| Subject | Interop ¡V Some personal firewalls / security suites and Firebird & IB6 |
|---|---|
| Author | roytsganda |
| Post date | 2005-06-14T09:07:28Z |
We¡¦ve been testing Firebird and Interbase against personal firewalls
and security suites. We¡¦d like to share the results with the
community and ask if anyone has knowledge of the cases where we find
that security software is getting in the way.
In summary, 22 personal firewalls and security suites are OK with
Firebird at present. 21 are OK with Interbase 6.0.2.0. Two block
any use of Firebird from Java. Three block any use of InterBase from
Java. The 22 are listed later.
F-Secure Internet Security 2005 (F-SIS) and McAfee Privacy Service
(McAPS) both block Java JDBC from connecting to Firebird and
Interbase through Interserver. The failure occurs in the following
cases:
1. When F-SIS or McAPS are not started in any way, but are just
installed.
2. When either of them is running and the user gives all necessary
permissions.
In case of doubt, I'll mention that each was installed alone -- we
restored from a Ghost image before each try, so there should be no
dirty uninstall issues. We were using Windows XP with SP2, with the
built-in MS firewall disabled. We wrote a small test program (source
below) that does the minimum to reproduce the problem ¡V it just
connects to Firebird and reports on its success or otherwise.
Details of the versions used in each case are given at the end of
this post.
F-SIS
Based on an email from F-Secure, we believe that the parental control
function of F-SIS is causing the problem with that product. We
received instructions on how to disable the parental control function
from F-Secure and that allows Firebird to run. They are treating
this as a problem and say they will test the next version for the
same issue soon.
McAPS
We have no clue yet where McAPS is causing trouble. We wrote to
McAfee on 10th June and had no reply yet.
We have looked in the technical support areas of both companies but
find nothing that explained this (and Google has not been our friend
in this search either).
Interbase is blocked by ZoneAlarm Security Suite (not ZA Pro or ZA
free)
For information of the community, we have tested all the personal
firewalls and desktop security suites that we could get our hands on
(those that had a trial version and one that didn't, which we
bought). A list is below. We found no interference (other than that
some asked for permission, which we granted in every case).
The following products gave no problems in their present versions:
h AVG Anti-Virus plus Firewall Beta version
h BitDefender 8 Professional Plus
h BlackICE PC Protection
h eScan Internet Security Suite
h Freedom Internet Security & Privacy bundles
h Injoy Firewall
h Iolo System Mechanic 5 Professional
h Kaspersky Personal Security Suite 1.0
h McAfee's Internet Security 2005 7.0 suite
h McAfee's Personal Firewall Plus
h Norman Internet Control 5.8
h Outpost Firewall Pro
h Panda Platinum Internet Security 2005
h SurfSecret Personal Firewall
h Sygate Personal Firewall Pro
h Symantec Norton Internet Security 2005 anti-spyware edition
h Symantec Norton Personal Firewall 2005
h Trend Micro PC-cillin Internet Security 2005
h V Communications SystemSuite 5
h ZoneAlarm Security Suite
h ZoneAlarm Pro
h ZoneAlarm Free
We have not tested Firebird with the following (no trial versions):
h 3B Personal Firewall
h Athentium Curtains for Windows
For the record, Interbase 6.0.2.0 fails with F-SIS and McAPS,
apparently in the same way. And Interbase (Interserver, to be
precise) fails with ZoneAlarm Security Suite (ZASS), but not with
ZoneAlarm Pro or the free version. Again, it fails even when ZASS is
not running, but is just installed.
Zone Labs gave us instructions on how to allow Interserver through.
Their documentation implies that Interserver is a "non-standard
LSP". We're not network specialists, but we cannot find any
indication that Interserver inserts anything in the Winsock API
implementation stack.
Does anyone have any ideas about why F-SIS and McAPS behave in this
way while 22 other security products do not, when permissions have
explicitly been given? We assume that the installation process
affects some aspect of Windows operation, even when F-SIS or McAPS is
not invoked in any way.
We wonder if this is a firewall / anti-spyware / security software
problem or a Firebird problem?
If it's a Firebird problem, we also wonder if it's going to be an
increasing problem vendors tighten up their software.
