Thread: F-Secure and PostgreSQL
Hi, after some research a month ago I found out that there is some issue between the software F-secure Internet Security (2006,2007, 2008) and the Windows version of postgreSQL. I cannot connect to postgreSQL. Is there a solution to this other than to buy and run another security package? There seemsto be one, but the person on that forum didn't explain it. He just stated that some part of F-secure Internet Securityhad to be deactivated by hand and that the difficulty related to the web traffic scanner... I would love to read about how to resolve this. Best regards, Konsta
am Fri, dem 23.05.2008, um 9:36:17 +0200 mailte Konsta Tiihonen folgendes: > Hi, > > after some research a month ago I found out that there is some issue > between the software F-secure Internet Security (2006, 2007, 2008) and > the Windows version of postgreSQL. I cannot connect to postgreSQL. Is > there a solution to this other than to buy and run another security > package? There seems to be one, but the person on that forum didn't > explain it. He just stated that some part of F-secure Internet > Security had to be deactivated by hand and that the difficulty related > to the web traffic scanner... Why do you think you need some sort of software? There are know troubles with similar software like Zonealarm, Norton & Co... The one and only hint that i can give you is to remove this software and configure your windoze properly, including the on-board firewall. Andreas -- Andreas Kretschmer Kontakt: Heynitz: 035242/47150, D1: 0160/7141639 (mehr: -> Header) GnuPG-ID: 0x3FFF606C, privat 0x7F4584DA http://wwwkeys.de.pgp.net
Konsta Tiihonen wrote: > Hi, > > after some research a month ago I found out that there is some issue > between the software F-secure Internet Security (2006, 2007, 2008) > and the Windows version of postgreSQL. I cannot connect to > postgreSQL. You probably need to check the F-Secure manual for details, but presumably you need to stop the firewall from blocking port 5432 (which is what PostgreSQL uses). Can you connect from the maching PostgreSQL is installed on? It would be unusual if the firewall is blocking localhost. Oh, and you'll want to make sure the anti-virus scanner isn't scanning the database folder too. There have been cases where av scanners interfere with the database. -- Richard Huxton Archonet Ltd
-------- Original-Nachricht -------- > Datum: Fri, 23 May 2008 10:08:58 +0200 > Von: "A. Kretschmer" <andreas.kretschmer@schollglas.com> > An: pgsql-general@postgresql.org > Betreff: Re: [GENERAL] F-Secure and PostgreSQL > am Fri, dem 23.05.2008, um 9:36:17 +0200 mailte Konsta Tiihonen > folgendes: > > Hi, > > > > after some research a month ago I found out that there is some issue > > between the software F-secure Internet Security (2006, 2007, 2008) and > > the Windows version of postgreSQL. I cannot connect to postgreSQL. Is > > there a solution to this other than to buy and run another security > > package? There seems to be one, but the person on that forum didn't > > explain it. He just stated that some part of F-secure Internet > > Security had to be deactivated by hand and that the difficulty related > > to the web traffic scanner... > > Why do you think you need some sort of software? There are know troubles > with similar software like Zonealarm, Norton & Co... > > The one and only hint that i can give you is to remove this software and > configure your windoze properly, including the on-board firewall. As several posters in some forum(can't remember which, the thread was more than a year old) pointed out, this issue is especiallyrelated to F-Secure, so, if I wanted to spend another couple of bucks on other antivir software, this might beresolved - they said they had it running smoothly while having Zonealarm active. Andreas, do you know of any sources investigating security of windows' own firewall, since you do not seem to be worriedabout securing a windows pc with just the standard firewall. Cheers, Konsta
-------- Original-Nachricht -------- > Datum: Fri, 23 May 2008 09:09:29 +0100 > Von: Richard Huxton <dev@archonet.com> > An: Konsta Tiihonen <konsta@gmx.net> > CC: pgsql-general@postgresql.org > Betreff: Re: [GENERAL] F-Secure and PostgreSQL > Konsta Tiihonen wrote: > > Hi, > > > > after some research a month ago I found out that there is some issue > > between the software F-secure Internet Security (2006, 2007, 2008) > > and the Windows version of postgreSQL. I cannot connect to > > postgreSQL. > > You probably need to check the F-Secure manual for details, but > presumably you need to stop the firewall from blocking port 5432 (which > is what PostgreSQL uses). > > Can you connect from the maching PostgreSQL is installed on? It would be > unusual if the firewall is blocking localhost. > > Oh, and you'll want to make sure the anti-virus scanner isn't scanning > the database folder too. There have been cases where av scanners > interfere with the database. I opened the port 5432 inbound and outbound already. As far as I konw there are some other ports for negotiation as well.I opened those up, too. Connecting to it is not possible. The postgreSQL service is running on the same machine, sothere is no other machine I could try to connect from. I will give 'not scanning the directory' a shot. Is there somebody else who is running F-Secure and postgreSQL on a Windows PC or am I the only person with this setting? Best regards, Konsta Tiihonen
