General :
K-Meleon Web Browser Forum
Had to reinstall my firewall (Outpost) and application rules for K-Meleon 1.5.3.
The firewall is giving me these messages. Am I compromised here?
Application attemtps to listen to a port
localhost:loopback, TCP:1496
computer's name, TCP:1496
Again, the next time I ran KM.
computer's name, TCP:1593
localhost:loopback, TCP:1593
Each time I told the firewall to block (one time only) this/these requests.
Any help, much appreciated.
N
Most times are caused by plugins, but I don't trust anyway, as desga2, and doesn't affect the normal way KM works if you block it, so, do it, but don't create a rule, just block if you don't trust it when if happens for no reason.
desga2,
Thanks, I had Outpost making up rules for each app instead of using its default which is to use auto-rules... Had not seen this behavior before so got scared as I had just gone through a fdisk/format on this Thinkpad from a serious malware infection I could not remove with any of my tools. <sigh>
Much thanks.
N
John,
Thanks... I was using the block one use option on Outpost temporarily until youse guys came up with an explanation. Much thanks.
N
If You do not trust K-Meleon go FF
I use other firewall that sets rule for application but.
K-Meleon must act as a server.
p.s. If a denial of a port does not impede K-Meleon's functions, deny it.
Nothing should be allowed without reason.
Its either needed to function or... not allowed. Old army rule, remember
Maybe search google for known port functions. Just mark them in Your post & search button.
Edited 1 time(s). Last edit at 12/06/2009 08:40AM by guenter.
Guenter,
My problem is that I changed firewalls from Comodo to Outpost (after that malware problem) and when I did that I saw warning messages that I had not seen before.
SIGH
KM will use the ports required at any given site and so, there is not a way to determine safety, no? It's not like Norton Safe Web could help with this kind of thing???
N
@ndebord
Could you please elaborate :O
Kann auch auf deutsch sein.
Edited 3 time(s). Last edit at 12/06/2009 08:34PM by Yogi.
Zone Alarm wants it. Guess it is for plugins.
Did not check further - trusted application.
There is no big market share for walware producers that cater for K-Meleon anyway.
Edited 2 time(s). Last edit at 12/07/2009 04:46AM by guenter.
Guenter,
Thanks for the links. Traced it back to this interesting explanation.
Here is a recap of the history of why Gecko wants to have local server rights
from a guy named Nelson B:
http://groups.google.com/group/netscape.public.mozilla.general/browse_thread/thread/2c5be4a9830ec207/88cd0d6671240243
"When the decision was made back in 1998 to open the source to the Netscape browser, U.S. export control laws prohibited making crypto source code available from U.S. servers to non-US citizens. So, it was necessary to remove all the crypto code, and separate it into a separate program, whose source was not open. This program was first known as NSM, and later as PSM (psm.exe on windows). It worked with both Communicator 4.x and with Netscape 6.x. It acted somewhat like a local proxy server (for https only) and it so required server permissions. So, FAQs began to (correctly) explain that PSM needed server permissions, but that it only served requests from the local browser, and not requests from remote systems.
Then in mid-2000 the export regulations changed, and it became possible to get products with strong crypto identified as "retail commodities" by the US government. Once mozilla became so categorized, it became legally possible to open source the crypto code. Thereafter, there was no longer any legal/regulatory reason to keep the crypto code in a separate process from the mozilla browser process, and a project (code named PIP, for "PSM In Process") was begun to rewrite PSM to work as an integral part of mozilla, rather than as a separate process. This work was announced to mozilla developers at the mozilla architecture conference in October 2000 (see news://news.mozilla.org:119/39E24DED.30FA8...@netscape.com ) and more publicly on the mozilla web site in January 2001, when the project was renamed PSM 2.0 (see news://news.mozilla.org:119/3A705465.1080...@netscape.com and http://www.mozilla.org/projects/security/pki/psm/ . Checkins of the new PSM code into the mozilla open source
repository began in January 2001. See http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/security/manager/ss...
for the history of one such new PSM 2.0 / PIP source file. Notice the comments on revision 1.1.
Unlike PSM 1.x, PSM 2.x has never used server sockets to communicate with the mozilla browser. So, since PSM 2.0 was first released in mozilla, it has not been true that PSM code in mozilla needs server socket permissions, but certain third-parties and their web sites have continued to say that mozilla needs server permissions because of PSM, as it did in PSM 1.x.
However, mozilla has other software that continues to use server sockets. Like PSM 1.x, these sockets are only used to accept connections from client sockets running on the same system, not from remote systems. These so-called loopback connections allow mozilla to notice that certain events have taken place in the same way (using the same technique) that it uses to notice that data has arrived on a connection to a remote server, and hence are known as "pollable events". You can read more about them at http://lxr.mozilla.org/nspr/source/nsprpub/pr/include/prio.h#1982
Mozilla uses them in its "socket transport service". I'm not sure what, if any, features of mozilla/TB/FF use that service, but the service is initialized (and the sockets created) during mozilla's initialization. As long as mozilla (and TB and FF) continue to use these pollable events, (and as long as they remain implemented using sockets and the loopback interface) they will continue to want to be permitted to act as a server for locally-initiated connections, even though PSM doesn't need it."
N
The "Firefox is trying to act as a server" warning is misleading.
Ther correct warning IMO woud be: "Firefox is trying to access local port: -bla, bla, bla[TCP].
Unlike servers (or trojans) which are listening on dedicated ports waiting to establish outbound/inbound connections, K-Meleon is talking to itself. Local ports on which K-Meleon is listening are not accessible from remote. If you make a port scan from the outside the port is closed/inaccessible.
Edited 1 time(s). Last edit at 12/07/2009 08:46AM by Yogi.
Nick, thx for info. Found on this machine that I clicked ZA. Question away but I/it never set the positive checkmark. Allow Server/Red X. Odd. But Your last post explains it.
Nothing better than an old tech author explaining.
Yogi also thank You for asking the fake question. I never bothered to check except for You. I'd died uninformed without You two.
Edited 2 time(s). Last edit at 12/09/2009 05:02AM by guenter.
Yogi,
Yes, at the time, I didn't know because of what my firewall was telling me. It, of course, was limited by what the programmers told it to say when it ran into this behavior by a gecko browser. SIGH
FWIW, I did go to Gibson's site and ran shields up which told me my ports were closed, which totally confused me and led me to post my query here. DOUBLE SIGH
N
Guenter,
Thank God for old links... a nice, thorough explanation!
N
General discussion about K-Meleon
Firewall says KM wants to act as a server
Posted by:
ndebord
Date: December 05, 2009 05:01PM
Had to reinstall my firewall (Outpost) and application rules for K-Meleon 1.5.3.
The firewall is giving me these messages. Am I compromised here?
Application attemtps to listen to a port
localhost:loopback, TCP:1496
computer's name, TCP:1496
Again, the next time I ran KM.
computer's name, TCP:1593
localhost:loopback, TCP:1593
Each time I told the firewall to block (one time only) this/these requests.
Any help, much appreciated.
N
Re: Firewall says KM wants to act as a server
Posted by:
JohnHell
Date: December 05, 2009 06:19PM
Most times are caused by plugins, but I don't trust anyway, as desga2, and doesn't affect the normal way KM works if you block it, so, do it, but don't create a rule, just block if you don't trust it when if happens for no reason.
Re: Firewall says KM wants to act as a server
Posted by:
ndebord
Date: December 05, 2009 06:59PM
Quote
desga2
All browser do loopback calls is usual. Trust K-Meleon for your Firewall.
desga2,
Thanks, I had Outpost making up rules for each app instead of using its default which is to use auto-rules... Had not seen this behavior before so got scared as I had just gone through a fdisk/format on this Thinkpad from a serious malware infection I could not remove with any of my tools. <sigh>
Much thanks.
N
Re: Firewall says KM wants to act as a server
Posted by:
ndebord
Date: December 05, 2009 07:00PM
Quote
JohnHell
Most times are caused by plugins, but I don't trust anyway, as desga2, and doesn't affect the normal way KM works if you block it, so, do it, but don't create a rule, just block if you don't trust it when if happens for no reason.
John,
Thanks... I was using the block one use option on Outpost temporarily until youse guys came up with an explanation. Much thanks.
N
Re: Firewall says KM wants to act as a server
Posted by:
guenter
Date: December 06, 2009 08:37AM
If You do not trust K-Meleon go FF
I use other firewall that sets rule for application but.
K-Meleon must act as a server.
p.s. If a denial of a port does not impede K-Meleon's functions, deny it.
Nothing should be allowed without reason.
Its either needed to function or... not allowed. Old army rule, remember
Maybe search google for known port functions. Just mark them in Your post & search button.
Edited 1 time(s). Last edit at 12/06/2009 08:40AM by guenter.
Re: Firewall says KM wants to act as a server
Posted by:
ndebord
Date: December 06, 2009 04:07PM
Quote
guenter
If You do not trust K-Meleon go FF
I use other firewall that sets rule for application but.
K-Meleon must act as a server.
p.s. If a denial of a port does not impede K-Meleon's functions, deny it.
Nothing should be allowed without reason.
Its either needed to function or... not allowed. Old army rule, remember
Maybe search google for known port functions. Just mark them in Your post & search button.
Guenter,
My problem is that I changed firewalls from Comodo to Outpost (after that malware problem) and when I did that I saw warning messages that I had not seen before.
SIGH
KM will use the ports required at any given site and so, there is not a way to determine safety, no? It's not like Norton Safe Web could help with this kind of thing???
N
Re: Firewall says KM wants to act as a server
Posted by:
Yogi
Date: December 06, 2009 08:31PM
@ndebord
sourceQuote
Mozilla applications require a loopback connection to be available for SSL. Check your firewall settings to make sure you have not blocked incoming connections to Mozilla applications. See the Firewalls article for details on firewall configuration.
Quote
guenter
K-Meleon must act as a server.
Could you please elaborate :O
Kann auch auf deutsch sein.
Edited 3 time(s). Last edit at 12/06/2009 08:34PM by Yogi.
Re: Firewall says KM wants to act as a server
Posted by:
guenter
Date: December 07, 2009 04:37AM
Zone Alarm wants it. Guess it is for plugins.
Did not check further - trusted application.
There is no big market share for walware producers that cater for K-Meleon anyway.
Edited 2 time(s). Last edit at 12/07/2009 04:46AM by guenter.
Re: Firewall says KM wants to act as a server
Posted by:
ndebord
Date: December 07, 2009 05:49AM
Quote
guenter
Zone Alarm wants it. Guess it is for plugins.
Did not check further - trusted application.
There is no big market share for walware producers that cater for K-Meleon anyway.
Guenter,
Thanks for the links. Traced it back to this interesting explanation.
Here is a recap of the history of why Gecko wants to have local server rights
from a guy named Nelson B:
http://groups.google.com/group/netscape.public.mozilla.general/browse_thread/thread/2c5be4a9830ec207/88cd0d6671240243
"When the decision was made back in 1998 to open the source to the Netscape browser, U.S. export control laws prohibited making crypto source code available from U.S. servers to non-US citizens. So, it was necessary to remove all the crypto code, and separate it into a separate program, whose source was not open. This program was first known as NSM, and later as PSM (psm.exe on windows). It worked with both Communicator 4.x and with Netscape 6.x. It acted somewhat like a local proxy server (for https only) and it so required server permissions. So, FAQs began to (correctly) explain that PSM needed server permissions, but that it only served requests from the local browser, and not requests from remote systems.
Then in mid-2000 the export regulations changed, and it became possible to get products with strong crypto identified as "retail commodities" by the US government. Once mozilla became so categorized, it became legally possible to open source the crypto code. Thereafter, there was no longer any legal/regulatory reason to keep the crypto code in a separate process from the mozilla browser process, and a project (code named PIP, for "PSM In Process") was begun to rewrite PSM to work as an integral part of mozilla, rather than as a separate process. This work was announced to mozilla developers at the mozilla architecture conference in October 2000 (see news://news.mozilla.org:119/39E24DED.30FA8...@netscape.com ) and more publicly on the mozilla web site in January 2001, when the project was renamed PSM 2.0 (see news://news.mozilla.org:119/3A705465.1080...@netscape.com and http://www.mozilla.org/projects/security/pki/psm/ . Checkins of the new PSM code into the mozilla open source
repository began in January 2001. See http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/security/manager/ss...
for the history of one such new PSM 2.0 / PIP source file. Notice the comments on revision 1.1.
