[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Windows Firewall Has A Backdoor

To: "Jay Calvert" <jcalvert@xxxxxxxxxxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: Windows Firewall Has A Backdoor
From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
Date: Mon, 21 Feb 2005 11:22:42 -0800

You say (or the article does) that "If you are currently using Window's own firewall to protect you, either ensure that there are no unknown exceptions or find a better firewall."

Finding a better firewall does absolutely nothing when, as the article states, "As long as the person currently logged into the computer has Administrative privileges, an application can easily add an entry into the HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/AuthorizedApplications/List/ key that will allow any application full rights to and from the computer without the user's interaction or knowledge."

I've said it a million times-- any text following the words "as long as you're an admin" might as well be "blah, blah, blah."

Don't run as admin. Oh, I know, here come the "some applications require admin" responses, but the reality is that most applications can be made to work perfectly well under a normal user account with the right permission configurations. Those that can't can easily use "RunAs."

Yes, some users have never heard of "RunAs." Why? Because articles like this end with "find a better firewall" when they should end with something that helps educate the reader that running as Admin is dangerous, and that other methods exist to easily obviate exceptions.

I have over 130 users at my company that run all manner of software, and not one of them has administrative permissions. Not one. And they don't even know it.

That's the skinny on that.
t

----- Original Message ----- From: "Jay Calvert" <jcalvert@xxxxxxxxxxxxxxxxxxxx> To: <bugtraq@xxxxxxxxxxxxxxxxx> Sent: Saturday, February 19, 2005 12:52 PM Subject: Windows Firewall Has A Backdoor

By adding a new key to the registry in HKEY_LOCAL_MACHINE/SYSTEM/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/AuthorizedApplications/List you can circumvent the whole purpose of the firewall with out the users interaction or knowledge. Spyware / Adware manufacturer's are already do this.
More information and a little rant at:
http://habaneronetworks.com/viewArticle.php?ID=144
--
Jay Calvert
HabaneroNetworks.com

References:
- Windows Firewall Has A Backdoor
  - From: Jay Calvert

Prev by Date: [NOBYTES.COM: #5] iGeneric eShop 1.2 - Information Disclosure & Possible SQL Injection
Next by Date: RE: Windows Firewall Has A Backdoor
Previous by thread: RE: Windows Firewall Has A Backdoor
Next by thread: RE: Windows Firewall Has A Backdoor
Index(es):
- Date
- Thread