Tech,
I don't have a problem giving access rights to all the executables
mentioned. This is becase servers.def contains nearly 200 URLs, so it
could take some time to convert them into IP addresses using
publically accessible free DNS lookup websites. Also, those sites
recently started to limit the number lookups unless you subscribe to
their services. So any solution that avoids the requirement of
supplying far-end IP addresses is preferrable than specifying
destination addresses to the firewall.
I was hoping that one solution that avoids the need to specify far-end
IP addresses would be to grant access to all legitimate apps that
reach out. This is complicated for the ping. For Kerio Personal
Firewall (KPF) 2.1.5, outgoing pings don't show up under the app that
initiates them. The application is shown as "tcpip kernel driver".
The generic nature of this app makes it hard to let out only pings
that I know are from Avast. For non-ping accesses, the initiating app
is shown, so I'm not sure why ping-outs are different -- perhaps it's
part of how things work, or how Windows 2000 works. In any case, your
solution to of specifying "permanently connected" avoids the need to
ping, and hence, the need to specify far-end addresses to ensure valid
pings.
One question about this solution -- what happens when it checks for
updates every 4 hours, as per
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=25,
and then runs up against a lack of connectivity? I know that if I
manually initiate a check for updates, I am informed of
nonconnectivity via the GUI. Automatic updates happen in the
background (correct me if I'm wrong), so is the user warned of
nonconnectivity via a popup? Aside from notification, does it wait
another full 4 hours before checking again, even if connectivity is
enabled shortly after such a warning? (I suspect yes, since the it no
longer checks for connectivity).
Finally, firewall rules (at least for KPF) require specification of
all these fields:
* Protocol: TCP, UDP, ICMP, or other
* Direction: Ingoing, or outgoing
* Local port: Single port, Port/range, list of ports
* Application: The *.exe files mentioned above in this thread ie.
this is the only field for which I have been able to find the
required details so far
* Remote endpoint: Leave it as any address, as per explanation above
* Port number: I guess this is determined by whether access is HTTP,
SHTTP, FTP, or other (correction welcome, as this isn't my area)
I'm guessing that this would be very easy for Avast to assemble
(correct me if I'm wrong!), and in fact is essential for firewall
users. I was wondering if Avast could provide these details.