Hi,
with password enabled, only Mode,Open and Setings are protected;
If some other user is on my PC he/she can easily allow an application because there is no prompt for password to create a rule/zone,etc as a result of a popup.
Is this normal?
Thanks,
Claudiu
vistafirewallcontrol.freeforums.org
VistaFirewallControl (Windows7 and Vista firewall) support forum
| Welcome | ||
|---|---|---|
| Welcome to vistafirewallcontrol You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today! |
||
Password protection
6 posts
• Page 1 of 1
Password protection
by claudiubotezatu » Sat Jan 28, 2012 12:39 am
- claudiubotezatu
- Posts: 12
- Joined: Thu Jan 26, 2012 11:00 pm
Re: Password protection
by VistaFirewallControl » Mon Jan 30, 2012 10:28 am
Initially the option was intended to protect existing settings of the listed applications to protect from “accidental playing” with them.
If a new application is detected any user should be able to set the correct permissions to new applications.
We could re-consider the option behavior if you provide us with a reasonable argument of the option behavior is not correct.
That's not a problem to alter the behavior.
If a new application is detected any user should be able to set the correct permissions to new applications.
We could re-consider the option behavior if you provide us with a reasonable argument of the option behavior is not correct.
That's not a problem to alter the behavior.
- VistaFirewallControl
- Site Admin
- Posts: 624
- Joined: Fri Mar 27, 2009 11:25 am
Re: Password protection
by claudiubotezatu » Mon Jan 30, 2012 8:45 pm
A regular user /guest can allow by accident or lack of knowledge an application which in fact is a malware trying to" phone" home.
Once the original user will return to pc he/she will not be aware about changes made in the firewall setup by another user and the malware will continue to "communicate "home.
For a suggestion see Kerio2.15; if there is a password in place , a regular user can only "deny all".
For any other selection he will be prompted for a password
Once the original user will return to pc he/she will not be aware about changes made in the firewall setup by another user and the malware will continue to "communicate "home.
For a suggestion see Kerio2.15; if there is a password in place , a regular user can only "deny all".
For any other selection he will be prompted for a password
- claudiubotezatu
- Posts: 12
- Joined: Thu Jan 26, 2012 11:00 pm
Re: Password protection
by VistaFirewallControl » Tue Jan 31, 2012 9:00 am
The scenario you have described is covered by Settings/RunForAdminOnly (elevated).
So non-admins will not be able to run the control panel at all and for all newly detected applications DisableAll (settings/default zone) will be applied.
So non-admins will not be able to run the control panel at all and for all newly detected applications DisableAll (settings/default zone) will be applied.
- VistaFirewallControl
- Site Admin
- Posts: 624
- Joined: Fri Mar 27, 2009 11:25 am
Re: Password protection
by claudiubotezatu » Tue Jan 31, 2012 9:42 pm
Hi,
The common user ( actually the target of Win 7 Firewall Control) will run his/her PC under a single Admin account ; this is both for convenience, ignorance and the fact that a lot of software , drivers (NVIDIA), even printers, will not install or run in a non admin account.
In Win 7 we can setup UAC to max and to prompt for credentials (password) rather than approval even in an Admin account; so there is a minimal chance that another user will modify/install something without admin password.
Now Win 7 Firewall Control will create a vulnerability; would allow that on a pc with only one admin account any user can allow an application to connect to internet , even more can create a rule/zone!
What is the point to allow a non-admin user (wife who is just checking her email on my pc, or daughter who is listening to music ) to create a rule /zone ?
Maybe you can rethink this setup!
Thanks,
Claudiu
The common user ( actually the target of Win 7 Firewall Control) will run his/her PC under a single Admin account ; this is both for convenience, ignorance and the fact that a lot of software , drivers (NVIDIA), even printers, will not install or run in a non admin account.
In Win 7 we can setup UAC to max and to prompt for credentials (password) rather than approval even in an Admin account; so there is a minimal chance that another user will modify/install something without admin password.
Now Win 7 Firewall Control will create a vulnerability; would allow that on a pc with only one admin account any user can allow an application to connect to internet , even more can create a rule/zone!
What is the point to allow a non-admin user (wife who is just checking her email on my pc, or daughter who is listening to music ) to create a rule /zone ?
Maybe you can rethink this setup!
Thanks,
Claudiu
- claudiubotezatu
- Posts: 12
- Joined: Thu Jan 26, 2012 11:00 pm
Re: Password protection
by VistaFirewallControl » Wed Feb 01, 2012 4:31 pm
>Now Win 7 Firewall Control will create a vulnerability; would allow that on a pc with only one admin account any user can allow an application to connect to internet , even more can create a rule/zone!
Without W7FC any user is permitted to establish an internet connection.
W7FC is able to prompt at least. So W7FC does not create any new vulnerability beyond the native windows level. Correct?
If you would like to follow the C2-level security approach just check Settings/RunForAdminOnly, do not rely on the control panel level password
>What is the point to allow a non-admin user (wife who is just checking her email on my pc, or daughter who is listening to music ) to create a rule /zone ?
The reason is the usability. What W7FC should do if a non-admin user launches an (unlisted) application for the internet access? Should W7FC ask the (elevated) admin credentials and disableAll by default?
Everytime? for every unlisted application? Is it usable?
If so just set the default zone (the settings tab) to DisableAll and check RunForAdminsOnly.
>Maybe you can rethink this setup!
Did you mean setting something like RunForAdminsOnly as the default?
Without W7FC any user is permitted to establish an internet connection.
W7FC is able to prompt at least. So W7FC does not create any new vulnerability beyond the native windows level. Correct?
If you would like to follow the C2-level security approach just check Settings/RunForAdminOnly, do not rely on the control panel level password
>What is the point to allow a non-admin user (wife who is just checking her email on my pc, or daughter who is listening to music ) to create a rule /zone ?
The reason is the usability. What W7FC should do if a non-admin user launches an (unlisted) application for the internet access? Should W7FC ask the (elevated) admin credentials and disableAll by default?
Everytime? for every unlisted application? Is it usable?
If so just set the default zone (the settings tab) to DisableAll and check RunForAdminsOnly.
>Maybe you can rethink this setup!
Did you mean setting something like RunForAdminsOnly as the default?
- VistaFirewallControl
- Site Admin
- Posts: 624
- Joined: Fri Mar 27, 2009 11:25 am
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests
