• Sphinx Windows Firewall Control

    Home » Forums » Newsletter and Homepage topics » Sphinx Windows Firewall Control

    Author
    Topic
    #20252

    A guest post from Noel Carboni: Firewall software is responsible for blocking or allowing network communications. A lot of folks who care about securi
    [See the full post at: Sphinx Windows Firewall Control]

    Viewing 71 reply threads
    Author
    Replies
    • #20253

      Thank you Noel.
      You have mentioned the Sphinx Software Firewall in the past few times and the new details are more than useful for anyone who cares.
      The standard firewall used to be ZoneAlarm few years ago.
      I personally liked Sygate a lot, but Symantec purchased it and destroyed the product immediately after purchasing it. It is still available, but it is usable only on Windows XP as far I know.
      More recently I tried Comodo Firewall which was the closest to the monitoring in which I was interested.

    • #20254

      Woody and Noel ……… a very interesting article indeed thank you Woody for including it for us and also Noel for all the work you have put in. I will most certainly be reading up on it and trying it out. Thank you also for sharing your knowledge with all of us….. it is much appreciated. LT

    • #20255

      My understanding is that it uses the Windows Filtering Platform, as does the Windows Firewall, so I’m not sure what the advantage is…

      https://msdn.microsoft.com/en-us/library/windows/desktop/aa366510%28v=vs.85%29.aspx

    • #20256

      Very good initiative. Thanks to Noel and Woody. This certainly sounds interesting and I’ll have a look.

    • #20257

      I’ve not heard of Sphinx before, but have also recently trialled Comodo, including their Backup, trying to find a suitable replacement for Bullguard. The last good version of Bullguard was 8.7, and it is now no better than Windows’ fw.
      I’ll check out Sphinx, but Woody, do you have a “sponsored link” to them we could use?

    • #20258

      Hi Noel.

      Really useful article. I’m interested in having your config, it could be helpful to understand things better and in deep. Please may you let me have it?

      Thank you very much in advance

    • #20259

      good stuff 🙂

      is Peerblock any good?
      http://forums.peerblock.com/

      it has particular filters/blocks just for microsoft
      paid version has many interesting fliters/blocks

      be safe

    • #20260

      Similiar to Ch100, I used ZoneAlarm, prior to 2009; but switched over to Comodo Firewall which I like. It is a little confusing to set up. From the article Sphinx look pretty good. At some point when Comodo misbehavior, I will try Sphinx. I’ve been around computers and software a long time. When things work, leave it along; especially, I’m my IT guy!

      Thanks for the info, and help.

    • #20261

      Is the management using names instead of numbers only available in the Plus version which costs $30?

    • #20262

      Hi Noel,

      Where you say “…in practice you really want to just shut off the Windows Advanced Firewall and manage firewall operations entirely with the Sphinx software. Having both active would just lead to confusion.”, do you mean avoid using Windows Firewall’s Advanced Settings, or disable Windows Firewall, and use Sphinx Windows Firewall Control only?

      A comment at http://www.techsupportalert.com/best-free-firewall-protection.htm#comment-127429 says:

      “Windows Firewall seems to be essential now for Windows 10, as if you disable it, you cannot receive automatic Windows updates”.

      Is that true?

    • #20263

      If you’ll eMail me at NCarboni@ProDigitalSoftware.com I’ll be happy to send you a zip file containing my configuration settings for Win 7, 8.1, and 10.

      I’m not trying to gather eMail addresses for spam – I hate spam. I’d just rather not post my configuration publicly.

      -Noel

    • #20264

      I believe name-based management is available in all variants, but please understand that I’ve only tested the top-end Network/Cloud edition, as I use the product on multiple systems in my network.

      -Noel

    • #20265

      FYI, I found a feature comparison for the various versions available here:

      http://www.sphinx-soft.com/Vista/order.html

      Since “Security Zone Editor” seems to be included in Plus and above, it may be true that you cannot add specific entries with the Basic version.

      I encourage you to download the edition you feel is right for you and try before you buy. That’s the way to know for sure. It’s how I first got familiar with the product, back in early 2015.

      -Noel

    • #20266

      Is there any way to confirm this with the Sphinx folks?

      Seems like a major benefit.

    • #20267

      If you’ve ever tried to set up a deny-outgoing-by-default configuration and manage it using the Windows Advanced Firewall interface, then you would know.

      1. The Windows Advanced Firewall UI doesn’t provide a good log from which you can see what has happened. It puts events into the Security event log, which is clunky to deal with in an ongoing way.

      2. The Windows Advanced Firewall operates by IP address. If you want to get really picky about what you allow particular software to contact, in this day and age of server banks (multiple mutable addresses for the same host name) that’s completely impractical. The by-name configuration management is where Sphinx really shines. Just think through how you would set up a rule to block *.bing.com for example.

      3. It’s actually a good thing that Sphinx uses the Windows Filtering Platform under the covers. That’s actually a VERY solid and efficient firewall engine provided as part of Windows, whose development goes way back. I have never seen any evidence that it has been sidestepped – even by Microsoft. As I mentioned above, if you disable the Windows Advanced Firewall and stop the Windows Firewall service, applications, the OS, and installers cannot add enabling rules.

      In my case I’ve removed all Windows Advanced Firewall rules, have disabled it using the “Windows Firewall with Advanced Security snap-in, and have disabled the Windows Firewall service. I want the Sphinx software to rule all.

      -Noel

    • #20268

      That’s actually a very good question. Thanks for bringing it up, James.

      On my Win 10 setup I have:

      A. Removed all rules from the Windows Advanced Firewall

      B. Have “turned it off” for the Domain Profile, Private Profile, and Public Profile via the Windows Firewall with Advanced Security control panel snapin, and

      C. Have Disabled the Windows Firewall service using services.msc.

      Doing all of the above is somewhat redundant, but I like to be sure (think “nuke ’em from orbit” sure).

      To initiate a Windows Update on my Win 10 system I go through this sequence:

      1. I enable, start, and re disable the Windows Update and Windows Firewall services.

      2. I reconfigure the svchost entry in the Sphinx firewall software to allow Windows Updates.

      3. I run the WUShowHide tool (unchecking “repair automatically”). It shows me what updates will be installed, but doesn’t actually install them. I vet them and hide any I don’t want.

      4. I start an actual Windows Update manually through the Settings App. Any updates I’ve hidden with WUShowHide won’t be installed.

      5. Usually a reboot is required, and Windows Update and Windows Firewall services will not be re-started after, since I already re-disabled them.

      6. I reconfigure the Sphinx firewall to disallow updates again.

      In practice this is not a difficult process to go through to be SURE that Windows Updates only go in when I want them to go in.

      -Noel

    • #20269

      Noel Carboni suggested replying to me. Please do not treat it as an advertisement. I just would like to answer the question.
      The by-name functionality is actually available in Plus and Network/Cloud Editions only.

      You may find it useful anyway and can test it in full. The trial version is full functional.

      Honestly I did not even image how strict, compact and nifty a security policy implementation could be before Noel disclosed his configuration to me. I just created a tool before, but now I see even more benefits of the program usage. E.g. blocking all evident telemerty related sites with a single (even predefined) rule.

      Also I would be happy to give a free license if you suggest a doable and publicly attractive feature to us.

      Looks like there are no other tools that are able to block a site (including by-port/protocol options) for a selected application. All the ways I know are based on blocking/redirecting entire DNS. A site blocked via DNS is blocked for all the application at once only, but not with the program.

      Actually the original idea of the by-name filtering belongs to Noel, we were just discussing a way implement his own security policy, he started using a DNS based approach and had some troubles. Then the discussion went deeper and I thought “why not”. After several months the more flexible (than DNS based) approach was implemented.

      Serge

    • #20270

      It seems too complicated for the risk it reduces

    • #20271

      I use the free version on my Windows 7 Pro laptop. According to the Help section, name designation is available, although I’ve never used it. Previously, I was using Online Armor, which I loved, but support for the firewall was ended awhile back. Windows 10 Firewall was extremely annoying at first, and I’m sure I allowed things I might not have if the program hadn’t kept popping up alerts all the time. Now, however, it just seems to run in the background and rarely alerts me to anything. It doesn’t really analyze software in-depth, the way Online Armor did. I found Windows 10 as a recommendation at Tech Support Alert dot com under an article on Best Free Firewall Protection.

    • #20272

      Not an advertisement at all! It’s an intriguing new tool (at least, new to me), highly recommended by one of our regulars. It covers a topic that needs all the light it can get. Post away…

    • #20273

      I can’t deny that it’s pretty geeky and complicated to run a deny-by-default firewall configuration.

      But man, once you’ve got it set up and humming along the comfort of knowing nothing is going out without your approval is pretty strong. I can’t imagine doing without it at this point.

      And the risk you speak of is variable, and by most accounts rising. Microsoft has become predatory, but even beyond the OS, it seems everyone wants your data nowadays.

      And you’re here, at this site, likely because you feel Microsoft is taking control away from you.

      This product is what’s necessary to regain control!

      -Noel

    • #20274

      Noel or Woody,

      1. How long is the trial for the “Plus version”?

      2. Is the license lifetime or “subscription”. I spent a few minutes looking at site but didn’t see an indication.

      3. Any special issues or considerations in usage with VPN?

      It would probably help sales if you clearly at top page level indicated Trial period and Lifetime (vs. subscription) if that’s the case.

      I know this would influence my decision.

      Thanks!

      Mike

    • #20275

      Tinywall is much better. Well written, light, not bloated and free.

      http://tinywall.pados.hu/

    • #20276

      Please correct me if I’m wrong, but doesn’t TinyWall just either blanket allow or deny particular programs access to the entire network?

      Assuming so, that’s in an entirely different class than the Sphinx release.

      I don’t doubt that TinyWall may be really nice for what it does, and it may even be really easy to set up (I haven’t tried it, I just read about it), but the point I’m making here is that the Sphinx software can facilitate allowing application A to connect to server X but not server Y, in addition to not allowing application B to go online at all and allowing application C to visit any site.

      This sophistication and selectivity is quite honestly what’s going to be needed moving forward in a cloud-connected world where there are certain things you just don’t want sent to certain places.

      -Noel

    • #20277

      It is not about the APIs, but about using them to provide a user friendly product.
      Do you suspect the APIs somehow collecting data?

    • #20278

      Thank you Serge.
      I don’t see your post as advertisement, rather as a useful explanation for how a software product works.
      If anyone is advertising this product, that one is Noel. But his posts about Sphinx firewall are more than welcome. 🙂

    • #20279

      I honestly can’t answer your questions definitively, except to say that as far as I can tell the license is perpetual once you buy it.

      I’m hoping the author will duck back in here and answer your questions more definitively.

      -Noel

    • #20280

      There is a utility called WFN that piggybacks on win firewall to alert to puts that requires no config. Seems to me a much better functionality to complexity ratio than sphinx.

    • #20281

      Alerts to outs

    • #20282

      Too much hassle for too little benefit. What is needed is an alert system that invokes sphinx at any incident and lets u allow or prevent it that specifically. No alert no config.

    • #20283

      To each his own…

      I find that the Windows Firewall (along with additional security measures) works very well for me.

      I don’t see any compelling reason to switch.

      I think the recent hysteria over “telemetry” is mostly FUD (read Ed Bott’s and Paul Thurrott’s takes).

      Your car insurance company and your ISP probably knows more about you than Microsoft.

      Wireshark is an excellent tool for those that like to analze packets going across the wire…

      https://www.wireshark.org/

      That said, I would be more concerned about someone downloading and running an untrusted application.

      https://technet.microsoft.com/en-us/library/cc733026.aspx

    • #20284

      !

    • #20285

      Gee, it really does sound like I’m pushing this product. I guess I am. When I find something that really works I like to let folks know.

      But the firewall is just one part of a larger strategy…

      In my network environment I also run my own DNS proxy server, with which I blacklist many sites. It also provides local caching. Voila, no ads, no malware, improved network performance.

      I have reconfigured / tweaked Windows in many ways to be more private and secure, including not only policy and registry changes, but also changing the state of selected services and scheduled tasks. There are a few good tools out there to do this with – e.g., O&O ShutUp10, WinAero Tweaker, etc.

      I always reconfigure my browsers to not run add-ons or ActiveX.

      And above all else I practice common-sense (e.g., I don’t download and run things I find online without vetting them first).

      All Apps are removed. Don’t need ’em, don’t want ’em.

      What this means, when combined with a good firewall setup, is that I have MULTIPLE levels of protection and control, with minimal online exposure.

      -Noel

    • #20286

      Thank you Noel and Woody for this posting.

      Years ago I was modifying my security suite firewall for some gaming and to stop some Google data collection for advertising. It worked great until I became a bit too confident and blocked a series of IP address that I later found was crucial to photos displaying on an auction website. A developer at the website toild me that many companies were using Google services for their speed and scalability. Fortunately, the fix was just deleting 2 of the rules I had created.

      This software looks like it could be of great utility if used and learned properly as Noel was describing. Thanks again. This is a true keeper.

    • #20287

      On the topic of Peerblock:

      I’ve written in the past on AskWoody.com about my uses of Peerblock, and a little about its situation (it is not an actively-managed program and the team of creators disbanded a couple of years ago. Indeed, they closed their website down and only the forum is left up, mainly for reference.)

      It is a free program, there is no paid version. (Unless something has drastically changed with it in the last couple of months!)

      I think Peerblock is fantastic and I get a lot of benefit out of it. I don’t do any torrent stuff or anything like that, I just use it as a straightforward protective device against IP connections that I don’t want to allow.

      Beyond using blocklists that have been created by others
      (see iblocklist.com for some examples; iblocklist.com moved to a paid-only service earlier in 2016, whereas before a lot of its lists were free, but it’s only $10 a year now I think, and to me it is worth it),

      if you are a non-techie like I am, it is difficult to get the hang of Peerblock and often it is time-consuming to create your own blocklists, because it’s based on IP numbers and not website addresses or company/owner names.

      IP numbers that companies use change all the time, so you have to keep on top of that. Companies can use many different IP numbers, some under different owner names, so you have to research who the IP address’ owner is and stuff like that.

      I’ve made a number of lists on my own, though. And I block Google and Facebook left, right, and center. I block the IPs of about 30 different countries (there are lists for that on iblocklist.com) full stop. I block advertisers and trackers.

      I’m not worried about getting on the wrong side of any authorities by using Peerblock because I’m not blocking the “checker-uppers” of the internet who try to see if people are torrenting or stealing and that sort of thing.

      Even though they took the Peerblock site down, you can still download the program from their archived site that you will find on the waybackmachine/internet archive. If you want the address for that, you can look up my prior comments about Peerblock on AskWoody.com where I gave the url for downloading the program from their archived website. (The .exe file still works, I tried it earlier this year.)

      I would never willingly be without Peerblock — if it still works with my future systems, whatever they will be.

      One reason I resorting to using it 3 years ago was that I am an I.E. user, no other browsers, and I.E. does not have many of the blocking tools that Firefox and Chrome have. So you can say, “oh you should use this add-on, you should use that program, instead of Peerblock”, but I most likely could not use it with I.E.

      Since I am well acquainted with the complexity of using Peerblock to block stuff at the IP number level, I really appreciate Noel’s innovation for Sphinx that it can block by name instead of IP number.

      —-
      Other topic:

      When I was looking up Sphinx online last night, after I had read this blogpost for the first time, I saw where the free version didn’t block things at name level, at least as of a couple of years ago, so I was wondering if that was still the case.

      My Peerblock settings wouldn’t let me view the Sphinx link that Noel gave, and I am always reluctant to allow through an IP address that I’ve not seen before. It was under an unusual name, I don’t remember it now. That’s why I was looking Sphinx up on other sites that I know I can view without any problems.

      When looking around, I also saw Woody’s mention of the Sphinx program a few years ago in Windows Secrets where he said that blocking outgoing connections was a waste of time, in his opinion. 😉
      However, he did recommend the program if you wanted to go ahead and worry about outgoing connections.

      …Unfortunately, when I was researching what had been said about the Sphinx program on other sites like Wilders Security Forum,

      I also suddenly had something turn off my laptop’s wireless internet connection, by itself (what?) — several times I tried to turn the wireless back on, but I got a message from IE saying that I was transferring to a dangerous webpage, when I wasn’t even doing anything with IE, instead I was in the wireless settings trying to turn that back on.

      It was freaky and concerning, so I shut all the windows down, ran Ccleaner (I don’t use the registry cleaning part, I just use it to delete cookies and other safe stuff), shut the computer down, then turned it on without connecting to wireless and checked the Norton logs and ran Malwarebytes, that sort of thing.

      Having to turn my computer off so suddenly and unexpectedly, I lost the text of the original comment that I had been in the middle of writing in this thread last night about my use of Peerblock.

      Anyway, Malwarebytes didn’t find anything, but I’m not quite sure everything is okay, because the behavior was so weird last night.

      Does anyone know what could have been doing that to my computer?
      Is there a different, free, malware-searching program that people would recommend I obtain and run?

    • #20288

      Actually on further reading I found that it’s a permanent license vs. subscription.

      http://www.sphinx-soft.com/Vista/index.html

      Perpetual license without subscriptions

      ****

      Currently exploring the riddle of the Sphinx Software [:-)]

    • #20289

      No need to be bashful. If you like a product, go for it.

    • #20290

      I have been using the Free Sphinx Firewall control for years, since the XP days 🙂

      I chose it because it uses the built-in Windows Filtering Platform (WFP).

      All of the other 3rd party firewalls load their own drivers and filters, etc.

      Do you want a stable PC?

      Load as few 3rd party drivers as possible!

      Back in the day, I used ZoneAlarm. Norton, and Comodo. I ended up having issues or conflicts with all of them, eventually.

      I am looking forward to checking out the new version!

    • #20291

      @Poohsticks- I always appreciate the clarity you bring to topics, and they have helped me over and over again. I can’t identify anything that happened, being a non-techie. However, I’ve found Majorgeeks to have precise instructions, providing links to the needed resources and adequate clarity of how to use them, on MajorGeeks’ Malware Removal Guide. I haven’t had any problems but did run through their instructions in the past, just to make sure I could if I needed to. I was able to follow each and every step, which was reassuring to me. Then, if you are still having problems, they have volunteers that will help you resolve them. Thank you for your patience in translating the tech stuff for the rest of us.

    • #20292

      Indeed. But it looks like tinywall does the same without the hassle.

    • #20293
    • #20294

      Sounds like you already used the one I would recommend – MalwareBytes AntiMalware.

      I can’t speculate on what happened, but the message from your browser concerns me.

      I use IE as well, and I seem to do pretty well having disabled the ability for IE to run ActiveX or Add-ons from the Internet Zone, as well as having disabled the fancier scripting behaviors.

      Where were you at? I can imagine being directed to a web page at, say, a commercial site’s wifi – e.g., Panera Bread or Starbucks.

      -Noel

    • #20295

      I see your answer for Noel and I got my answer too.
      I also think it is too much FUD posted by overly concerned users. But there is also a lot of valuable information found as a result of the research done and posted most of the times by the same users.

    • #20296

      Absolutely.

    • #20297

      I tried Sphinx Firewall for a little while today.

      I’m Group B, Windows 7 Pro64.

      PIA VPN, Spybot+Antivirus, Malwarebytes Pro, Microsoft Security Essentials, CCLeaner Pro (64bit), Windows Firewall running, Firefox, Chrome, IE uninstalled completely. Do two complete disks backups and restore points twice a month.

      A couple of observations:

      1. I just installed the Plus version and was going to use the trial. I was wondering how long the trial was and the same evening I get the trial reminders then it tells me I have to reboot if I want to reset and continue using the trial? Figured I’d have at least 7 days and not have to reboot in order to continue using.

      2. I occasionally turn off my VPN to watch movies on Hulu or Netflix. When I did this and then turned PIA VPN back on it keep rejecting connection. I opened up the Sphinx Firewall, deleted all the instances of PIA VPN and then retried and it prompted me to allow it this time. Otherwise after turning off PIA VPN and then turning it back on always produces the “Trial Version” message from Sphinx.

      I went ahead and uninstalled Sphinx Firewall and did a system restore point created earlier today.

      I may try Sphinx Firewall some more due to my observation that it seemed to be blocking a lot of stuff that also indicated that it was coming from “Windows Firewall”.

      It was interesting to keep Windows Firewall on and see all the messages.

      Also, on the plus side it seemed that browsing was faster even with the VPN on with Sphinx Firewall.

      *****

      I noticed that Sphinx appears to be registered in UK with owner of Vsevolod Belych LBETech (Let’s be Elite) and switched from October 8, 2016 (c)SphinxSoftware to November 10, 2016 (c)April-Stock Company LLC per Wayback Machine Archives.

      Currently April Stock Company *seems* to be connected with Cinthia Julie Alcindor and brings up some interesting research hits.

      http://sphinx-soft.com.websiteoutlook.com/

      https://web.archive.org/web/20080619050731/http://www.sphinx-soft.com/company/index.html

      http://mssoft-info.blogspot.com/2016/09/april-stock-company-llc.html posted by Vyacheslav Mikhaylenko in 9/2016.

      https://bizstanding.com/profile/april+stock+company+llc-30034553

      https://web.archive.org/web/20080619050731/http://www.sphinx-soft.com/company/index.html

    • #20298

      After reading through some of the posts I see that the free Sphinx version doesn’t do some of the desired things that have been discussed.

      I run Win7 Pro with no intention of moving to Win8 or 10. I’m struggling now trying to decide if I will be a Group A, B, or W update user. I wonder if the free version of Sphinx would prevent the possible snooping that Group A updaters might be allowing?

      I also wonder if the portable version of Sphinx is also a free version and if the portable build has any additional limitations?

      Thanks Woody, Noel, and the other regulars for all your efforts.

    • #20299

      @Elly,

      Thank you for your kind message.

      It means a lot to me that you said, “I always appreciate the clarity you bring to topics, and they have helped me over and over again.” I am glad that I’ve been able to help. 🙂

      Thank you for your recommendation of the MajorGeeks site which offers an initial do-it-yourself guide and then personal assistance by volunteers if that is warranted!

      I have gone through my modem’s history log and looked up some weird-looking entries that have appeared on there in the last day. It’s hard to know what these odd-sounding entries/alerts mean when you are a non-techie.
      I am now going through my Norton Security history log and searching the Norton support website for explanations of the past 24 hours’ log entries and terms that I don’t understand (which is 80% of them.)
      I need to stop for now, will continue tomorrow. If I find anything specific that does require fixing, I’ll update this post.

    • #20300

      WOW!! Impressive ritual you have there 🙂

      Sounds like you are a very legitamate ruler in your very fortify fortress!

      🙂

      I think its absolute MUST for using electronic these days…
      being knowledgable and therefore responsible…
      and not being “just a user”
      and it just shows whats the weather out there unprotected
      or being ignorant and voluntarily being harvested

      KUDOS to you

      and we cant thank woody enough for his site
      that allow such sharing of information for the good of public and like-minded folks

      with peerblock I just download all the lists and block everything
      better be safe and than sorry, they say right?

      and at the end of the day,
      the question is…
      Who do you trust?
      (or with all the fake news and unfriendly propagandize agency around, it be at least who do you trust more?)

      be safe y’all
      whatever thats is coming, its coming…
      in the sky, underground, and under waters…
      they come from everywhere

      going back fishing for better dreams

    • #20301

      FUD stands for “Fear, uncertainty, and doubt”.

      Fear and Doubt do not motivate me. Uncertainty seems to require a response.

      We cannot be certain what Microsoft, Google, Apple, Amazon, or any of a host of others will do with the information they take from us. But we CAN infer, from their behavior, that it is valuable (HOW much did Microsoft buy LinkedIn for again?).

      Ask yourself: From where is that value coming?

      We CAN be certain about this: No one can abuse your data or extract value (at your expense) if they simply don’t have it!

      Just a few short years ago it was absolutely unthinkable for software to “phone home”. It was the very definition of spyware, a particular category of malware. There were programs (e.g., “SpyBot Search and Destroy”) just for it.

      Value changed hands through normal monetary transactions. Things you could see and control.

      Why has that changed?

      Do you think USERS wanted it to change?

      It’s not less likely today that your data will be abused (or stolen). If anything, “bad guys” have better computers to work it over with than ever before.

      -Noel

    • #20302

      🙂

      -Noel

    • #20303

      Not to belabor it, but if some creepy guy came up outside your office or home window and just started watching you, never leaving, and jotting on a notepad whenever you do something you’d think that was unacceptable, right? What if they were holding up a voice recorder to your window?

      You’d call the cops, or maybe get your gun or baseball bat, right?

      Now explain how Microsoft or Google or whomever logging whatever you do on your computer is fundamentally different from that?

      What if someone in a big commercial company said, “it’s for the greater good”, and a whole lot of your neighbors didn’t react to the creepy peeping toms standing in THEIR yards? Would it make it okay?

      “Telemetry” is such a geeky, NASA word. I like “snooping” better (bravo Woody). I’ll bet most folks don’t realize that using “Search Suggestions” and “SmartScreen” just means what you type is sent in. Cortana even sends in recordings of your voice. Think about that. There’s no reason all the processing can’t be done locally.

      -Noel

    • #20304

      In the free Sphinx versions, all Windows processes in C:Windows* are granted outbound permissions that cannot be edited (read-only).

      The user can configure allow/deny in/out rules for any other application on a per application basis.

      You will get prompted once to set permissions as each app tries to connect the first time.

      I have found that by leaving the Windows Firewall on, and setting a few custom outbound rules in Windows Firewall, I have been able to prevent a few Windows services from “phoning home”. But this is a manual task, and I’m not sure that even the full version of Sphinx would know what to block to make things more privacy friendly where Microsoft is concerned. You definitely don’t want to block svchost, or you will block all web traffic!!!

    • #20305

      You do raise some interesting points … the ownership details of April Stock Company are rather, um, sparse…

      Sphinx-Soft has been around for years, with good tech, so maybe they have just been acquired by some new investors.

    • #20306

      I was also curious as to the copyright change from Sphinx to April Stock in the last two months.

      Searches for “Cinthia Julie Alcindor” bring up a lot of Sphinx-like questions. 🙂

    • #20307

      svchost firewall rule recommendation:
      Block everything.

      Allow outgoing http, https, DNS traffic temporarily when you wish to use Windows Update.

      You should turn off Windows DNS Client service too (which uses svchost for networking), so you can fine control which one of your software actually sends DNS request to the internet.

    • #20308

      Mike,

      >1. How long is the trial for the “Plus version”?
      Endless with the registration reminder.
      The reminder annoyance just increases in the course of time. Reboot helps

      >2. Is the license lifetime or “subscription”. I spent a few minutes looking at site but didn’t see an indication.
      Lifetime for purchased version/edition

      >3. Any special issues or considerations in usage with VPN?
      Rather a couple of clicks for configuring

      Thank you,
      Serge

    • #20309

      The free version just does not include by-name filtering features, however covers the general needs in full.
      Window10FirewallConctrol works on all systems starting from Win7 providing with the same protection quality.

      >It will be a Group A, B, or W update user.

      Might I ask you clarify the grouping principles?

      >I also wonder if the portable version of Sphinx is also a free version and if the portable build has any additional limitations?

      The portable free version exists and available anytime.
      Regarding limitations of Free (installable vs portable) version.
      There is only one. It’s related to any portable version of any program.
      A program start working after it’s launched. The installable version (of the firewall) starts with the system (much before the login). The portable version can be started after login, so starts protecting only later. All the rest is the same.

      Thank you,
      Serge

    • #20310

      >In the free Sphinx versions, all Windows processes in C:Windows* are granted outbound permissions that cannot be edited (read-only).

      The Free version is the most popular one and provides with the basic level of protection.
      Actually the less ability to mistakenly block something vital the less “troubles” of the everyday usage.
      Otherwise you will have to have a better understanding “what is vital” and “what is optional”.
      Any firewall is as good as the filtering rules used.

      >But this is a manual task, and I’m not sure that even the full version of Sphinx would know what to block to make things more privacy friendly where Microsoft is concerned.

      Everything in any firewall is a manual task.
      Any firewall is a tool to implement your own (potentially unique) security policy. There can be no a universal a single click “protect me” solution.
      For instance about 50% of the firewall users treat WindowsUpdate as the most harmful activity to blocked unconditionally and forever, all the rest think oppositely. The final decision is up to you. The tool allows the both approaches.

      >You definitely don’t want to block svchost, or you will block all web traffic!!!

      Not all actually 😉 Just DNS related, i.e. obtaining IP address by site name.
      Anyway a real communication will be made by IP.
      If you have an alternative way to get IP-by-name (DNS), svchost may be generally blocked. Please do not forget about DHCP, i.e. ability to assign IP address to your PC automatically. However if you have a static IP on your machine DHCP is meaningless as well.

      Serge

    • #20311

      Just a heads-up:

      I’ve been using Sphinx’s Windows firewall control for many years and think it’s great.

      HOWEVER…

      One thing no Windows-based software firewall can block is Microsoft Telemetry. Microsoft has added back-doors to make this pretty much impossible from within Windows.

      The only way I’ve found to effectively monitor and/or block ‘telemetry’ is externally at the router. Of course it’s all encrypted traffic ‘for some reason’. And it uses pinned-certs so even a MITM at the router and Fiddler on the client won’t reveal the contents. So auditing what Microsoft is transmitting over the wire is useless. I know, I’ve tried.

      It’s pretty suspicious that from what I can tell the process housing the service that gathers telemetry reads files like the user’s thumbnail database. Hard to prove anything from this but it’s suspicious as heck in my opinion.

      Does anyone know which Windows Update installed this telemetry back-door?

    • #20312

      Hi Noel,

      Yes, after my wireless connection from my laptop computer to the home modem turned off BY ITSELF (which has never happened to me before),

      when I tried to turn the wireless connection back on at the “connect” button in the wireless-networks-available list, instead of it’s turning back on, up popped a warning window in IE saying that I was trying to go to a dangerous webpage! But I was not doing anything in I.E., I was in the network connections list. I tried this a couple of times and the same thing happened each time, so it was not a fluke.

      I was at home and I was the only one using my modem (which is password protected and is secured as far as I am able to tighten-up the standard-issue AT&T rental modem). There were no power cuts to the house’s electricty supply.

      Everything in my set-up has been the same for the past 2.5 years. Same modem, same computer, same security arrangement (Norton Security with everything set to high, disabled IE functions like no Active X, Flash disabled, no DOM storage, etc.)

      At that point, I closed IE, ran Ccleaner’s non-registry cleaning tools (out of habit, because I always run Ccleaner when I shut the computer down; it’s not that I thought that deleting cookies and temp files would specifically help in this particular situation!), shut the computer down, turned it back on without connecting to the internet, ran Malwarebytes, and ran the Norton normal scan.

      Then I checked the modem logs and the Norton Security firewall logs. The wording in some of those log entries can look pretty strange and concerning to the non-techie (as I am sure you can understand). I looked up on the Norton Support site and other websites the worrying keywords/phrases from my Norton firewall and modem logs, but they appeared to be nothing to be worried about.

      To see if I might get another opinion on the modem entries, I called my ISP’s technical phone line (they can look into my modem from their side, of course) and asked if they could tell me if any of the modem log entries were something to be worried about, and they said that they would not assist me, that I needed to “hire a local computer technician” if I had any concerns about what the modem’s activity log said.

      I ran the Norton Power Eraser scan that has to be downloaded from Norton’s website. It didn’t find anything.

      Yesterday I had my computer off most of the day and used someone else’s laptop, but today I’m using my own and it seems to be working normally.

      I know there are some powerful scans that kick out complex reports that have to be interpreted by people who know what they are doing, and that there are a few websites that have volunteer experts who look at those reports — is that something I should do for peace of mind?

    • #20313

      I was glad to see Noel’s recommendation here and to read a detailed description of the Sphinx Firewall Control program.

      It does not come across as an advertisement.

      I really appreciate that there are people out there developing these kinds of solutions.

