I think it is important for ReactOS to have its own firewall. But why start from scratch? Maybe WinPooch could be something to start with. It is an open source firewall / anti trojan / anti spyware. I think the developers are going to write a special firewall working as an ndis driver, but this is only helpful for network activities, I think. WinPooch is also able to control file and registry access and in times full of spyware / malware it is neccesary to have something to watch your system from being corrupted by those programs more than controlling port access etc. Maybe both could work tgether or WinPooch could be integrated deeper in ROS than it is now integrated in Windows. [ThePhysicist]
Put your ideas here:
- ThePhysicist, Winpooch simply monitors changes to the system and asks you to allow them or not (and also enables on access scanning for clamwin.) It is not a firewall at all.
- The homepage says the following about WinPooch: "Winpooch uses the API Hooking method. It spies programs when they are running and gives to the user a powerful control of their activity.For example, you can forbide a program to write in a system directory or in the registry, or else to connect to internet. That makes the difference between others anti spywares using a database of known signatures." So it also has firewall capabilities. [ThePhysicist]
- I have tried it and it's great. It is very easy to use and does all a desktop firewall like ZoneAlarm does. You can monitor file access, reg write, net connect and net listen (for different IPs and ports, different protocols not yet) for all your software. You can configure for allow/deny/feign, you can make it ask and log. This is even better (and much easier) than Trend Micro desktop firewall. It still works as application not as service. This has to be changed, I think. And some little things have to be enhanced, but it's still beta. I now use it as desktop firewall / antispy on my 2nd pc. No more need for different programs like ZoneAlarm/SpybotS&DResident. I will try to use it in ROS next... [ThePhysicist]
- @ged: About the second driver: As this driver monitors applications' network access, why not make it also control system changes (registry write / system file write) like WinPooch does. It's very important to have something like that to protect the system from malware. It should also protect from hidden installation of rootkits. If it is not present in ROS you will have to install another application for this. If it is integrated as a driver it would be very secure and may not be bypassed easily. This would be a great advantage to windows.
- Whatever our firewall, it should have the ability to detect programs that have been modified since last being run, like ZoneAlarm. While malware scans can keep a user more secure, relying exclusively on them for our firewall makes us vulnerable to the delay between the appearance of a virus and the creation of rules to detect it. We may also want to combine the port and application firewall systems and make it so that a program is allowed to access certain ports. For example, Firefox'd be authorized to use port 80 but not port 6112. This would help catch malware that embedded itself in trusted programs if we either don't implement modification detection or if the malware figures out how to defeat it. BioTube 16:09, 20 June 2007 (CEST)