Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Reply
 
Thread Tools Search this Thread Display Modes
Old Nov 17, 2010, 01:24 PM   #1
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
TCPBlock -> Free outgoing firewall

Has anyone tried TCPBlock?

It is a free outgoing application firewall implemented as a preference pane.
__________________
Mac Security Suggestions

Last edited by munkery; Nov 17, 2010 at 01:31 PM.
munkery is offline   0 Reply With Quote
Old Nov 17, 2010, 01:43 PM   #2
enklined
macrumors 6502
 
Join Date: Sep 2007
Location: Sacramento
Send a message via AIM to enklined Send a message via MSN to enklined Send a message via Yahoo to enklined
No, but I will be watching this thread intently
enklined is offline   0 Reply With Quote
Old Nov 19, 2010, 12:45 AM   #3
munkery
Thread Starter
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
I installed TCPBlock and tried it out. TCPBlock has three settings: block everything (including browser, etc), whitelist items to allow, or blacklist items to disallow. It does not provide prompts to aid configuration; it is manually configured using a Network Monitor run via terminal.

The only useful setting is the whitelist option given that the whole point is to stop an unknown malicious executable from connecting outward. The blacklist option would only protect from malicious executables if you already knew they were malicious to add them to the blacklist.

I recommend using Automator (Application > "Run shell script") to create an app to launch the Network Monitor for initial setup if using as whitelist.

To bad the whitelist does not include signed services by default as initial setup is cumbersome.

Also, any app that can remotely check for updates needs to be manually included as well or the apps will fail to check for updates.

Furthermore, malware already has to be on the system to connect outward so in some ways it is already too late. An outbound firewall would reduce the efficacy of malware with user privileges that include connect-back shellcode from connecting remotely to potentially facilitate privilege escalation and further exploitation but this type of exploitation is only used in targeted attacks (Are you really going to be the focus of a targeted attack?). If the malware already has root privileges, the malware already has the capacity to disable the outbound firewall (So, what is the point?). At the moment, malware risks on OS X are low so is it worth the resources (in TCPBlocks defence, it was extremely fast with no discernible performance impact from what I could detect when i tried it out).
__________________
Mac Security Suggestions
munkery is offline   0 Reply With Quote
Old Nov 19, 2010, 07:53 AM   #4
jodelantis
macrumors newbie
 
Join Date: Nov 2010
Thank you Munkery for trying out this tool. I developed it and it is very good to read such a competent feedback like yours. You are right, the initial setup should be easier to do - this is what I am planning to improve in the next release.
At the time when I started to write TCPBlock I had not the classical malware in my mind. I was concerned by the fact that when I download some app from the net, the first thing what this app does when I start it is to phone home - may be with good intentions like a check for updates, but what if this app grabs some pictures from your iPhoto album, o whatever other interesting things you have on your hard disk and sends it home too? Look at the Mac OS Software Update. Software Update never starts automatically, you have to start it yourself if you want to update your system. This is great. I feel more comfortable with the idea that if I want to upgrade my editor or whatever then have to look actively for the update, and the editors programmer must not even know that I exist and use his tool.
Jo
jodelantis is offline   0 Reply With Quote
Old Nov 19, 2010, 12:49 PM   #5
munkery
Thread Starter
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by jodelantis View Post
At the time when I started to write TCPBlock I had not the classical malware in my mind. I was concerned by the fact that when I download some app from the net, the first thing what this app does when I start it is to phone home - may be with good intentions like a check for updates, but what if this app grabs some pictures from your iPhoto album, o whatever other interesting things you have on your hard disk and sends it home too? Look at the Mac OS Software Update. Software Update never starts automatically, you have to start it yourself if you want to update your system.
True, apps should not phone home or send user agent information without consent. Most open source app do not do so and I am somewhat of a free/open source junkie when it comes to third party software. All apps should ask if you want them to automatically check for updates upon first startup and have an option not to send user agent information upon checking for updates. I did not keep the fact that some app phone home without consent in mind when trying your app. This line of thinking provides justification for the blacklist feature.
__________________
Mac Security Suggestions
munkery is offline   0 Reply With Quote
Old Nov 26, 2010, 05:39 PM   #6
munkery
Thread Starter
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
TCPBlock 2.6 has eliminated my gripe about initial configuration.

It does not use prompts but does provide a button to easily add to the "Application List" from "Connecting Apps." I actually prefer this method to add items over having prompts because it is less intrusive.

The "Application List" does not have an option to include signed services by default but configuration is now so easy that this is not an issue.
__________________
Mac Security Suggestions
munkery is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
thread Thread Starter Forum Replies Last Post
Free outgoing firewall for MacOS X? Puqq OS X 4 Nov 19, 2010 12:43 AM
runtastic Pro: $5.99 -> FREE for some hours only! Habakuk iPhone and iPod touch Apps 1 Jul 8, 2010 07:48 AM
The Impossible Test $1.99 -> FREE Today! simplymuzik3 iPhone and iPod touch Apps 22 Apr 5, 2010 07:07 AM
Sipsorcery + Google Voice +SipGate+ Siphon=Free incoming+Free outgoing calls over 3G bozo8787 Jailbreaks and iOS Hacks 0 Oct 15, 2009 05:07 PM
Google Voice + Gizmo5 + Siphon = Free incoming + Free outgoing calls over 3G/Edge/Wif madmak Jailbreaks and iOS Hacks 56 Oct 2, 2009 07:36 AM


All times are GMT -5. The time now is 03:29 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC