Not sure where to post this, but I realize that Outpost like the others allows you to deal with enabling stuff at an application level. However, with the new UPnP protocol used by a variety of things in XP Windows, such as Messenger etc... I wanted to make this request...

Could you add somewhere in Outpost a button that we could check such as "Enable Windows XP UPnP Protocols"

Also not sure how Outpost affects remote desktop assistance, either as the one requesting help or the one being asked. Because of the complexities, it would be really useful to me as the end user to have a bit simpler approach such as: Enable Remote Assistance / Sharing etc.

This may be a little off, but I been faced with the question of how to cope with Port Ranging if I were to use OutPost. Is this possible?

Thanks Folks. Wanting to try Outpost again, now that we have XP Pros up and running etc. solid.

I have been trying to help another get remote desktop working with Outpost. Do you know what is required?
As for your suggestion, please put a suggestion in the suggestions forum and it will be addressed there.
Please tell me what specific problems you have and please tell me what port ranging is. I'm just an old country boy. :)
Will try to help best as I can, and others will come along, I'm sure.

Hi HeartWind,

I have a possible answer and one comment:

1. Concerning UPnP.

I believe that this could be solved in two ways:
a) Global rule for Allowing UDP, Remote Port 1900 and also TCP, Inbound, Local Port 5000.
-OR-
b) Create an application rule for svchost.exe with the same rules as outlined in a). This would probably be a safer solution and this is what I have done. But, I do have one difference. On the rule for UDP port 1900, I have specified a remote host of 239.255.255.250. This is an IANA IP address and it seems to be the only IP ever contacted by svchost.exe.

Either ruleset should work, but as I have said, I prefer method b) myself. Maybe a default rule for svchost.exe can be added to the preset.lst file. Although, my recommendation for most people and also for the preset rule would be an initial state of 'Deny It' as this offers people the greatest possible protection from UPnP exploits. An experienced user, like yourself, could simply go to the svchost.exe rule and change the settings for the two rules to 'Allow It'.

2. Concerning Port Ranging: I am not entirely sure what you mean by this so I will make a guess. If you are saying that you may have to figure out what port ranges to open for certain things like Messenger and Remote Desktop, you would be correct. It is a little more difficult, but that is why we have the Rules Creation and Presets forum. Between the many different people that visit this forum we are generally able to come up with decent rulesets for about all applications. Even applications that use large port ranges can be accomodated. :)

Well HeartWind, I hope that some of my comments came close to answering your questions. If not, please feel free to ask as much as you like. Have a good day HeartWind. :)

Hi David

Well first let me say thanks about the experienced user, but honestly I am not.

I am looking at this from the XP users' viewpoint - and not all of us know how to create these rules etc. I am hopeful that your suggestions will be seen by Agnitum folks and considered.

You are right, about that such a feature should initially be set to "disabled" and give the user a choice. I wasnt clear on that myself and should have been.

But the more I think about this the more I would like to see this as a preference panel or something that would be very clear to the home or pro XP users. I am not fully aware yet what all UPnP requires or how it is used by what stuff within XP - but it it would be consistent with how XP and other router implementers are doing it which is giving users the choice either enable or disable UPnP. I would like to see Agnitum take a similar approach and build into it's "preferences" a tab that was XP Windows specific type of thing.

Maybe there should be a range of choices in how UPnP is enabled similar to what you were suggesting as opposed to simply an on/off choice.

I just do not want to get into having to create rules etc to deal with UPnP - since from what I understand this is a bit more than just enabling port 1900 or Messenger - etc. And I know from the user's viewpoint this would be the best approach. I also know as I and others have been using XP, getting hanged by things only partially working or not, due to a router/ports/firewall stuff are not things a lot of users want to really deal with and for me as their helper - it would be of emense help to say ok we just need to enable UPnP - now head to the preference tab etc.. and enable it..

Lets see if Agnitum wants to be first in being able to promote UPnP!

I just woke up and my memory jogged. If I remember correctly, when XP first came out, one of the major discussions was about how dangerous it was to have UPNP enabled and everybody was saying, disable UPNP as soon as you install XP.
Can you please tell me, what use UPNP is to you and why you would want to use it?

Sure, UPnP is required for example to use Messenger to do video or voice chats. Without UPnP you cannot do so, all you can do is toss text chats back and forth. Thats one example.

Originally posted by HeartWind
Not sure where to post this, but I realize that Outpost like the others allows you to deal with enabling stuff at an application level. However, with the new UPnP protocol used by a variety of things in XP Windows, such as Messenger etc... I wanted to make this request...

Could you add somewhere in Outpost a button that we could check such as "Enable Windows XP UPnP Protocols"





You can DL UPNP from Steve Gibson's site. It wii do what you are asking for; http://grc.com/default.htm

HTH

NO now if I wanted to disable UPnP - I would.. Point of all the discussion here is without UPnP enabled, we cannot engage things like Messenger to do video/voice chats... And given the way UPnP works, using OutPost or ZA, etc, effectively prevents users from using Messenger.

And using the rule approach from what I am reading is not effective because Messenger uses different ports etc in different connections.

So from all this I am just making the suggestion/request that Agnitum consider a different approach that is more user friendly for the average XP user.

