waitingtogetskyrim2
Well-Known Member
Why doesn't a phone have a firewall like windows firewall.
-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
Thread for off topic posts
- Thread starter waitingtogetskyrim2
- Start date
-
- Tags
- samsung galaxy s3
- Status
Android is all about choice. Users can easily install such an app if they wish. There are plenty to choose from in the Play Store, for both stock and rooted devices.
Who says a phone doesn't have a firewall like Windows firewall?
That's on my Nexus 6P running the stock OS (systemless root and kernel are the only mods). The Linux iptables firewall is included and functioning - you just can't configure or control it without root.
By the way, many of the root-enabled firewall apps just provide a prettier interface for managing that same iptables firewall.
That's on my Nexus 6P running the stock OS (systemless root and kernel are the only mods). The Linux iptables firewall is included and functioning - you just can't configure or control it without root.
By the way, many of the root-enabled firewall apps just provide a prettier interface for managing that same iptables firewall.
waitingtogetskyrim2
Well-Known Member
But is that the same type of firewall as windows firewall does it help prevent hackers or malious software from acessing your phone through a network or Internet.
It's the same firewall running on pretty much every Linux server, which I'm told are generally pretty secure. 
Of course, you'd need root to be able to tune it, but iptables can be very granular and detailed in its rules - far more configurable than the Windows firewall.
Of course, you'd need root to be able to tune it, but iptables can be very granular and detailed in its rules - far more configurable than the Windows firewall.
Last edited:
waitingtogetskyrim2
Well-Known Member
When Windows XP was originally shipped in October 2001, it included a limited firewall called "Internet Connection Firewall". It was disabled by default due to concerns with backward compatibility, and the configuration screens were buried away in network configuration screens that many users never looked at. As a result, it was rarely used. In mid-2003, the Blaster worm attacked a large number of Windows machines, taking advantage of flaws in the RPC Windows service.[2] Several months later, the Sasser worm did something similar. The ongoing prevalence of these worms through 2004 resulted in unpatched machines being infected within a matter of minutes.[1]Because of these incidents, as well as other criticisms that Microsoft was not being active in protecting customers from threats, Microsoft decided to significantly improve both the functionality and the interface of Windows XP's built-in firewall, rebrand it as Windows Firewall,[2] and switched it on by default since Windows XP SP2.
One of three profiles is activated automatically for each network interface:[3]
Public assumes that the network is shared with the World and is the most restrictive profile.Private assumes that the network is isolated from the Internet and allows more inbound connections than public. A network is never assumed to be private unless designated as such by a local administrator.Domain profile is the least restrictive. It allows more inbound connections to allow for file sharing etc. The domain profile is selected automatically when connected to a network with a domain trusted by the local computer.
Security log capabilities are included, which can record IP addresses and other data relating to connections originating from the home or office network or the Internet. It can record both dropped packets and successful connections. This can be used, for instance, to track every time a computer on the network connects to a website. This security log is not enabled by default; the administrator must enable it.[4]
Windows Firewall can be controlled/configured through a COM object-oriented API, scriptable through the netsh command,[5]through the GUI administration tool[6] or centrally through group policies.[7] All features are available regardless of how it is configured.
From what this says it seems Microsoft Windows firewall is different than androids firewall due to the way Microsoft tweaked it.
One of three profiles is activated automatically for each network interface:[3]
Public assumes that the network is shared with the World and is the most restrictive profile.Private assumes that the network is isolated from the Internet and allows more inbound connections than public. A network is never assumed to be private unless designated as such by a local administrator.Domain profile is the least restrictive. It allows more inbound connections to allow for file sharing etc. The domain profile is selected automatically when connected to a network with a domain trusted by the local computer.
Security log capabilities are included, which can record IP addresses and other data relating to connections originating from the home or office network or the Internet. It can record both dropped packets and successful connections. This can be used, for instance, to track every time a computer on the network connects to a website. This security log is not enabled by default; the administrator must enable it.[4]
Windows Firewall can be controlled/configured through a COM object-oriented API, scriptable through the netsh command,[5]through the GUI administration tool[6] or centrally through group policies.[7] All features are available regardless of how it is configured.
From what this says it seems Microsoft Windows firewall is different than androids firewall due to the way Microsoft tweaked it.
Just for giggles, I ran an nmap port scan against my phone on my local wifi:
That said, a lot of the firewall apps available on the Play Store seek to restrict outbound traffic rather than inbound (like my port scan). Some manufacturers (like Huawei) even include such controls within their customized Android builds. You'd use those to prevent sketchy apps from phoning home to China, for instance, rather than to protect against Internet-based threats.
