Update:
Brilliant! @
Alejandro85 you set me off on the correct track - although I confess some of the technicalities are beyond me. Documented here for future readers....
To summarise the problem:
Win7 on a netbook. Sometimes connected to a mobile phone when travelling for brief internet use. On one occasion however, large amounts of 3g data were rapidly consumed, even though all automatic updating is disabled.
Solutions suggested and tested:
Initially, I was searching for a firewall that would allow each program to be blocked each time (i.e. answers were not remembered) so that I could block any data traffic I did not require during 3g use. Online-armor looked promising and did just that, but there were so many unidentifiable services and connections popping-up requesting permission, it was impossible to keep up with the requests. I started to realise then that I may not be able to do what I wanted. Comodo was recommended, but (I am embarrassed to say) I could not find the settings for individual program control in the free version - online instructions showed a different version, I think.
Also, some of the comodo pages are too big to display on my small screen (OK, Apply and Cancel buttons are not visible - this means I have to tab through the buttons and guess which one is 'OK'. This is a common problem with the small netbook, and really bad programming).
Solution:
Windows firewall. I did not know that it could be configured to control outbound requests also. I followed
these instructions for a basic setup, but the gist of it is as follows -
1) Start > Control Panel > Administrative tools > Windows Firewall with advanced security (make a shortcut on the desktop for easy access).
2) Backup. Over on the right, use 'export policy' to create a backup of the firewall settings you currently have (no need to explain why!).
3) Highlight 'windows firewall with advanced...' on the left. Click 'Windows firewall properties' at the bottom of the 'overview' box.
4) Do some research. There are tabs for
Domain, private and public. From what I could gather, when you connect your pc to a network, the networking centre asks is it 'home', 'work' or 'public'. My home wifi is 'home', which is regarded by the firewall as 'private'. When I connect via 3g, the connection is 'public', which the firewall regards as 'public'. You can see now that it is possible for me to have automatically switching levels of firewall control, depending on which connection I am using.
5) Click on 'Private Profile' tab. You'll see that
outbound connections are allowed by default. Now click on 'Public Profile' tab and set outbound connnections to block. Click on OK. (Note that you can block them in any profile you like - so when you are testing, you might want to play with the 'Private Profile' if that's the one you are connected to.) From now on, NO APPLICATIONS CAN CONNECT TO THE INTERNET.
6) When on 3g, I just want to use chrome to access the
Waze map editor (not really feasible to use a mobile phone browser). So I made a rule to allow chrome. Over on the left, click 'outbound rules'.
7) Then on the right, click 'new rule'.
8) Select 'program' > next > enter the path to the chrome executable (took some finding - tip = from the start menu, right-click on the chrome icon and select properties and copy the 'target' field as the path - this doesn't work for all paths, but allows you to find the thing so you can browse to it within the rule wizard) > next.
9) 'Allow the connection' > next
10) Choose which profile to apply this to. I kept all three ticked, as I am only enabling blocking in one profile, so if I choose to block in another profile, I know the rule will still be valid. > next.
11) Name and describe > finish. The rule appears at the top of the list.
I thought there might be issues with some background services being blocked and the internet connection failing (as I found when I tried to block everything within online-armor, but all was fine. Now I can only connect with Chrome - windows update is blocked, so is MSE update and any other application I have tried - so simple.
Disadvantages:
- Blocking is silent. One advantage of a pop-up alert is that malware can reveal itself when it asks for permission to connect.
- Outbound connections are allowed by default in the unrestricted profiles, so one might like to block and create rules for every action (lots of work).
- It's quite a technical setup. I'm sure there are a ton of issues that I am unaware of.
