BugTraq
Windows Firewall Has A Backdoor Feb 19 2005 08:52PM
Jay Calvert (jcalvert habaneronetworks com) (3 replies)
Re: Windows Firewall Has A Backdoor Feb 21 2005 08:42PM
Chris Wysopal (weld vulnwatch org)
Re: Windows Firewall Has A Backdoor Feb 21 2005 07:22PM
Thor (Hammer of God) (thor hammerofgod com)
You say (or the article does) that "If you are currently using Window's own
firewall to protect you, either ensure that there are no unknown exceptions
or find a better firewall."

Finding a better firewall does absolutely nothing when, as the article
states, "As long as the person currently logged into the computer has
Administrative privileges, an application can easily add an entry into the
HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/Au
thorizedApplications/List/
key that will allow any application full rights to and from the computer
without the user's interaction or knowledge."

I've said it a million times-- any text following the words "as long as
you're an admin" might as well be "blah, blah, blah."

Don't run as admin. Oh, I know, here come the "some applications require
admin" responses, but the reality is that most applications can be made to
work perfectly well under a normal user account with the right permission
configurations. Those that can't can easily use "RunAs."

Yes, some users have never heard of "RunAs." Why? Because articles like
this end with "find a better firewall" when they should end with something
that helps educate the reader that running as Admin is dangerous, and that
other methods exist to easily obviate exceptions.

I have over 130 users at my company that run all manner of software, and not
one of them has administrative permissions. Not one. And they don't even
know it.

That's the skinny on that.
t

----- Original Message -----
From: "Jay Calvert" <jcalvert (at) habaneronetworks (dot) com [email concealed]>
To: <bugtraq (at) securityfocus (dot) com [email concealed]>
Sent: Saturday, February 19, 2005 12:52 PM
Subject: Windows Firewall Has A Backdoor

>
>
> By adding a new key to the registry in
> HKEY_LOCAL_MACHINE/SYSTEM/Services/SharedAccess/Parameters/FirewallPolic
y/StandardProfile/AuthorizedApplications/List
> you can circumvent the whole purpose of the firewall with out the users
> interaction or knowledge. Spyware / Adware manufacturer's are already do
> this.
>
> More information and a little rant at:
> http://habaneronetworks.com/viewArticle.php?ID=144
>
>
> --
> Jay Calvert
> HabaneroNetworks.com
>
>

[ reply ]
RE: Windows Firewall Has A Backdoor Feb 21 2005 06:53PM
Chris Goodwin (chris goodwin epicenterprises com)


 

Privacy Statement
Copyright 2010, SecurityFocus