How do you handle privacy during development?

[tmighty2]

Hello!
I find it increasingly hard to keep my system shut and to block Microsoft.
I thought I was fine until a few days ago on my system my favorite software Firewall crashed, and Windows updated that system, leaving me with Copilot installed.
I realized that there many ways to fail to protect my data.

fafalone did an exceptional IO watcher in VB6 which helped me to understand what some processes do.
I wish there was a VB6 firewall as I could debug it. I would not be dependend on trusting other softwares.

I don't see any sense using any other closed or even open source firewall solution anymore because it usually depends on many more packages which introduce more insecurity as each could be a new backdoor.
That is why I love stuff written in VB6.

Is there such a VB6 firewall? Or could you tell me how you protect your dev computer?

Thank you!

[OptionBase1]

You could always keep your dev computer offline, or connected to your network but have it configured so it can't access the internet.

[prote01]

That's correct - at home I have offline Windows XP machines connected only through a HUB for testing purposes. The only way to extract data is via USB. Though for my Windows 11, I use VirtualBox for other scenarios

[tmighty2]

I am also using VirtualBox but I have not compiled it myself, so I don't trust it.

I had an idea. Can anybody tell me if what I had in mind would work?
I would like to make a DNS trap in VB6 on Windows 11 using only one machine and Ethernet.
The goal is:
All system DNS is forced to 127.0.0.1.

My VB6 app listens on UDP port 53 and intercepts DNS queries. I saw some VB6 code here using "WSAStartUp", but asking for help with it, so I am not sure if that would actually work or not.

Anyways, the ideas was that my app checks a SQLite database (App.Path & "\dns.sqlite") for allowed domains.

Allowed domains are forwarded to a real DNS, others are silently dropped.

If the VB6 app is not running or crashes, all DNS is blocked by design.

This means: the VB6 app acts as an "unblocker", not the blocker. Does this logic and implementation track with how Windows DNS works under these conditions?

[dz32]

im getting pretty close to misconfiguring my network setting to keep windows itself off the internet entirely and using another computer as a web proxy server that only firefox knows about. I am really tired of windows updates adding stuff and communicating in the background endlessly. You can try to make windows behave through unsanctioned modifications but it can break random stuff. not worth the fight screw them. Windows is almost a virus these days.

[OptionBase1]

im getting pretty close to misconfiguring my network setting to keep windows itself off the internet entirely and using another computer as a web proxy server that only firefox knows about. I am really tired of windows updates adding stuff and communicating in the background endlessly. You can try to make windows behave through unsanctioned modifications but it can break random stuff. not worth the fight screw them. Windows is almost a virus these days.

Yeah, just blank out the Default Gateway and that should take care of it. Then, like you said, you can use app specific proxy settings to a local LAN IP as needed.

[tmighty2]

Could you show the setup to me or explain the steps?

[fafalone]

I've just disabled Windows Update.

I don't think anyone has made a full firewall but we did do some work with the low level network APIs that iirc are what the Windows Firewall uses-- the Windows Filtering Platform.

For example blocking all internet traffic but still allowing local LAN traffic, some code of wqweto's modified:

Code:

    Private Const STR_BLOCK_FILTER As String = "Block non-LAN traffic"

    ' Function to configure non-local traffic
    Public Sub ConfigureNonLocalTraffic(ByVal enable As Boolean)
        Dim engineHandle    As LongPtr
        Dim result          As Long

        result = FwpmEngineOpen0(0, RPC_C_AUTHN_DEFAULT, vbNullPtr, vbNullPtr, engineHandle)
        If result <> ERROR_SUCCESS Then
            Err.Raise vbObjectError, , "FwpmEngineOpen failed: &H" & Hex$(result)
            Exit Sub
        End If
        If enable Then
            DeleteFilterByName engineHandle, STR_BLOCK_FILTER
        Else
            AddBlockNonLANTrafficFilter engineHandle, STR_BLOCK_FILTER
        End If
        Call FwpmEngineClose0(engineHandle)
    End Sub

    ' Function to add a filter to block non-LAN traffic
    Private Sub AddBlockNonLANTrafficFilter(ByVal engineHandle As LongPtr, filterName As String)
        Dim lanAddr(0 To 3) As FWP_V4_ADDR_AND_MASK
        Dim lanCond(0 To 3) As FWPM_FILTER_CONDITION0
        Dim filter          As FWPM_FILTER0
        Dim lIdx            As Long
        Dim result          As Long
        Dim sApiName        As String

        ' Initialize LAN addresses and masks
        lanAddr(0) = pvToInetAddr("192.168.0.0", 16)
        lanAddr(1) = pvToInetAddr("10.0.0.0", 8)
        lanAddr(2) = pvToInetAddr("172.16.0.0", 12)
        lanAddr(3) = pvToInetAddr("127.0.0.0", 8)
        ' Initialize the filter conditions
        For lIdx = 0 To UBound(lanCond)
            If lIdx = 3 Then
                lanCond(lIdx).fieldKey = FWPM_CONDITION_IP_LOCAL_ADDRESS
            Else
                lanCond(lIdx).fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS
            End If
            lanCond(lIdx).matchType = FWP_MATCH_NOT_EQUAL
            lanCond(lIdx).conditionValue.type = FWP_V4_ADDR_MASK
            lanCond(lIdx).conditionValue.u = VarPtr(lanAddr(lIdx))
        Next
        Debug.Print "ok set cond"
        ' Initialize the filter
        filter.displayData.name = StrPtr(filterName)
        filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4
        filter.action.type = FWP_ACTION_BLOCK
        filter.filterCondition = VarPtr(lanCond(0))
        filter.numFilterConditions = UBound(lanCond) + 1
    
        result = FwpmFilterAdd0(engineHandle, filter, vbNullPtr, ByVal 0)
        If result <> ERROR_SUCCESS Then
            sApiName = "FwpmFilterAdd"
            GoTo QH
            Else
                Debug.Print "ok add"
        End If
    QH:
        ' If LenB(sApiName) <> 0 Then
        '     Err.Raise vbObjectError, , sApiName & " failed: &H" & Hex$(result)
        ' End If
        Debug.Print "AddBlockNonLANTrafficFilter out"
    End Sub

    ' Function to delete a filter by its name
    Private Sub DeleteFilterByName(ByVal engineHandle As LongPtr, filterName As String)
        Dim enumHandle      As LongPtr
        Dim filters         As LongPtr
        Dim numFilters      As Long
        Dim lIdx            As Integer
        Dim lPtr            As LongPtr
        Dim filter          As FWPM_FILTER0
        Dim result          As Long
        Dim sApiName        As String
    
        result = FwpmFilterCreateEnumHandle0(engineHandle, vbNullPtr, enumHandle)
        If result <> ERROR_SUCCESS Then
            sApiName = "FwpmFilterCreateEnumHandle"
            GoTo QH
            Else
        Debug.Print "Ok ceh"
        End If
        result = FwpmFilterEnum0(engineHandle, enumHandle, -1, filters, numFilters)
        If result <> ERROR_SUCCESS Then
            sApiName = "FwpmFilterEnum"
            GoTo QH
            Else
                Debug.Print "ok enum"
        End If
        For lIdx = 0 To numFilters - 1
            Call CopyMemory(lPtr, ByVal filters + lIdx * LenB(lPtr), LenB(lPtr))
            Call CopyMemory(filter, ByVal lPtr, LenB(filter))
            If StrComp(pvToString(filter.displayData.name), filterName, vbTextCompare) = 0 Then
                result = FwpmFilterDeleteByKey0(engineHandle, filter.filterKey)
                If result <> ERROR_SUCCESS Then
                    sApiName = "FwpmFilterDeleteByKey"
                    GoTo QH
                End If
            End If
        Next
    QH:
    Debug.Print "ok pre-fm"
        If filters <> 0 Then
            Call FwpmFreeMemory0(filters)
        End If
        If enumHandle <> 0 Then
            Call FwpmFilterDestroyEnumHandle0(engineHandle, enumHandle)
        End If
        If LenB(sApiName) <> 0 Then
            Err.Raise vbObjectError, , sApiName & " failed: &H" & Hex$(result)
        End If
    End Sub
    