Originally posted by HeartWind
NO now if I wanted to disable UPnP - I would.. Point of all the discussion here is without UPnP enabled, we cannot engage things like Messenger to do video/voice chats... And given the way UPnP works, using OutPost or ZA, etc, effectively prevents users from using Messenger.

And using the rule approach from what I am reading is not effective because Messenger uses different ports etc in different connections.

So from all this I am just making the suggestion/request that Agnitum consider a different approach that is more user friendly for the average XP user.

==> Did you bother to read the verbiage at the link I gave you? The proggie will turn UPnP on and off. It will do what you asked for until a decision about OP is made by the developers

Yep read it, know of it - does not change the fact that we still have to set rules etc to use UPnP if we have Outpost running.. Thanks

Hi HeartWind,

I have printed an article from Microsoft on UPnP and will read it over the next few days. But, I do think that for UPnP itself, the only rules needed are the rules that I specified. I am not sure that I am 100% with you on a special setting for UPnP. But, your suggestion is valid and you should probably consider posting to Suggestions and Feedback. The Agnitum Staff check that particular forum on a regular basis.

I will try to get you a more complete answer and a possible solution as soon as possible. If you post your suggestion to the Suggestions and Feedback forum, you should probably reference this thread. :)

Have a good day HearWind. I have to go for now. :)

We will check the issue with XP UPnP Protocols.

I UPnP disabled on my XP box and everything seems to work fine, including messenger.

As far as I was aware UPnP was for auto configuration of NAT routers and the like that support it (And they are few and far between)

Hi HeartWind,

Mike hit it right on the button. UPnP is mainly meant to help your PC and intelligent appliances (including routers) around your house to be automatically connected and configured. It is part of Microsoft's hope to eventually have your PC as part of a larger home automation system. After reading about it, I am really not too worried about it. It looks like it may do some very useful things. For example, if your PC were allowed to communicate with a UPnP aware router, you could use applicaitons like MSN Messenger and any other application that requires special router configuration seemlessly. The PC would simply configure the router to allow the necessary traffic for the application in use. I guess that it will be up to the individual to decide just how much they want their PC to control and so some will probably disable UPnP. As Mike pointed out, that can easily be done by disabling the UPnP and SSDP services. I have read the documentation for UPnP once and will do so again and will probably post a UPnP article to one of the forums here sometime in the near future.

Have a good night HeartWind. :)

Originally posted by thompsonmike
I UPnP disabled on my XP box and everything seems to work fine, including messenger.

As far as I was aware UPnP was for auto configuration of NAT routers and the like that support it (And they are few and far between)

Hi Mike,
Wow, could that be translated "How dare they try and keep us out by getting a router. Here friend, UPnP is good for you" :D:D
I just don't trust M$.
Just because you're not paranoid, doesn't mean they aren't after you:D:D
Chris

Umm, Ok........


>Wow, could that be translated "How dare they try and keep us >out by getting a router. Here friend, UPnP is good for you"

UPnP is designed for auto config of routers on your network. Who gets a router??

>I just don't trust M$.

Ok.

>Just because you're not paranoid, doesn't mean they aren't >after you

Who? M$?

Forgive me, but I really dont get what you mean..I may be being thick.

Yes M$. Just a joke, sorry.
Chris

root,

Somehow I have missed this thread. i would like to go back to your earlier question about remote desktop. If the person you are trying to help is trying to use the one native to XP then you have to connect to a terminal server (i.e. Win2K Server or better).

Hey guys,

UPnP goes way beyond router configuration. And, I believe that is a substantial benefit of this service. By the way, I have a non-UPnP aware router and configuring manually can be a pain at times. To elaborate further on UPnP, it sounds like any applicance or even the very electrical system and environmental control system in your house could be made UPnP aware and controlled. Sounds a little like that X10 stuff. But, believe me, UPnP is way beyond X10. Sorry to keep this issue going. But, it is really interesting stuff. Do a Google search. There are many interesting articles on the subject.

chrisclu, don't worry :D .......UPnP can always be disabled by deactivating the required services and you will still have to provide some communications path for each of the intelligent appliances to talk anyway. Personally, I do not need a PC controlling my house either, but it is still technically interesting.

Talk to you later :)

Hi David,
My wife usually buys the appliances and I made her promise to never, ever, buy an appliance more intelligent then me:D:D
She said, "that doesn't leave a very big choice."

Gosh, I'm going to miss her:D
Chris

Hi chrisclu,

Yea, I have to admit that it will be quite some time before I buy appliances and household electronics that can talk back to me or be operated automatically. But, as I said UPnP is intersting from a technical point of view. Visions of HAL9000 keep dancing through my head. :D :D :D

quote "Visions of HAL9000 keep dancing through my head. "
No kidding, I keep hearing HAL ask "What are you doing, Dave?"

ROTFL

Hey Mike..... :D

The last thing that I need is my computer or some other control point in my UPnP enabled home telling me that I have had too much to eat, need to go on a diet, and then proceed to lock me out of my UPnP enabled refrigerator.

I can imagine it now:

David: "Open the refrigerator door Hal."

Control PC: "I can't do that Dave."

I don't even want to think about the possiblity. :D

:D:D:D:D