely used (IE based) and my fall back if all else fails IE (an extremely rare occurrence).

I have also been using the DropMyRights.msi program that allows you to run an application as if you were on a limited account (no admin rights) this stops most trojans dead in their tracks because they can't create registry entries and put files in the system folders (as far as I'm aware).

So even though I am logged on with admin rights, I have shortcut entires that run the program through the DropMyRights.exe program for all my browsers and OE. So browsers and email clients that connect to the internet don't really need admin rights, again if I do need admin rights I close the restricted browser and open the non-restricted browser.

This way I don't have to log off and log on to lower my rights.

[DavidR]

I am sorry to say Technical, but I have read that you use also other local proxy software besides WebShield. So there is no help for you with Sygates otherwise great firewall. Proxy software and Sygate dont match. Outbound protection wil be lost.

You will have to use another firewall! There is nothing else to say.

The other solution is to accept that your pc will let outbound connections to internet. That is not really so bad, so does XP SP2 firewall.

Not so bad unless the outbound connection is passing your account and password details, etc. Not to mention being used as a clone to infect others, send spam, DDoS traffic, etc.

So I don't feel that is any acceptable solution.

[Jarmo P]

Not so bad unless the outbound connection is passing your account and password details, etc. Not to mention being used as a clone to infect others, send spam, DDoS traffic, etc.

Me not either. For many people like my 70 year old father it is though the best solution. XP SP2 fw.

I would not trust webshield for not letting now out something when installing new software running Sygate, but it seems ok for me running it now normal times with the new restrictions. And I do like SPF, so it seems good to tell people here the shortcomings, without all the bad hype.

It seemed Technical never even realized the proxy issue with sygate. So I got a bit mad.

[Lisandro]

It seemed Technical never even realized the proxy issue with sygate. So I got a bit mad.

Can't I ask for help in this forum? 

[Jarmo P]

No hard feelings, it is just ....  like you I have a problem with Sygate local proxy. Dont want to switch firewall, but sometimes I wish to be able to help when there is none to do, only your questions that have already answered.