A simple test, but it looks like the firewall works.Nmap 7.01 was initiated at Thu Feb 18 19:59:20 2016 with these arguments:
nmap -p 1-65535 -T4 -A -v 192.168.1.3
Verbosity: 1; Debug level 0
192.168.1.3(online)
Address
Ports
- 192.168.1.3 - (ipv4)
- 24
F:6A:XX:XX:XX - Huawei Technologies (mac)
The 65535 ports scanned but not shown below are in state: closed
Remote Operating System Detection
Unable to identify operating system.
- Used port: 1/tcp (closed)
- Used port: 43863/udp (closed)
That said, a lot of the firewall apps available on the Play Store seek to restrict outbound traffic rather than inbound (like my port scan). Some manufacturers (like Huawei) even include such controls within their customized Android builds. You'd use those to prevent sketchy apps from phoning home to China, for instance, rather than to protect against Internet-based threats.
You're absolutely right: they are different implementations on different systems with different networking stacks - but they both accomplish the same thing.
waitingtogetskyrim2
Well-Known Member
I still think androids original firewall needs updated the only reason it hasn't been is cause no major threats have happened but that doesnt mean it can't happen on this unpatched original android firewall. A phone is still hackable and can get infection from networks or Internet so I believe that's why it needs updated rebranded or whatever needs to happen in order to get a better firewall.
I'm not sure where you got the notion that the version of iptables included with Android is somehow outdated and obsolete. It isn't. Updates, patches, and changes for iptables (and pretty much every other Linux component of Android) get regularly merged into AOSP - at least with every major release version.
I'd also like to see the source for this statement. As I demonstrated earlier, my phone doesn't have any unsecured ports, which means the only way something from outside will get into my phone is if I let it. And even if something naughty could get in (it can't), Android has a number of other additional measures in place to protect you. You've got prompts for confirming the installation of software, a background scanner continuously checking installed apps for signs of malicious activity, and even once installed an application cannot execute itself - the user must first deliberately launch the application. Once running, application sandboxing prevents one app from tampering with another app or accessing data without permission. And there are other protections in place as well - these are just the few that came to mind immediately.
I'm not saying that Android is hacker- or malware-proof by any means, but it's in a much better security posture than your average Windows OS.
Last edited:
waitingtogetskyrim2
Well-Known Member
waitingtogetskyrim2
Well-Known Member
Due to the auto-erase feature, the FBI can't attempt to unlock the iPhone without risking losing all the data. The FBI wants Apple to alter the operating system just on Farook's phone to allow the FBI to bypass or disable the auto-erase function. It also wants Apple to alter the software to allow the test pass codes to be entered without punching the keys by using Bluetooth or other means to speed the process. And the FBI wants Apple to change the operating system to eliminate the delays caused by multiple attempts to unlock the phone.
Why can't the FBI change the operating system codes? Apple has designed its phones so that only Apple software with a special cryptographic signature can run on it. No other software will work.
What about iCloud? IPhones can save data to the cloud. The FBI believes Farook turned this function off sometime after Oct. 19, the date of the phone's last backup.
The is the scenario the FBI and intelligence offices have been concerned about since these security measures were first introduced. Google's Android phones also have encryption capabilities. It is why FBI Director James Comey has been pleading with the tech industry and Congress to come up with a means for investigators to find evidence.
Many of these security features hit the market after the disclosures released by former NSA contractor Edward Snowden exposed government efforts to collect phone data in bulk.
Why can't the FBI change the operating system codes? Apple has designed its phones so that only Apple software with a special cryptographic signature can run on it. No other software will work.
What about iCloud? IPhones can save data to the cloud. The FBI believes Farook turned this function off sometime after Oct. 19, the date of the phone's last backup.
The is the scenario the FBI and intelligence offices have been concerned about since these security measures were first introduced. Google's Android phones also have encryption capabilities. It is why FBI Director James Comey has been pleading with the tech industry and Congress to come up with a means for investigators to find evidence.
Many of these security features hit the market after the disclosures released by former NSA contractor Edward Snowden exposed government efforts to collect phone data in bulk.
waitingtogetskyrim2
Well-Known Member
Am I the only who see how bias the staff is. Their set out with the mission to try to prove you wrong even when their wrong like in this situation. And notice they only like each others posts you could post the most helpful shit ever and they won't like Iit cause your not a staff member. I guess their delusional and forget their a person just like everyone else so what makes the staff act the way they do they can't say oh we was just doing our jobs.
... I was genuinely trying to help.
Last edited:
waitingtogetskyrim2
Well-Known Member
Moderators only liking other staff members posts is bias. As you can tell all the likes are moderators to moderators all over in here but where's the recent likes they posted onto a average users posts????????????????????????????????????
psionandy
Extreme Android User
Ok.. Lets take a completely imaginary scenario...