    ' Function to convert IP address string to long
    Private Function pvToInetAddr(ipAddress As String, ByVal prefix As Long) As FWP_V4_ADDR_AND_MASK
        Dim parts()         As String
    
        parts = Split(ipAddress, ".")
        pvToInetAddr.addr = LShift32(parts(0), 24) + LShift32(parts(1), 16) + LShift32(parts(2), 8) + CLng(parts(3))
        pvToInetAddr.mask = LShift32(-1, 32 - prefix)
    End Function

    Private Function LShift32(ByVal lX As Long, ByVal lN As Long) As Long
        If lN = 0 Then
            LShift32 = lX
        Else
            LShift32 = (lX And (LNG_POW2(31 - lN) - 1)) * LNG_POW2(lN) Or -((lX And LNG_POW2(31 - lN)) <> 0) * &H80000000
        End If
    End Function

    Private Function LNG_POW2(ByVal lN As Long) As Long
        LNG_POW2 = 2 ^ lN
    End Function

    Private Function pvToString(ByVal lPtr As LongPtr) As String
        If lPtr <> 0 Then
            pvToString = String$(lstrlen(ByVal lPtr), 0)
            Call CopyMemory(ByVal StrPtr(pvToString), ByVal lPtr, LenB(pvToString))
        End If
    End Function
    
    Private Sub Command1_Click() Handles Command1.Click
        ConfigureNonLocalTraffic False
    End Sub
    
    Private Sub Command2_Click() Handles Command2.Click
        ConfigureNonLocalTraffic True
    End Sub

(code uses WDL defs but trivial to backport to vb6, though obviously it's much nicer working in tB where you don't have to copy them all individually; you can even view them online if you don't want tB's great ide; all WFP defs are here for example: https://github.com/fafalone/WinDevLi.../wdAPIWFP.twin)

[yereverluvinuncleber]

Windows Update Blocker - a very useful tool.

[cidtek]

https://www.grc.com/incontrol.htm

InControl by Steve Gibson of ShieldsUp and SpinRite fame.

[dz32]

for the network proxy setup, basically just set a hardcoded ip for your machine with the wrong gateway address. then have another machine on your network, probably an older pc with linux, running squid proxy server or similiar. then just set the proxy server address in your browser config (not IE). Chatgpt or google searches will have all the details.

I am still looking for a reasonably priced network appliance that has the features I want baked in so I can just plug it in and go but havent searched hard yet. Lots of junk on windows now reaches out like news, weather, telematics, and every app that thinks they should auto update on us then pester us until we comply. Its hardly our own computer anymore

Try running a packet sniffer overnight and see how much traffic there is its disgusting. It was easy to get XP dead silent.

[tmighty2]

Thank you all. I love fafalone and wqweto's codes in general. Thank you!

What I don't like about the proxy solution is that we have to rely on something not written in VB6. As I understand it, the proxy would have to use an application that is both in a new environment and which is not written in VB6, right? I don't like to rely on third party (except the old VB6 code) packages, etc. anymore.
Can anybody tell me if "https proxy" is the search term that I am after?
I mean the app that would have to be running on the proxy.

[baka]

u buy an enterprise router and control all the in-out.
surely if u mess with default ports, such as the dns, u will need to create your own webbrowser with its own dns-resolve or stick with IPs.
I mean, u can disable all ports or change its port-address. but this require knowledge and custom-software if they are locked to a specific port.

[SomeYguy]

I would Airgap your development machine from the internet. I sometimes do. It is the only way to be 100% sure.

[tmighty2]

Thank you @OlafSchmidt for this!!

[jpbro]

Thank you @OlafSchmidt for this!!

Nice find! I'm browsing with it now and it works like a charm so far (no surprise given the pedigree).