Unlike PSM 1.x, PSM 2.x has never used server sockets to communicate with the mozilla browser. So, since PSM 2.0 was first released in mozilla, it has not been true that PSM code in mozilla needs server socket permissions, but certain third-parties and their web sites have continued to say that mozilla needs server permissions because of PSM, as it did in PSM 1.x.
However, mozilla has other software that continues to use server sockets. Like PSM 1.x, these sockets are only used to accept connections from client sockets running on the same system, not from remote systems. These so-called loopback connections allow mozilla to notice that certain events have taken place in the same way (using the same technique) that it uses to notice that data has arrived on a connection to a remote server, and hence are known as "pollable events". You can read more about them at http://lxr.mozilla.org/nspr/source/nsprpub/pr/include/prio.h#1982
Mozilla uses them in its "socket transport service". I'm not sure what, if any, features of mozilla/TB/FF use that service, but the service is initialized (and the sockets created) during mozilla's initialization. As long as mozilla (and TB and FF) continue to use these pollable events, (and as long as they remain implemented using sockets and the loopback interface) they will continue to want to be permitted to act as a server for locally-initiated connections, even though PSM doesn't need it."
N
Re: Firewall says KM wants to act as a server
Posted by:
Yogi
Date: December 07, 2009 08:46AM
The "Firefox is trying to act as a server" warning is misleading.
Ther correct warning IMO woud be: "Firefox is trying to access local port: -bla, bla, bla[TCP].
Unlike servers (or trojans) which are listening on dedicated ports waiting to establish outbound/inbound connections, K-Meleon is talking to itself. Local ports on which K-Meleon is listening are not accessible from remote. If you make a port scan from the outside the port is closed/inaccessible.
Edited 1 time(s). Last edit at 12/07/2009 08:46AM by Yogi.
Re: Firewall says KM wants to act as a server
Posted by:
guenter
Date: December 07, 2009 10:34AM
Nick, thx for info. Found on this machine that I clicked ZA. Question away but I/it never set the positive checkmark. Allow Server/Red X. Odd. But Your last post explains it.
Nothing better than an old tech author explaining.
Yogi also thank You for asking the fake question. I never bothered to check except for You. I'd died uninformed without You two.
Edited 2 time(s). Last edit at 12/09/2009 05:02AM by guenter.
Re: Firewall says KM wants to act as a server
Posted by:
ndebord
Date: December 07, 2009 01:59PM
Quote
Yogi
The "Firefox is trying to act as a server" warning is misleading.
Ther correct warning IMO woud be: "Firefox is trying to access local port: -bla, bla, bla[TCP].
Unlike servers (or trojans) which are listening on dedicated ports waiting to establish outbound/inbound connections, K-Meleon is talking to itself. Local ports on which K-Meleon is listening are not accessible from remote. If you make a port scan from the outside the port is closed/inaccessible.
Yogi,
Yes, at the time, I didn't know because of what my firewall was telling me. It, of course, was limited by what the programmers told it to say when it ran into this behavior by a gecko browser. SIGH
FWIW, I did go to Gibson's site and ran shields up which told me my ports were closed, which totally confused me and led me to post my query here. DOUBLE SIGH
N
Re: Firewall says KM wants to act as a server
Posted by:
ndebord
Date: December 07, 2009 02:00PM
Quote
guenter
Nick, thx for info. Found on this machine that I clicked ZA. Question away but I/it never set the positive checkmark. Allow Server/Red X. Odd. But Your last post explains it.
Nothing better than an old tech author explaining.
Yogi also thank You for asking the fake question. I never bothered to check except for You. I'd died uninformed with You two.
Guenter,
Thank God for old links... a nice, thorough explanation!
N
English