Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 37
  1. #11
    Master Untangler Evil_Bert's Avatar
    Join Date
    Nov 2007
    Location
    Sydney, Australia
    Posts
    119

    Default

    Well, to be complete in the explanation, Linux has many libraries also - usually named something like libacme.so.1 - but they're definitely not downloaded (or uploaded) on the fly!
    There are many alternate universes, but only this one has beer.

  2. #12
    Newbie
    Join Date
    Dec 2008
    Posts
    8

    Default .DLLs updated view jpegs

    Once again allot of comments but no one seems to know what they are talking about....

    Enough talk here is the real thing, view these Pictures
    below and then decide.

    But my original point was if UT or any other firewall could incorporate some type of .DLL control as SYGATE has in their firewall...

    If not then why not.. I think it would be allot more secure if you could.

    Then log all .DLL changes for us.......

    And like I said at the start of this thread A .DLL file was being sent to the "Microsoft software piracy hotline" without my knowledge, if it wasnt for SYGATES firewall to notify me of this all of my private info would have been sent without my consent.....

    isn't that illegal

  3. #13
    Master Untangler
    Join Date
    Aug 2008
    Posts
    970

    Default

    Quote Originally Posted by dudley_dowrong View Post
    Once again allot of comments but no one seems to know what they are talking about....

    Enough talk here is the real thing, view these Pictures
    below and then decide.

    But my original point was if UT or any other firewall could incorporate some type of .DLL control as SYGATE has in their firewall...

    If not then why not.. I think it would be allot more secure if you could.

    Then log all .DLL changes for us.......

    And like I said at the start of this thread A .DLL file was being sent to the "Microsoft software piracy hotline" without my knowledge, if it wasnt for SYGATES firewall to notify me of this all of my private info would have been sent without my consent.....

    isn't that illegal
    Dudley, no reason to be rude. I assure you that people here do indeed know what they are talking about and are trying to help. What is going on here is you are talking about a software based firewall that goes onto the client workstation.

    Untangle is a gateway based firewall and is much different. Gateway based firewalls will never be able to distinguish between a DLL or non-DLL communication over the network. Only way would be if there were client agents on each workstation that report back to the central gateway. Even in that model, it's utterly flawed with issues.

  4. #14
    Master Untangler
    Join Date
    May 2008
    Posts
    126

    Default

    Yes, I think there is confusion of ActiveX controls (dlls) being invoked by MSN.com that were installed at some time for some functionality that when blocked are hindering that added functionality they provided. Maybe not that the dll was being transfered over net, but communicating with webserver. Just a guess...

  5. #15
    Untangler
    Join Date
    Dec 2008
    Posts
    53

    Default

    Quote Originally Posted by sky-knight View Post
    Untangle can't stop anything from running on your client. You can however, control the internet access any program on a client has with the Untangle software in the gateway.
    And thank you to Untangle for this! I don't think I would use it if I had to install an agent on all client machines.

  6. #16
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,949

    Default

    There are some benefits of an enforcement agent on the client. Personally I think I would simply create some kind of app that custom configures the windows firewall according to rule sets defined within the untangle. These systems allow the edge device to manage the network more proactively. Like preventing a machine from getting internet access that doesn't have a working AV installed.

    The catch is making it modular, so you can support the widest array of configuration. The issue however, is that such an application would be almost as complicated of a process to make as the entire Untangle project has been to date!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #17
    Master Untangler
    Join Date
    Aug 2008
    Posts
    970

    Default

    Quote Originally Posted by sky-knight View Post
    There are some benefits of an enforcement agent on the client. Personally I think I would simply create some kind of app that custom configures the windows firewall according to rule sets defined within the untangle. These systems allow the edge device to manage the network more proactively. Like preventing a machine from getting internet access that doesn't have a working AV installed.

    The catch is making it modular, so you can support the widest array of configuration. The issue however, is that such an application would be almost as complicated of a process to make as the entire Untangle project has been to date!
    I think NAC is better suited for that purpose.

  8. #18
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,949

    Default

    Yes, but NAC really has to be integrated with the gateway on some level as well.

    However, reality dictates things that I don't like. In this world of non-customizable switches we're forced to use NAC and make it play with the Edge solution... and then integrate the client in on the back end. I would much rather have 1 interface that does all three.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #19
    Untangler lucidtek's Avatar
    Join Date
    Nov 2008
    Location
    Near D.C.
    Posts
    44

    Default I use Sygate still

    and I can tell you, the websites aren't pushing down .DLLs. These .DLLs have been updated by some other means, and Sygate is seeing them ask for network access with a different hash. It warns the user that it's changed, so you are aware of the change, so you can determine if it's normal or part of an attack. Sygate is the best firewall I've seen on the client side to date. I've looked for replacements, but I've never found one that does what Sygate did.

    Sygate doesn't just green light an app, but all the parts to an app. If a DLL gets loaded into an EXE, it asks permission for that DLL, even if you've already approved that EXE beforehand.

    I've cleaned up a serious malware infestation at a Govt facility that had no Edge devices and no NAC and no monitoring by using Sygate to fill me in on what was going on, and to contain infections and audit the machine that was infected.

    This whole thread was started due to a misunderstanding of what the firewall was actually doing.

  10. #20
    Master Untangler MiniPilote's Avatar
    Join Date
    Feb 2008
    Posts
    201

    Default

    I'm not sure exactly what is happening but I turned on the DLL filtering as suggested by dmorris. This was on an upgraded 6.1 UT at home. Shortly after I did that my wife complained that ebay was being blocked. I checked out the block page it was the UT web filter saying that it was blocked because of a DLL. I turned the DLL filter back off because my wife needed to access her ebay auctions. I haven't investigated any further so I'm not sure exactly what is going on but it was interesting to say the least.
    MiniPilote

Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2