      I am quite privacy- and security-conscious, amd I’ll give some unconventional things a whirl like Peerblock, but to me as a non-techie, the Sphinx program appears to be more complicated than I’d be comfortable with. I think that it probably has to be that complicated, in order to achieve its objectives.

      Plus, I am guessing that I’d have to stop using Norton Security in order to let Sphinx use the Windows firewall? While I know that other people have computer security packages/solutions that they like which allow them to use the Windows firewall, I personally wouldn’t want to stop using Norton Security, which suits me the best.

    • #20314

      Noel, when you say that you configure your browsers not to run add-ons,
      in the case of IE for Windows 7, how do you do that?

      Do you go through Tools/Manage Add-ons and manually disable every add-on that is listed, including all of the Microsoft ones like “tabular data control” and whatnot?

    • #20315

      Just for information —
      I don’t know if it’s relevant at all for the people who wish to learn a little bit about the background of Sphinx —

      the IP address that Peerblock blocks when I click on Noel’s Sphinx link given in the original blogpost above is
      “inspirachile.com”.

      inspirachile.com itself also goes through that IP which my Peerblock setup blocks, so I haven’t viewed it directly.

      Most info I can find with the StartPage search engine about inspirachile.com is in Spanish, which I don’t speak, but the LinkedIn profile of the founder of inspirachile.com says,

      “Fernando Brierley is a social entrepreneur and Industrial Engineer from University of Chile.
      He has always been involved in different projects through out his career, especially in the entrepreneurial world.
      He has developed high social skills that allow him to adjust and fit into any team.

      He started out his own foundation called, Inspire Chile, in his desire to make a world with more trust, acceptance and kindness.”

      https://www.linkedin.com/in/fernando-brierley-66117a47

      ——
      While I was on the LinkedIn site (which my Peerblock settings used to block, but they don’t seem to now, which is interesting…),
      out of curiosity, I looked up the name “Cinthia Julie Alcindor”.

      Her profile is quite short, is partially in what looks like a Cyrillic alphabet, and mentions the British Virgin Islands (a hotspot of financial transparency).

      Her profile:

      “Владелец, Premium Knowledge Ltd.
      Virgin Islands (British)Marketing and Advertising

      Current [job]
      Premium Knowledge Ltd.”

      https://www.linkedin.com/in/cinthia-julie-alcindor-ba7a193a

      —–
      A search on Startpage search engine for the name “Cinthia Julie Alcindor” brings up search results that contain mentions of “laundering”, “termination of appointment of Cinthia Julie Alcindor as a director”, and “links to Panamanian shell companies”.

      I have not clicked on any of those search results because I want my computer to be safe, and I’m not that interested in this lady’s past myself (I have decided not to use the Sphinx program), but some other posters here seemed to be obliquely referring to some skeletons in the closet, so I thought I’d see what came up in the search results.

      ——
      When I did a search for the Sphinx program generally a couple of days ago (during which time my computer had a weird invasive kind of problem – see earlier in this thread for a description of that),
      my impression was that maybe Sphinx was by a German company, because I noticed that Sphinx had a site in German (at one point, at least), and I think in the computer-related-website discussion threads (like Wilders Security Forum and the like) that I had found which mentioned Sphinx, someone had said that it was developed by a German company.


      Here is something on another name that Mike in Texas mentioned in his post:

      “vsevolod belych. address: 12-16 clerkenwell road london [EC1 M5 postcode] companies: lbe tech. limited.”
      companydirectorcheck.com/loc/clerkenwell-ec1m-5/?page=4

      I didn’t find him to be listed on LinkedIn while I was there.

    • #20316

      I left out part of the info that I saw regarding the IP address of Sphinx that my Peerblock setup blocks–

      the IP address that my Peerblock setup blocked for inspirachile.com is 198.38.82.127

      —-
      Startpage search engine gives as a result for 198.38.82.127:

      “Welcome to Tamrakarvivah.com – Tamrakar Vivah | Free Matrimonial …

      data.danetsoft.com/tamrakarvivah.com Proxy Highlight

      Location: United States. Registrant: Dinesh Namdev. Hosted by: Mochahost.com. Registrar: GODADDY.COM, LLC. Subnetworks: 198.38.82.127”


      Duckduckgo search engine gives as a result for that IP address the name of a site that I’m not going to repeat, the description says that it is for photo galleries of very young women. [dodgy]


      Whatismyipaddress.com says:

      IP: 198.38.82.127

      Decimal: 3324400255

      Hostname: mocha3011.mochahost.com

      ASN: 23352

      ISP: Mochahost.com

      Organization: Mochahost.com

      http://whatismyipaddress.com/ip/198.38.82.127

      —-
      This is getting farther away from the topic at hand, but I looked up mochahost.com and found complaints about it here:

      “Do not use mochahost as a web hosting company”
      https://www.cnet.com/forums/discussions/do-not-use-mochahost-as-a-web-hosting-company-272415/


      Well, that’s all I’ll look into this — this was just an initial search for general information and I have passed on the raw material that it revealed,

      I’m not saying any of it ties together, and I’m not casting aspersions on anyone or any organization.

      IP addresses and hosting companies can link together completely unrelated people, and that sort of thing.

    • #20317

      >I’ve been using Sphinx’s Windows firewall control for many years and think it’s great.

      Thanks!

      >Microsoft has added back-doors to make this pretty much impossible from within Windows.

      Could you give me a sample?
      I’m aware of multiple back-doors at the user mode, but at the kernel/WFP level everything looks strict to me so far, everything is under control as it seems to me.
      Have I missed something?

      >The only way I’ve found to effectively monitor and/or block ‘telemetry’ is externally at the router.