Lets pretend there is a conversation... where one person is expressing an opinion that is correct, and one person is mistaken in their idea.... And also lets assume that the person who is correct is trying to explain to the other person (in a helpful manner) why they are mistaken...
Someone else joins the thread... If they are going to press the like button, which one of the two should they like?
(for the record, I am NOT staff... I like pressing the like button, and never even look at the status of the person when I hit the like button. It purely depends on if I think the post merits a like or not)
@waitingtogetskyrim2 I'm not sure if you've pressed the like button recently ... If you find a post that you like.. give it a press if you think that will help even out any 'perceived statistical balance)
Lets pretend there is a conversation... where one person is expressing an opinion that is correct, and one person is mistaken in their idea.... And also lets assume that the person who is correct is trying to explain to the other person (in a helpful manner) why they are mistaken...
Someone else joins the thread... If they are going to press the like button, which one of the two should they like?
(for the record, I am NOT staff... I like pressing the like button, and never even look at the status of the person when I hit the like button. It purely depends on if I think the post merits a like or not)
@waitingtogetskyrim2 I'm not sure if you've pressed the like button recently ... If you find a post that you like.. give it a press if you think that will help even out any 'perceived statistical balance)
Or maybe, just maybe, it's because the post is correct?
You're entitled to believe your conspiracy theories, but we try to deal with facts when it comes to posts on AF.
Incidentally, it may be pertinent to note that (a) legal jurisdiction will always take precedence over personal opinion, and (b) Farook's phone was supplied by his employer therefore he personally has NO say in how it is accessed.
If you have a legitimate question then please feel to continue the discussion. If on the other hand you're intent on (yet again) falsely accusing staff here of illegal activity then be prepared to (a) have your latest account suspended and (b) receive further communication from legal entities. It's your choice, but be warned... AF is sick of your repeated trolling and slander.
n.b. I don't need FBI/NSA contacts to tell who you are - anonymity on teh interwebz is much over-estimated.
waitingtogetskyrim2
Well-Known Member
Blah blah blah
waitingtogetskyrim2
Well-Known Member
Google agrees with Apple: Tech companies shouldn’t hack consumers’ devices
What the fbi wants to do is crazy they want apple to build a device which can bypass the encryption security feature of a iphone. Technically I think it's crazy. The fbi don't need in the device they want in it those 2 things are different. I'm proud of the tech companies for standing up for our privacy I bet if Google modified the encryption of the android phones anymore the fbi would want a tool to hack into as well.
What the fbi wants to do is crazy they want apple to build a device which can bypass the encryption security feature of a iphone. Technically I think it's crazy. The fbi don't need in the device they want in it those 2 things are different. I'm proud of the tech companies for standing up for our privacy I bet if Google modified the encryption of the android phones anymore the fbi would want a tool to hack into as well.
waitingtogetskyrim2
Well-Known Member
Whats the point of having secure security features if law enforcement just wants to hack into them. That is not what law enforcement is supposed to do they are to serve and protect not hey we need evidence and can't get it due to apples security so build us something which can hack into any one of them phones. I guess they don't have enough evidence so their looking at compromising the security of iPhone users all so they can get it. The same thing would happen to android if such security features was in place.
waitingtogetskyrim2
Well-Known Member
If a phone has to be hacked to obtain evidence then that phones evidence itself was obtained illegally by the means of hacking. Just cause their the fbi doesn't give the excuse to do it.
Just so you're aware, there's another thread going on discussing the Apple vs FBI thing: http://androidforums.com/index.php?threads/1001162/
I'm not saying you can't post about it here, but just sharing it with you in case you want to join in that discussion.
I'm not saying you can't post about it here, but just sharing it with you in case you want to join in that discussion.
So what exactly do you suggest that those who are expected to "serve and protect" do when confronted with an encrypted device owned by a known mass-murderer which might well hold info on other as-yet-unknown atrocities?
I'm sorry, but "oh noes, we must respect his privacy" went out the window the moment he pulled the trigger in San Bernardino.
I think you'll find that a court order, subpoena or warrant renders that argument null and void.
waitingtogetskyrim2
Well-Known Member
Look at what the nsa did with their bulk data collection until a federal judge said it was illegal. A federal judge should say their not allowed to hack into anything unless it's a emergency. Them wanting evidence off the iPhone is not a emergency it's just them wanting evidence they can't get anywhere else.
So the possibility that there might be others out there waiting to gun down innocent people isn't "an emergency"?
Here's a hypothetical situation... 2 weeks from now, gunmen open up with automatic weapons in a large shopping mall in Detroit (for example) and kill several dozen shoppers. Investigations later reveal links with Syed Farook... how would you feel then? Was the privacy of a dead mass murderer worth the loss of innocent lives?
- Status