Any comments or help, please?
Roy
--------------------------------------------------------------------
Versions:-
Operating System
Microsoft Windows XP [Version 5.1.2600] with SP2 added, MS firewall
disabled.
F-Secure product
F-Secure Internet Security 2005 (F-SIS) - fs2005f-sp1-02e.exe (we
chose the option to install Internet Security 2005)
McAfee product
McAfee Privacy Service (McAPS)
Firebird Database Components
Official Windows Setup and Installer For Classic and SuperServer
V1.5.2 (.exe)
Download page =
http://prdownloads.sourceforge.net/firebird/Firebird-1.5.2.4731-
Win32.exe
Firebird Class 4 JCA-JDBC Driver Jaybird for JDK 1.4 V1.5.5
Release
http://prdownloads.sourceforge.net/firebird/FirebirdSQL-
1.5.5JDK_1.4.zip?download
We downloaded & Installed Firebird, and when prompted, we chose:
To install Classic Server; not to use Firebird Guardian; to startup
Firebird automatically on boot up.
Java
Java(TM) 2 Runtime Environment, Standard Edition version "1.4.1_02"
Results
When we ran the demo Java Program with F-Secure Internet Security
2005 or McAfee Privacy Service installed but not operating, the
log.txt file contained
trying to connect to DB
Unable to connect to Firebird
We got the same result when either suite was installed and operating
and we gave any permissions requested.
When we ran the demo Java Program with neither F-Secure Internet
Security 2005 nor McAfee Privacy Service installed (i.e. no security
suite or personal firewall), the log showed
trying to connect to DB
Connected to Firebird
When we ran the demo Java Program with any one of the 22 other
products installed, the log also showed
trying to connect to DB
Connected to Firebird
---------------------------------------------------------------------
Source of our test program, FirebirdTest.java that connects with 22
firewall-type products but that F-SIS and McAPS prevents from making
a connection:
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.PrintStream;
import java.sql.DriverManager;
import java.util.Properties;
import java.util.Date;
public class FirebirdTest implements Runnable
{
public static String DB_DRIVER = "org.firebirdsql.jdbc.FBDriver";
public static String DB_URL = "jdbc:firebirdsql:localhost/3050:";
private final String USER = "sysdba";
private final String PASS = "masterkey";
private final File dbFile;
private boolean connected;
private boolean done;
private static final PrintStream fileStream;
static
{
try
{
fileStream = new PrintStream(new FileOutputStream
("log.txt"));
}
catch (FileNotFoundException e)
{
throw new RuntimeException(e);
}
}
public static void main(String[] args) throws Exception
{
print(new Date().toString());
print("FirebirdTest version 1.0");
print("Usage: java FirebirdTest \"C:\\\\Program
Files\\\\interbase\\\\examples\\\\Database\\\\employee.fdb\"");
print("");
print("Running....");
try
{
final int timeoutSeconds = 30;
FirebirdTest test = new FirebirdTest(args[0]);
new Thread(test).start();
int count = 0;
while (count < timeoutSeconds)
{
Thread.sleep(1000);
if (test.isDone())
{
break;
}
count++;
}
if (test.isConnected())
{
print("Conneted to Firebird");
}
else
{
print("Unable to connet to Firebird");
}
}
catch (Exception e)
{
print("error.....");
print(e.getMessage());
e.printStackTrace();
}
finally
{
print("");
print("running completed.");
fileStream.close();
}
}
private static void print(String s)
{
System.out.println(s);
fileStream.println(s);
}
public FirebirdTest(String gdbPath)
{
connected = false;
done = false;
dbFile = new File(gdbPath);
}
public void run()
{
try
{
print("data file = " + dbFile);
print("");
Properties conProp = new Properties();
Class.forName(DB_DRIVER);
DriverManager.getDriver(DB_URL);
conProp.put("user", USER);
conProp.put("password", PASS);
String url = DB_URL + dbFile.getAbsolutePath();
print("trying to connect to DB");
DriverManager.getConnection(url, conProp);
connected = true;
}
catch (Exception e)
{
throw new RuntimeException(e);
}
finally
{
done = true;
}
}
private boolean isDone()
{
return done;
}
public boolean isConnected()
{
return connected;
}
}
--------------------------------------------------------------------
and security suites. We¡¦d like to share the results with the
community and ask if anyone has knowledge of the cases where we find
that security software is getting in the way.