      Agree, it’s a complex task.

      Serge

    • #20318

      >IP addresses and hosting companies can link together completely unrelated people, and that sort of thing.

      Sphinx site is actually hosted by Mochahost, so the IP address can be used by tons of completely independent companies. I did not experience any problem with hosting company though so far…. it just works…
      Undoubtedly if you have a popular service or a program, there may be a lot of displeased customers. Some of them tend to express the opinion publicly.
      Let’s wait and see

      Serge

    • #20319

      Yes, I didn’t mean to conflate the issues of company ownership and registration, which is specific to a company,
      with company website hosting and assigned ip address, which can be foisted upon a company if they don’t set one up for themselves.

      I find it interesting that a company that is concerned about blocking dodgy IP addresses would have as their own IP address one that another blocking program (or, more precisely, one or more blocklists) considers dodgy.

    • #20320

      That’s an interesting subject.
      Generally web hosting is based on multiple virtual web servers that share a single IP.
      It’s rather an industry standard. A lot of sites shares a single IP. I can easily admit that there is a site treated an unwanted (by somebody), so blacklisted. We changed several hosting providers during last 10 years and every time there was a blacklist with the IP inside.

      So nothing can be guaranteed. Dedicated hosting, in spite of it’s much more expensive, requires much more efforts for the administration etc, could hardly solve the problem. There could be an irritated person complaining to blacklist manufacture and the IP would be blocked as well.
      We have about 3.000.000 users and I could admit that an “unsatisfied” user exists. In spite of we do take care about the product quality and the support very seriously. The audience is just big enough and any person can express his/her point and may be “insistent”.

      I’m recalling a story. Norton Antivirus sporadically started finding a “problem” in our products.
      The signature was called “Low.reputation” and belonged to Symantec solely.
      There was no a clear explanation for what Low.reputation means. The only thing that was clear was “it’s based on a community opinion”. Investigating the problem I’ve found that there was a _single_ post in the Symantec forum complaining that our product is “not good”.
      As appeared the user installed 2 firewalls at once (Norton + ours) and was not able to manage that “harness” properly. Obviously he blamed our firewall. It might not be Norton. Right?
      After that _single_ post made to the Norton community we were “granted” the signature.
      I spend about a week discussing the subject with Symantec to prove the false positive (as it’s called) detection. Finally the problem was solved, but honestly when starting the discussion I was not sure it could be successful…

      So somebody complained (with unknown reason), blacklist creators were happy to make their database “more responsible”, then a lot of the list consumers hurried to “protect” their users with “proven” (who said that) protection method. Anyway the blacklist inclusion is free, no strict evidences are required. The blacklist usage is free as well. So we have what we have.
      Hope you understand.

      Thank you,
      Serge

    • #20321

      I wouldn’t send anything out unless you see more reason to suspect ongoing malicious activity.

      Most such sites require you to upload a very revealing report to an online site for the local experts to mull over. And anyone else who wants to download it.

      If MalwareBytes AntiMalware and other security software seems to think your system is clean, it’s quite possible it really is clean.

      -Noel

    • #20322

      Of course the alternative to having someone manage the hardware and be available for tech support is to run your own server. And let’s not forget the cost of a business-class internet connection is rather more (!!) than a home internet connection.

      Unless your business is making a fair bit of money, managing a server can be costly, time-consuming, and will likely require you to learn things about web hosting you’d rather have not used the brain cells up for.

      Let’s assume all of the above isn’t a barrier… You’ve set up a computer system, are running hosting software on it that’s not too hackable, your internet connection and line power are reliable, and you have everything under control.

      Assuming you don’t have 3 shifts of dedicated IT people on hand, how do you manage unattended operation, e.g., if you go on vacation?

      What happens when you’re hiking in the mountains and your server gets hacked or has a disk failure or the internet connection stops working something? Your online business just stops. Not good.

      Small business web site hosting using a commercial, 24/7-manned multi-hosting site is a reality of economy and technology nowadays.

      -Noel

    • #20323

      Like Serge, I know of no “back doors” that allow telemetry through via some magical process that sidesteps normal IP communications.

      When are the communications you’re observing occurring, and with what servers?

      The thing I’ve discovered that makes it still possible to keep telemetry at bay while allowing a system to communicate online is that Microsoft has implemented very specific servers to receive data, and they’re different from servers set up to provide web pages or download data.

      The servers set up to receive can be excluded from communications by name, while allowing the others. That’s what makes version 8 of the Sphinx software very interesting.

      Servers can be excluded by having the general configuration of the firewall be deny-by-default, then building up, over time, a list of sites that ARE allowed to be contacted.

      And specific ones can be blocked.

      There is a lot of information online, and a lot more can be derived by observation, about who not to allow communications with.

      There are also a number of servers you always want to let your system contact – for example certificate verification servers.

      The list of Microsoft servers needing to be allowed to achieve a successful Windows Update is actually fairly small, and as far as I can see telemetry reception servers can still be excluded. Even so, in my case I reconfigure the firewall to allow those communications only at the time I’m actually doing a Windows Update.

      Sometimes things that require a number of entries in a list may seem dauntingly complex. But they can actually be manageable.

      Try not to oversimplify your firewall config, and don’t confuse an oversimplified firewall configuration with an inability to control what’s communicated.

      -Noel

    • #20324

      P.S., Do you allow the DiagTrack service to run?

      -Noel

    Viewing 71 reply threads
    Reply To: Sphinx Windows Firewall Control

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: