Which features is Windows 10 Defender Firewall blocking that Opera wants to do?
-
A Former User last edited by leocg
@amunoto Another annoyance of the opera updates identiying slightly different is that if you set cookie preferences, after each 'update' you have to reaffirm your choices for each site.
-
amunoto last edited by
@amunoto said in Which features is Windows 10 Defender Firewall blocking that Opera wants to do?:
@opedara Hello leocg. ...
@leocg
I think I have @mentioned the wrong user in my previous post Sorry!
Leocg - any hints for us (see post)?
Kind regards, Hauke -
amunoto last edited by
@leocg Thx, Leo, for your answer.
I would have thought that Opera tries to do something that triggers the firewall, and that is not the simple IP http thing I want it to do.
But I understand from you, that there is stuff that Opera is not doing, but that is coming from "the outside" and that triggers the windows firewall, leading to the message that has been shown in this thread's firts post.
It is weird and not satisfying to me, but well.
Thx again for your help. -
leocg Moderator Volunteer last edited by
@amunoto Unless you have changed something, the Windows Firewall will only alert you about incoming connections. So all those alerts are of sites trying to stablish a connection to your computer.
Usually it's not a problem, since it's how the web works. You will see it if you use other browsers too.You can try removing the rules from the firewall and the check which site triggers it for the first time.
One other thing that may trigger the alert are notifications.
-
opedara last edited by
@leocg So, saying it's not a problem and how the web works is brushing away the point of the post... it's a problem if it keeps popping up and we can't tell what exactly it's asking us to stop blocking. Chrome updates just fine without triggering a firewall prompt; same with Firefox and Edge. What Opera's doing is not normal, and is concerning, as is anything that triggers the pop-up (I mean, we all fully understand the point of a firewall right, and why it pops up confirm/deny prompts), especially when we can't tell what exactly it's trying to do.
So, since apparently Opera's dev team hasn't shown up to tell us what's going on, how do we find out?
So far I just cancel the pop-up, because I don't have enough information to know whether to stop blocking something my operating system's firewall is automatically blocking, but it's annoying having to deal with it. The security risk is at this point not worth the convenience, until I get more information.
-
leocg Moderator Volunteer last edited by
@opedara Now, what triggers the firewall alert in the first time I don't know since it can be a different reason for each one.
Probably it's the same reason that triggers the firewall for the other browsers. Maybe if you enable the firewall log you can see what is triggering it. -
A Former User last edited by leocg
@leocg As I've said before, it's the crazy way Operas installs the update in a new folder each time, so we get 12345/launcher.exe, then a few days later 12356/launcher.exe, and that's what triggers the firewall (and cookie) rules to run again
The obvious answer is to always have the current working folder for opera as Opera, upon the start of the upgrade, the existing opera folder is renamed Opera.old, then the update is applied to and overwrites the already existing Opera folder.
Then the firewall still assumes it's the same program, as does the Cookie rule models, so the prompt no longer appears.
Although the multiple version folders is, in theory, a good idea the reality is that it's problematic in a browser securing system required these days -
careware last edited by
I don't know about you guys, but for mine it doesnt happen in other browsers...it's an Opera thing...
I don't have the answer... its annoying, I just accept it... it doesn't endear me to Opera tho...only stay cause its a 15 or more year habit
-
careware last edited by
@leocg I do use other browsers, but not nearly as much...
My children use Chrome.
My wife uses Chrome on her work computer, she's never asked me about it (she'd panic and melt down at such a message)
I use Opera 99% of the time, and a lot more heavily that my children do. I have firefox, chrome, edge and vivaldi installed, never had the firewall thing...
I visit a far wider range of websites that my children.
I can't rule out the same thing happens in other browsers, but I think that unlikely. I never hear of anyone else mentioning it....it's the kind of thing that annoys people, so it would get mentioned I would think...But I dunno....
-
opedara last edited by opedara
@leocg There's been a lot of general answers and guesses all over the place, but it seems the most specific answer is that Opera makes a new folder during update... now, how that triggers a firewall prompt to unblock an incoming connection, I don't know. Maybe I don't know enough about how this works to feel that it's justified in happening.
I have other apps that update to new folders (like some of my Java-based programs) but I don't get a firewall popup for them. Why would I? If the new app is making a request out to the internet, any response comes back without having a natural firewall block. However, if an Opera bot or something is hitting my computer fresh, from somewhere... to do something I can't determine, then I have to leave it blocked, because I can't tell what exactly it wants to change. It's a security concern not just to me, but obviously to Microsoft's Windows firewall.
Anyway, I did a Google search on some words in a previous reply:
mDNS on UDP port 5353 for Opera
That nets some fun links about h@#$ing and computer vulnerabilities, doesn't it? Now I'm really concerned about why Opera does things this way.
-
leocg Moderator Volunteer last edited by leocg
@opedara said:
There's been a lot of general answers and guesses all over the place, but it seems the most specific answer is that Opera makes a new folder during update..
Yes, that part is already finished.
now, how that triggers a firewall prompt to unblock an incoming connection, I don't know.
After updates? Because of what was said above, the firewall thinks that there is a new program and you need to allow the connections again.
Now, what triggers the firewall alert after the first installation may be many things.
Some minutes ago I got the alert when I went to blogs.opera.com/desktop. -
opedara last edited by
@leocg I don't know exactly how it works... I wasn't trying to describe exactly how it works.
Because of what you said above, the firewall thinks that there is a new program and you need to allow the connections again
What do you mean because of what I said above? The firewall doesn't do anything because of what I said.
So here's what doesn't make sense to me: "the firewall thinks that there is a new program"... the firewall doesn't listen to when Windows installs programs, does it? It just listens for incoming connections and blocks new ones at ports that aren't enabled... right?
The issues with your fine sentence that I'm quoting there above are:
- I never unblocked the restriction for Opera in the firewall... I always clicked Cancel when the prompt popped up, because I couldn't tell what it was trying to do!
- If the program moved (or the old one was removed and a new one put in a different place), then I still don't know why the firewall prompt is triggering, because based on what you said it's a new connection (as opposed to a response).
So, the only way what you're saying makes sense is if I'm missing detail, I'm misunderstanding something, or between the old app's request to Opera's server and the response back to the new app... the firewall is catching it and considering it a security issue that I need to pull the switch on.
Which is correct? If I'm missing detail, please fill in that detail. If I'm misunderstanding, please explain where and clear it up. If this is just some sort of SNAFU where the thing that sent the request to Opera's server doesn't exist but the response is telling the firewall it needs to get to the app which the firewall is aware is in a new place... then I need to know for sure if that's what you're saying, because it seems like an unusual situation that probably shouldn't happen anyway and rarely does for any other apps I use.
Regardless... I still can't tell exactly what it's trying to do in that new incoming connection. Explaining it's just because of update app location move... doesn't state what the new incoming request is trying to do. Just say "we've acknowledged that you updated"? Maybe I missed the particular thing you stated that it's trying to do, if we can even find out.
Oh and nevermind the mDNS on UDP port 5353 for Opera posts I found about security issues and computer vulnerabilities... maybe someone should provide some history on that.
-
burnout426 Volunteer last edited by
Best thing to do would be to enabling logging for the Windows firewall. Then, when this happens, immediately look at the log.
https://www.howtogeek.com/220204/how-to-track-firewall-activity-with-the-windows-firewall-log/
-
leocg Moderator Volunteer last edited by
@opedara said :
o here's what doesn't make sense to me: "the firewall thinks that there is a new program"... the firewall doesn't listen to when Windows installs programs, does it? It just listens for incoming connections and blocks new ones at ports that aren't enabled... right?
By default, incoming connections are blocked by the firewall. When a incoming connection comes, you get a prompt to allow the program - more specifically the executable - associated to that connection to keep receiving those connections.
So if the path to the program executable changes, the firewall will ask for permission again. -
burnout426 Volunteer last edited by
@burnout426 said in Which features is Windows 10 Defender Firewall blocking that Opera wants to do?:
Best thing to do would be to enabling logging for the Windows firewall. Then, when this happens, immediately look at the log.
https://www.howtogeek.com/220204/how-to-track-firewall-activity-with-the-windows-firewall-log/
Testing this myself, the log wasn't too helpful. All I see are dropped requests for SSDP before/after the firewall dialog comes up.