Winpooch - 'FOSS' Firewall (400kb)

[DigeratiPrime]

ok I will keep this guide simple, because I believe once i show you how easy it is to use you can do whatever you want :)

This guide will show you how to block everything from connecting to or listening to the internet except firefox (or whathaveyou).

Winpooch is FOSS (Free and Open Source Software), it weighs in at about 400kb, and it doesnt need to be installed - just extract the zipped binary.

Download Winpooch

http://winpooch.free.fr/home/index.php

http://sourceforge.net/projects/winpooch/

Instructions:

• Start Winpooch and delete the existing Net:Connect and Net:Listen rules except those that have the Address (Param 1) set as 127.0.0.1 because thats your computer and you need that (i think). :) If you followed that correctly the window should now appear as shown below:
  

• Create a new rule by clicking on the '+' button on the bottom right. Set the fields as show below then hit ok. Repeat this step but this time for 'Reason' choose 'Net:Listen'.
  

• If you read and followed these instructions Winpooch should now look like this:
  

• This last step is to add Firefox as an exception so it may connect to the internet. Click the '+' on the top to Add Program. So in this case navigate to firefox.exe and then hit ok. To keep things simple were just going to select "Don't hook this program". This tells Winpooch to just ignore that program. Alternatively you can create rules and specify what addresses (ip's) and ports (80, 443, etc) it may connect to, and have winpooch keep logs of the ips and ports it uses.. You may also want to do the same (unhook) for explorer.exe, otherwise explorer.exe will hang when it starts.
  

• Now when a unpermitted file trys to access the internet...
  

Thats all there is too it! :D

Edited March 2, 2006 by DigeratiPrime

[Popcorned1]

Wow, looks fantastic! Going to download and try this right away.

Cheers !

[Edit] Wow, thats some amazing software, it really does block everything. Thanks again mate. !

Edited February 25, 2006 by Popcorned

[Popcorned1]

Couldn't make another edit. Anyway, with Windows Xp Sp2 this program has some really bad issues. I've restarted the computer and this programs hangs at start up and you can't do nothing. I had to go into the safe mode to recover my computer. Just a note.

[DigeratiPrime]

that has nothing to do with xpsp2, its probably just explorer.exe trying to start. I noticed a hang when i restarted explorer.exe, after about 5 seconds i got a popup I choose 'NewFilter'

Program: C:\WINDOWS\explorer.exe
Reason: Reg::SetValue

Param1: 
Type: String
Value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Param2:
Type: String
Value: Common Startup

Reaction: Accept
Verbosity: Silent

Also you can add a program in Winpooch and tell it 'Don't hook this program'

Edited February 25, 2006 by DigeratiPrime

[Popcorned1]

Ok, thanks for the advice, I thought that was it, because explorer was really struggling to do anything.

[Popcorned1]

Sorry for all my posting, but thanks to the fix you provided I managed to get it to work.

Heres my final review ;)

The size of the program is amazing, i'm really pleased that I didn't have to download a 30 meg file for a firewall. Under 2 meg is fantastic and dialup users will be downloading this one for sure.

The setup of the program is easy.

Once setup, do the unhook the explorer process as your computer will get into loads of trouble and basically stop working. This is because the explorer exe can't start and that's why you wont be able to access the start bar etc.

I have to say once i've got it to work i'm very satisfied with it. Theres no problems when it's running and does a grand job, the simply interface is nice.

Best of all, it's Opensource! :D

[sdb815]

Looks pretty neat, anybody else try this? I don't want to install anything new I haven't used before, I just got done formatting. :p

[DigeratiPrime]

download the zipped binary, theres nothing to install. everything is saved inside the one folder. it runs as a process, in the future they might have a version that installs it as a service.

BTW if you are in the habit of reformating your pc often, i would suggest you consider looking at Acronis True Image. ;)

[sdb815]

Thanks for the info, I might have to give this a try.

[acedriver]

will try this later.. looks promising..

[Popcorned1]

I'll post a guide later on how to make a program run as a service. Then were complete :D

[jimbo12141]

downloading now, will post some info shortly, and "Popcorned" - that would be great! :yes:

[Popcorned1]

Too slow i'm already done.

[jimbo12141]

lol just read it and its working, cheers!

[DigeratiPrime]

unfortunately Winpooch doesnt seem to work properly when running as a service using the Srvany.exe trick on the other guide. At least for now.

https://www.neowin.net/forum/index.php?showtopic=436726

[paxa]

nice guide...thanks....downloading right now

[DigeratiPrime]

simplified the guide:

removed a step and i suggested setting Winpooch to 'not hook' firefox, instead of creating rules for opening ports.

I also advise doing the same for explorer.exe to avoid some minor problems.

[KaRpiX]

does this firewall ask for exceptions when a program is trying to connect to the internet?

say for instance i run Warcraft III will it ask if it may allow W3 connection to the internet?

[nizsmo]

does this firewall ask for exceptions when a program is trying to connect to the internet?

say for instance i run Warcraft III will it ask if it may allow W3 connection to the internet?

Yea it acts as a normal firewall, but just a little different. I am using it, and it works great for me!

Beats anything bloaty :cool:

How bout some of that NODpooch32 :D :D

[Laughing Man]

I could use it to replace my current Kerio firewall right? Also how about torrents. Considering the massive amount of people connecting would I just make a rule for utorrent and say allow all traffic?

[DigeratiPrime]

right, for torrents i tell winpooch to accept all addresses and ports for connect and listen. because i trust that program. Likewise you could also tell it to just unhook that process and it will ignore it completely.

for firefox i have mine set to allow firefox to connect on any port or ip, but its not allowed to listen.

if a program not in the list try's to connect say explorer.exe pretending to be internet explorer, winpooch pops up instantly and i tell it to reject and internet explorer thinks theres no connection. you can also kill that process :devil:

of course you can also adjust the verbosity or logging. I use 'silent' for torrents/firefox because i dont want a list of every port and ip ive connected to, the logs will just get enormous or roll over very quickly.

just try it its a zipped binary and it doesnt install any services, drivers or rootkits. if you are really paranoid you can download the source! ;)

[aggrophobik]

So what would be the diffrence between using this guide and just using "default" config?

[Laughing Man]

How do you tell it to accept all addresses and ports? The rules are just net connect in, out, read or write, etc..

Also I think me screw up. I deleted everything but the ones with the IP 127.0.0.1 (so in the screenshots minus everything without that IP). Also when I add programs to the list how do I configure it so it auto accepts it? What's the undefined rule too?

[DigeratiPrime]

So what would be the diffrence between using this guide and just using "default" config?

the default config allows all processes to connect and listen to the internet. this guide reverses that! see the first post.

How do you tell it to accept all addresses and ports? The rules are just net connect in, out, read or write, etc..

Also I think me screw up. I deleted everything but the ones with the IP 127.0.0.1 (so in the screenshots minus everything without that IP). Also when I add programs to the list how do I configure it so it auto accepts it? What's the undefined rule too?

look again at step 2

[Herby]

It's a nice little program, but I would not recommend to use it as a firewall:

It locks your ports, but it does'nt hide them -> Shields Up! (select Proceed button and select All Service Ports).

It does'nt prevent most programs from accessing the internet -> Firewall leak tester.

Edited April 5, 2006 by Herby