Konsta Tiihonen wrote: > As several posters in some forum(can't remember which, the thread was more than a year old) pointed out, this issue isespecially related to F-Secure, so, if I wanted to spend another couple of bucks on other antivir software, this mightbe resolved - they said they had it running smoothly while having Zonealarm active. > > do you know of any sources investigating security of windows' own firewall, since you do not seem to be worried about securinga windows pc with just the standard firewall. 3rd-party single host software firewalls are a left-over from win98 days when the OS was full of gaping remotely exploitable security holes and had lots of services listening by default. In my experience and based on the security history the Windows firewall is just fine. Don't take my word for it, though - check for CERT advisories involving the windows firewall, search MSDN, etc. Personally, the only reason I see for adding a 3rd party host-based (ie non-routing) firewall to ANY modern OS is if you want to support egress filtering & monitoring or have complex per-interface rules. For anything more complex than simple ingress filtering I'd want a dedicated (in my case Linux-based) firewall/router box anyway. I don't see the point of single host egress filtering myself, as anything that's trying to initiate outgoing connections is already able to do pretty much whatever else it wants within its local privelege level. Like (on Windows) spawn a hidden MSIE window and submit a web form. The horse has bolted. Avoiding 3rd party firewalls also saves you money and a great deal of pain caused by their profusion of bugs, incompatibilities, and dodgy hacks. It's also one less probably buggy program that might be exploited by an attack over the 'net. Even if you want an add-in firewall on some machines (say, business SOE systems if you don't like your users or tech support staff) using one on a system with a database like PostgreSQL seems like an unusual choice. I would personally avoid having a resident virus scanner too, as they're as bad as or worse than add-in firewalls for causing problems. Then again, I don't execute untrusted code downloaded off the 'net. If you do remove your 3rd party firewall you may need to manually re-enable the windows one. Additionally, they sometimes leave the IP stack in a rather messed up state, so you might need to run: netsh interface ipv4 reset (on XP a logfile path argument may need to be appended) On a side note, I would personally want to use a UNIX/Linux based DB server for anything but development work anyway. -- Craig Ringe
Konsta Tiihonen wrote: > I opened the port 5432 inbound and outbound already. As far as I konw > there are some other ports for negotiation as well. I opened those up, > too. Connecting to it is not possible. The postgreSQL service is > running on the same machine, so there is no other machine I could try > to connect from. There are no other negotiation ports in PostgreSQL. What's the exact error message you're getting? -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc.
----- Original Message ----- From: "Konsta Tiihonen" <konsta@gmx.net> To: <pgsql-general@postgresql.org> Sent: Friday, May 23, 2008 5:29 AM Subject: Re: [GENERAL] F-Secure and PostgreSQL > >> Konsta Tiihonen wrote: >> > Hi, >> > >> > after some research a month ago I found out that there is some issue >> > between the software F-secure Internet Security (2006, 2007, 2008) >> > and the Windows version of postgreSQL. I cannot connect to >> > postgreSQL. >> >> You probably need to check the F-Secure manual for details, but >> presumably you need to stop the firewall from blocking port 5432 (which >> is what PostgreSQL uses). >> >> Can you connect from the maching PostgreSQL is installed on? It would be >> unusual if the firewall is blocking localhost. >> >> Oh, and you'll want to make sure the anti-virus scanner isn't scanning >> the database folder too. There have been cases where av scanners >> interfere with the database. > > I opened the port 5432 inbound and outbound already. As far as I konw > there are some other ports for negotiation as well. I opened those up, > too. Connecting to it is not possible. The postgreSQL service is running > on the same machine, so there is no other machine I could try to connect > from. > > I will give 'not scanning the directory' a shot. > > Is there somebody else who is running F-Secure and postgreSQL on a Windows > PC or am I the only person with this setting? > I was able to get PostgeSQL working with F-Secure on Windows XP, but it was INCREDIBLY slow. I was not able to resolve the problem even with the assistance of my ISP tech support staff who supplies F-Secure as part of my internet service package. Turning off the F-Secure service (all components) did NOT speed things up. PostgreSQL only returned to normal when the F-Secure software was totally uninstalled. I installed and uninstalled F-Secure several times to duplicate the problem. I finally gave up and installed Norton Internet Security 2008 and everything ran normally with no special configuration required. George > Best regards, > > Konsta Tiihonen > > -- > Sent via pgsql-general mailing list (pgsql-general@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-general >