system
14
Thanks for the Outpost pointer, gbark. I have heard of that firewall, but never tried it. It’s cc-per-app capability sounds like just the ticket for the problem I am currently faced with. I’ve never needed that functionality before running into avast.setup. I will investigate Outpost. I will have to decide if paying for it (not free, I don’t think) is worth the benefit of not requiring the newbie to accept MD5 changes with Kerio. Also, I am very familiar with Kerio and not so with Outpost. That’s something to consider in a remote-support situation.
I think I didn’t pickup on the loopback requirement because I have a generic “LAN bypass” rule in all my firewalls. This allows unfettered access amongst all my computers to 127.0.0.1 and 192.168.0.0/24 I know that this is technically not the safest thing to configure, but I did it anyway for the convenience. I know how to keep my computers clean (maybe!) and nobody else is allowed to plug into my LAN (cat5, no wireless). Any WAN-side bad guys would have to get their spoofed (LAN) IP address through my rules based router first, before being able to exploit my firewall’s LAN-bypass rule anyway. It’s good that you brought up the loopback requirement, so that I don’t forget about this and incorrectly wipe out 127.0.0.1 when I delete/modify the LAN-bypass rule prior to sending the computer on. It won’t be on a LAN after I’m done with it, so it won’t need LAN-bypass, but it should have unfettered loopback.
I’ve strayed way off topic here (as usual for me!) But at least we are still on target for security related issues, of which avast is a key component!