In essence what this is asking (and defaulting to) is this:
It is asking specifically if the specified PROGRAM has access to use any
port it desires. This is the default because MANY programs use random port
allocations, which makes it very difficult to narrow down.
In a *basic* security environment... this is fine to select all (and be done
with it). Most common programs only use a single/static port (Browser=80,
Email=25&110). Some of the other common programs will allow you to specify
the ports used (ala GPL in core.ini, ICQ, etc.). If you have the time, and
the knowledge of how to configure programs to use specific ports, etc. and
you subsequently limit those programs to use only those ports, then all the
power to ya, and you may save yourself from some obscure vulnerability.
I think this is also a good time to inform people of a HUGE myth floating
around. Firewalls are not designed to keep you safe from intruders... it
cannot do that for you (even the best of them). Vulnerabilities and exploits
are PROGRAM specific. They attack particular programs, and get that program
to do what you want it to do. If you have that program installed, and you
are using it on the net, you are vulnerable whether you have 50 of the best
firewalls in front of you, or if you have none. Think about it... the
program needs the port to function. It's purpose is to accept outside
packets. Therefore you MUST tell the firewall to let packets through (to do
its job). Therefore, you attack that program, and the owners have opened the
gates for you.
What firewalls WILL do for you, is close all the ports bound for specific
programs that #1: have vulnerabilities (some that you may not know of) & #2:
do not necessarily need to be open to the outside (it's not in use for
anything to be listening for packets... officially... you may not even know
what it does...).
For this reason, you can be specific about what programs you want floating
out in the wild with eager ears. You CANNOT fix vulnerabilities in programs
out in the wild with a firewall, lets please be clear about this. It is not
a virus scanner, it cannot differentiate programs (per-se), it cannot save
you from worms, it does not save you from Trojans, or from the spread of
Trojans (per-se). Once you open that port... the program (and everything
attached to it) is on its own. The firewall will release and welcome you
with open arms (and all attached nasties that may be present).
Now... if you go about letting everything out/in when the prompt pops up in
Keiro, ZA, etc. from windows asking about a program you have no idea what it
does, etc. You may as well uninstall that firewall of yours... it's useless.
Indeed, it would be a performance hindrance with no attached benefit to
it... lose it.
A vulnerability is found and exploited in programs that "listen" for
incoming requests. If nothing is listening on the port... no one answers the
door... no program to exploit... no harm can be done. If you allow all of
the programs that request outside access to have access... you are wasting
resources and redundantly going about what your computer does already on its
own without a firewall present.
Anyways... Keiro is world's better than ZA, and I hope you enjoy the new
stability, and performance (it performs much better). Do your homework on
what programs do, why it needs to have outside access, and if it has
vulnerabilities. Lock 'em out unless its absolutely necessary that outside
traffic be allowed through the port uninitiated or otherwise by you. Once
you do it once, you never forget really, and it becomes a LOT easier to work
with.
Cheers,
Schumi
