[wpkg-users] wpkg and firewalls/scanners....

Thu Oct 16 08:40:32 CEST 2008

Hi Kevin,

Kevin Landers wrote:
> I have just started playing with wpkg. I have created a samba share and
> loaded 7zip via the client. So far, I am impressed and pleased.

Pleased to hear about.

> I am curious as to how wpkg deals with firewalls and other programs that
> are installed to protect against installation of spyware. For example, I
> could foresee a huge issue with firewall software such as Comodo
> Firewall with Defense+ running.

WPKG does not "deal" in any way with Antivirus or Firewall programs.
Instead it's the other way around. Firewalls and Antivirus have to deal
with WPKG.
WPKG Client is running as a background service using SYSTEM privileges.
Therefore when it runs any command (like the remote wpkg.js script) it
will be run with SYSTEM privileges as well. Up to now I have not seen
any Firewall/HIPS system which somehow intercepts calls done by services
or other programs running with SYSTEM privileges.
I think most (all) of these tools are there to prevent the user from
doing mistakes. So if you run wpkg.js manually using a local account
with administrator privileges, then it might ask some "questions". But
usually services are allowed to proceed.

Regarding Firewalls it is just needed for WPKG Client to access the
package share (SMB/CIFS share). It is very unlikely that an
administrator within a corporate environment blocks SMB/CIFS traffic on
clients since they would also not be able to use any kind of Windows
file sharing.

If you're using WPKG web (yet unsupported) then you might need to allow
access to HTTP ports (port 80) from your client to the WPKG web service
too. However this is entirely optional.

Personally I am fine with the Windows built-in firewall and any
Antivirus program (successfully used Avira AntiVir free/pro, MCAfee and
NAV). Using one of this "Internet Security" suites might cause some
problems as some of them are for home-use and do not care about file
sharing access and the likely. However always when I see such a
bloatware package I tend to uninstall it immediately in favor of the
Windows firewall and a lightweight Antivirus tool.
I rather prefer to do some extensive filtering and scanning on servers
instead of trying to secure all clients too much (which usually also has
some usability drawbacks to the users).

> In a normal installation of software by a user, Comodo Firewall has to
> be set to treat the installer as an actual installer and prompts the
> user for permission to do so.

I don't know this Comodo Firewall in detail but it might be some kind of
"custom UAC" or HIPS system. Well, this usually does not affect the
SYSTEM account which is used by WPKG client. So if you run wpkg.js
manually on the client (using any interactive account with administrator
privileges) then Comodo might pop up a prompt for each installer wpkg.js
is executing.

However I assume that this will not be the case if WPKG client running
with SYSTEM privileges runs wpkg.js in the background (non-interactive).

> How does wpkg handle such things?

See above.

> Do people have problems with firewalls/virus scanners/etc when using
> wpkg to deploy remote installs?

As I wrote above I never had issues with that. WPKG only uses very very
 basic technology like SMB/CIFS access which is usually allowed within
the local network by all firewalls. It would be a very bad idea for any
administrator to disable these protocols.

> Thanks for a great program. I look forward to hearing from the masses
> and learning more about this wonderful solution.

Great to hear some success stories :-)

br,
Rainer