In summary, 22 personal firewalls and security suites are OK with
Firebird at present. 21 are OK with Interbase 6.0.2.0. Two block
any use of Firebird from Java. Three block any use of InterBase from
Java. The 22 are listed later.
F-Secure Internet Security 2005 (F-SIS) and McAfee Privacy Service
(McAPS) both block Java JDBC from connecting to Firebird and
Interbase through Interserver. The failure occurs in the following
cases:
1. When F-SIS or McAPS are not started in any way, but are just
installed.
2. When either of them is running and the user gives all necessary
permissions.
In case of doubt, I'll mention that each was installed alone -- we
restored from a Ghost image before each try, so there should be no
dirty uninstall issues. We were using Windows XP with SP2, with the
built-in MS firewall disabled. We wrote a small test program (source
below) that does the minimum to reproduce the problem ¡V it just
connects to Firebird and reports on its success or otherwise.
Details of the versions used in each case are given at the end of
this post.
F-SIS
Based on an email from F-Secure, we believe that the parental control
function of F-SIS is causing the problem with that product. We
received instructions on how to disable the parental control function
from F-Secure and that allows Firebird to run. They are treating
this as a problem and say they will test the next version for the
same issue soon.
McAPS
We have no clue yet where McAPS is causing trouble. We wrote to
McAfee on 10th June and had no reply yet.
We have looked in the technical support areas of both companies but
find nothing that explained this (and Google has not been our friend
in this search either).
Interbase is blocked by ZoneAlarm Security Suite (not ZA Pro or ZA
free)
For information of the community, we have tested all the personal
firewalls and desktop security suites that we could get our hands on
(those that had a trial version and one that didn't, which we
bought). A list is below. We found no interference (other than that
some asked for permission, which we granted in every case).
The following products gave no problems in their present versions:
h AVG Anti-Virus plus Firewall Beta version
h BitDefender 8 Professional Plus
h BlackICE PC Protection
h eScan Internet Security Suite
h Freedom Internet Security & Privacy bundles
h Injoy Firewall
h Iolo System Mechanic 5 Professional
h Kaspersky Personal Security Suite 1.0
h McAfee's Internet Security 2005 7.0 suite
h McAfee's Personal Firewall Plus
h Norman Internet Control 5.8
h Outpost Firewall Pro
h Panda Platinum Internet Security 2005
h SurfSecret Personal Firewall
h Sygate Personal Firewall Pro
h Symantec Norton Internet Security 2005 anti-spyware edition
h Symantec Norton Personal Firewall 2005
h Trend Micro PC-cillin Internet Security 2005
h V Communications SystemSuite 5
h ZoneAlarm Security Suite
h ZoneAlarm Pro
h ZoneAlarm Free
We have not tested Firebird with the following (no trial versions):
h 3B Personal Firewall
h Athentium Curtains for Windows
For the record, Interbase 6.0.2.0 fails with F-SIS and McAPS,
apparently in the same way. And Interbase (Interserver, to be
precise) fails with ZoneAlarm Security Suite (ZASS), but not with
ZoneAlarm Pro or the free version. Again, it fails even when ZASS is
not running, but is just installed.
Zone Labs gave us instructions on how to allow Interserver through.
Their documentation implies that Interserver is a "non-standard
LSP". We're not network specialists, but we cannot find any
indication that Interserver inserts anything in the Winsock API
implementation stack.
Does anyone have any ideas about why F-SIS and McAPS behave in this
way while 22 other security products do not, when permissions have
explicitly been given? We assume that the installation process
affects some aspect of Windows operation, even when F-SIS or McAPS is
not invoked in any way.
We wonder if this is a firewall / anti-spyware / security software
problem or a Firebird problem?
If it's a Firebird problem, we also wonder if it's going to be an
increasing problem vendors tighten up their software.
Any comments or help, please?
Roy
--------------------------------------------------------------------
Versions:-
Operating System
Microsoft Windows XP [Version 5.1.2600] with SP2 added, MS firewall
disabled.
F-Secure product
F-Secure Internet Security 2005 (F-SIS) - fs2005f-sp1-02e.exe (we
chose the option to install Internet Security 2005)
McAfee product
McAfee Privacy Service (McAPS)
Firebird Database Components
Official Windows Setup and Installer For Classic and SuperServer
V1.5.2 (.exe)
Download page =
http://prdownloads.sourceforge.net/firebird/Firebird-1.5.2.4731-
Win32.exe
Firebird Class 4 JCA-JDBC Driver Jaybird for JDK 1.4 V1.5.5
Release
http://prdownloads.sourceforge.net/firebird/FirebirdSQL-
1.5.5JDK_1.4.zip?download
We downloaded & Installed Firebird, and when prompted, we chose:
To install Classic Server; not to use Firebird Guardian; to startup
Firebird automatically on boot up.
Java
Java(TM) 2 Runtime Environment, Standard Edition version "1.4.1_02"
Results
When we ran the demo Java Program with F-Secure Internet Security
2005 or McAfee Privacy Service installed but not operating, the
log.txt file contained
trying to connect to DB
Unable to connect to Firebird
We got the same result when either suite was installed and operating
and we gave any permissions requested.
When we ran the demo Java Program with neither F-Secure Internet
Security 2005 nor McAfee Privacy Service installed (i.e. no security
suite or personal firewall), the log showed
trying to connect to DB
Connected to Firebird
When we ran the demo Java Program with any one of the 22 other
products installed, the log also showed
trying to connect to DB
Connected to Firebird
---------------------------------------------------------------------
Source of our test program, FirebirdTest.java that connects with 22
firewall-type products but that F-SIS and McAPS prevents from making
a connection:
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.PrintStream;
import java.sql.DriverManager;
import java.util.Properties;
import java.util.Date;
public class FirebirdTest implements Runnable
{
public static String DB_DRIVER = "org.firebirdsql.jdbc.FBDriver";
public static String DB_URL = "jdbc:firebirdsql:localhost/3050:";
private final String USER = "sysdba";
private final String PASS = "masterkey";
private final File dbFile;
private boolean connected;
private boolean done;
private static final PrintStream fileStream;
static
{
try
{
fileStream = new PrintStream(new FileOutputStream
("log.txt"));
}
catch (FileNotFoundException e)
{
throw new RuntimeException(e);
}
}
public static void main(String[] args) throws Exception
{
print(new Date().toString());
print("FirebirdTest version 1.0");
print("Usage: java FirebirdTest \"C:\\\\Program
Files\\\\interbase\\\\examples\\\\Database\\\\employee.fdb\"");
print("");
print("Running....");
try
{
final int timeoutSeconds = 30;
FirebirdTest test = new FirebirdTest(args[0]);
new Thread(test).start();
int count = 0;
while (count < timeoutSeconds)
{
Thread.sleep(1000);
if (test.isDone())
{
break;
}
count++;
}
if (test.isConnected())
{
print("Conneted to Firebird");
}
else
{
print("Unable to connet to Firebird");
}
}
catch (Exception e)
{
print("error.....");
print(e.getMessage());
e.printStackTrace();
}
finally
{
print("");
print("running completed.");
fileStream.close();
}
}
private static void print(String s)
{
System.out.println(s);
fileStream.println(s);
}
public FirebirdTest(String gdbPath)
{
connected = false;
done = false;
dbFile = new File(gdbPath);
}
public void run()
{
try
{
print("data file = " + dbFile);
print("");
Properties conProp = new Properties();
Class.forName(DB_DRIVER);
DriverManager.getDriver(DB_URL);
conProp.put("user", USER);
conProp.put("password", PASS);
String url = DB_URL + dbFile.getAbsolutePath();
print("trying to connect to DB");
DriverManager.getConnection(url, conProp);
connected = true;
}
catch (Exception e)
{
throw new RuntimeException(e);
}
finally
{
done = true;
}
}
private boolean isDone()
{
return done;
}
public boolean isConnected()
{
return connected;
}
}
--------------------------------------------------------------------