Security Hole ? : Firewall App - Intego NetBarrier

[Arena2045]

I have found something very alarming in the firewall app: Intego Netbarrier(10.3.2) for Mac OS X.It appears that if you have the firewall set to ask your permission to grantan application access to the net, it will more than likely allow it anywaywith out your action after a time of around 90 seconds.I find that very sad. I would much rather see the firewall deny access toan application asking for access, if I'm not there to reply to the visualprompt.I sent Intego support an email, and they replied back. They say that its abuilt in feature... Like I said I would much rather see it deny. I feelthat other's using the software may be misled just as I was.Below is the email history concerning this. I have removed my personalemail address, and my support number ID.I think the people should decide, and Intego needs to be heldaccountable... I believe that others may be misled about the security theyhave bought into with NetBarrier X.Emails: newest first, oldest last...------ Forwarded MessageFrom: Intego Support Team <support@intego.com>Date: Tue, 30 Mar 2004 09:23:42 -0600To: "address removed" <address removed>Subject: Re: NetBarrier X 3 - Support # XXXX-XXXXXXJoshua,According to our NetBarrier developers - this the normal and designedbehavior of NetBarrier.The Application Filter is designed to default to ALLOW after 90seconds. Our developers report that there are a number of differentscenarios that lead them to decide to make the default behavior asALLOW, instead of DENY.If you are concerned about a rouge application attempting to connect tothe internet in your absence - I would suggest setting the 'Defaultbehavior' of the Application Filter from ASK, to DENY. If theApplication Filter is triggered in your absence - instead of asking youwhat to do and then defaulting to ALLOW after 90 seconds - theApplication Filter will automatically deny the application access tothe internet.Thank you for choosing Intego.____________________________________________________________________RachelIntego Technical Support http://www.intego.com/support!! IMPORTANT !! When replying to this email, please use the "Reply"button, without manually modifying the subject.____________________________________________________________________On Mar 29, 2004, at 4:22 PM, <address removed> wrote:> Rachel,>> Thank you for escalating it to the NetBarrier developers.>> I eagerly await your response.>> Joshua >>>> From: Intego Support Team <support@intego.com>>> Date: Mon, 29 Mar 2004 13:04:41 -0600>> To: "address removed" <address removed>>> Subject: Re: NetBarrier X 3 - Support # XXXX-XXXXXX>>>> Joshua,>>>> Yes, it appears that NetBarrier's Application Filter will default to>> ALLOW after 2 minutes if no response is given to the alert.>>>> I have sent an escalation to our NetBarrier developers for an>> explanation of the feature. I will get back to you as soon I receive a>> response.>>>> Thank you for choosing Intego.>> ____________________________________________________________________>> Rachel>> Intego Technical Support http://www.intego.com/support>>>> !! IMPORTANT !! When replying to this email, please use the "Reply">> button, without manually modifying the subject.>> ____________________________________________________________________>>>>>> On Mar 26, 2004, at 8:44 PM, <address removed> wrote:>>>>> Hello,>>>>>> I just noticed something that I'm not sure is a bug or not.>>>>>> I was trying a new program and it tried to connect to the net. NB>>> asked if>>> I wanted to allow or deny it access. I was on the phone at the time>>> so I>>> didn't click anything but shortly after the window appeared it>>> disappeared,>>> and the program gained access to the net.>>>>>> I would think the program would DENY the program access to the>>> internet if I>>> do not select an option. What happens if I'm not at the computer>>> when>>> a>>> program tries to connect to the net? It would eventually gain access>>> because the firewall would just allow it access.>>>>>> Is this a bug? I can't find any setting to make it block if I don't>>> select>>> an option. I don't want to block all access, I would like to be>>> prompted to>>> whether or not to allow access.>>>>>> OS X 10.3.3>>> NetBarrier version 10.3.2>>> Support # XXXX-XXXXXX>>>>>> Thanks, Joshua>>>>>>

[Arena2045]

I think they are crazy to auto allow. I mean COME ON!!! Zone Alarm doesn't just allow programs access; their prompts will stay on the screen until you actually tell it what to do.I was MISLED by their site! And I feel that others may have been also. This is clearly a security hole, NOT a feature.

[BarryB]

I'm with you here, I see it as a security hole too. Too often I have seen developers do something without any true end-user input during the design phase..then rather correct the code, they say it's a feature (and don't explain how it's really a feature..or what it does for the end-user)I've actually had a developer say to me"Why should I care what the end-user thinks...they just use the system" 3 months later the company (the one I and the developer worked for)lost a court case costing them hundreds of millions of dollars all from "Development Errors"

[bjf123]

I use a program called Little Snitch as my software firewall. I've sent an e-mail to their support about this and will let you know what I find out. I'm pretty sure, however, that it stays in a "deny" mode. I seem to remember Software Update not being able to connect because I had Little Snitch configured to only allow the connection to a specific IP address, and that IP changed (or was busy). The next day, I think Little Snitch was still sitting there waiting for me to respond.

[GolfProRM]

My thought is that if you want the firewall to ask you if a program can access outbound, it shouldn't then make the decision for you! An ask mode should be just that, an ASK mode. If you wanted everything outbound to have access, you'd just set it to allow that. Did you spend money on this program? If so, I'd be asking for my money back from the company.

[Guest LilBambi]

You are so right Ryan! Heck if you wanted to allow everything ... why bother with a firewall at all! That is NO FIREWALL!I will be interested to hear what the folks at Little Snitch say about their firewall program, bjf123.

[linuxdude32]

That's crazy. I wonder if the company will exist long enough for you to get a refund with that stupid idea.

[bjf123]

You are so right Ryan! Heck if you wanted to allow everything ... why bother with a firewall at all! That is NO FIREWALL!I will be interested to hear what the folks at Little Snitch say about their firewall program, bjf123.

Here's my reply from the folks at Little Snitch.

There is a user definable timeout and you can also decide wether Little Snitch should always deny or allow this connections. If you don't move the mouse over the panel within 30 seconds, the default action of allowing the access until quit is taken. If the panel can't get to the front of the screen, it does not receive mouse events and the default action will occur. This feature has been added in Little Snitch 1.1.You can set the timeout and the default action Allow/Deny within the Little Snitch system preferences pane.- Open the Little Snitch preference pane within the "System Preferences" application.- Click on the round "lock" button to unlock the preference pane. You will be asked for your username and password.- By clicking "Preferences..." you can modify or disable this timeout.

Looks like it's a configurable option in Little Snitch. I checked mine and it's set up to deny the connection if no response after 60 seconds.

[Jeber]

But it looks like both programs default improperly. It should default to deny. You should have to configure permissions.

[Arena2045]

bjf123Thanks for recommending "Little Snitch." I remember reading a review of it when I was researching potential software purchases when I first got my system.I downloaded it, tried it, and have purchased a license! Little Snitch gives you much more control over the programs access than NetBarrier ever did, even if you were there to click accept or deny access.With NetBarrier, the only downside for me is the fact that it doesn't auto default to DENY if you are not available to answer the request prompt... Because I purchased a license for it, and because I still like a number of it's features, I turned off it's application filtering, and am now using NetBarrier in connection with Little Snitch.I know that Little Snitch works, because today my scheduled recording of an internet radio show wasn't recorded. I verified that the startup scripts were correct, but when I tried the audio stream Little Snitch popped up asking for my decision wether or not to allow access. That answered my question on why it didn't record. Since I wasn't at the computer to accept the connection, it defaulted to DENY.In regards to your most recent post, and to reply to Jeber's latest post. When I installed Little Snitch it was set to default to DENY after 60 seconds. I don't know why they said it would default to ALLOW after 30 seconds...Anyway, thanks again for recommending Little Snitch, it works great and is the perfect complement to NetBarrier (which still has a number of advanced firewall tools).

[Guest LilBambi]

Little Snitch definitely sounds like a much more logical firewall program.