Disabling Firewall Possible ?

Discussion in 'Computer Security' started by Raw Sex, Jan 15, 2004.

  1. Raw Sex

    Raw Sex Guest

    Hello,

    I've set an administrator password on my Kerio Personal Firewall 2.1.5. I've
    heard that some 'malicious' code, be they viruses or trojans, can disable a
    firewall.

    When I try and shutdown the firewall manually, I'm asked for the password.
    Failure to input the correct password results in the firewall program
    remaining active.

    Would a virus or trojan have the same problem ? Or do they use some 'system
    call' to stop the service and so make the password entering redundant ? I
    don't know if 'system call' is the right phrase, sorry.

    Egrads,

    Pete.
     
    Raw Sex, Jan 15, 2004
    #1
    1. Advertising

  2. Raw Sex

    sponge Guest

    On Thu, 15 Jan 2004 17:44:04 +0000, Raw Sex
    <> wrote:

    >Hello,
    >
    >I've set an administrator password on my Kerio Personal Firewall

    2.1.5. I've
    >heard that some 'malicious' code, be they viruses or trojans, can

    disable a
    >firewall.
    >
    >When I try and shutdown the firewall manually, I'm asked for the

    password.
    >Failure to input the correct password results in the firewall program
    >remaining active.
    >
    >Would a virus or trojan have the same problem ? Or do they use some

    'system
    >call' to stop the service and so make the password entering redundant

    ? I
    >don't know if 'system call' is the right phrase, sorry.
    >
    >Egrads,
    >
    >Pete.


    A system call can do it. The password is mainly to prevent an
    unauthorized employee, spouse, kids, etc. from shutting it down. There
    is malware that can do this although it is not terribly common;
    Mosucker supposedly will target well-known firewall and anti-virus
    applications.

    Various firewalls and other security applications have methods of
    dealing with this, from hooking the calls and APIs used to terminate
    processes and threads to more exotic measures.

    FWIW, I have examined and deliberately run a lot of malware, and never
    had one kill the firewall. KPF2 is slighly off the beaten path anyway.
    Frankly, since most people use Windows and most Windows users use
    Internet Explorer, which is a giant open door onto Windows systems,
    nuking the firewall is largely unnecessary.

    Sponge
    Sponge's Secure Solutions
    www.geocities.com/yosponge
    My new email: yosponge2 et yahoo dot com
     
    sponge, Jan 16, 2004
    #2
    1. Advertising

  3. Raw Sex

    Raw Sex Guest

    On 15 Jan 2004 17:43:52 -0800, whilst in NewsFroup alt.computer.security,
    (sponge) articulated the following sentiments :

    <snip>

    >A system call can do it. The password is mainly to prevent an
    >unauthorized employee, spouse, kids, etc. from shutting it down. There
    >is malware that can do this although it is not terribly common;
    >Mosucker supposedly will target well-known firewall and anti-virus
    >applications.
    >
    >Various firewalls and other security applications have methods of
    >dealing with this, from hooking the calls and APIs used to terminate
    >processes and threads to more exotic measures.
    >
    >FWIW, I have examined and deliberately run a lot of malware, and never
    >had one kill the firewall. KPF2 is slighly off the beaten path anyway.
    >Frankly, since most people use Windows and most Windows users use
    >Internet Explorer, which is a giant open door onto Windows systems,
    >nuking the firewall is largely unnecessary.


    Many thanks Sponge for the information.

    Egrads,

    Pete.
     
    Raw Sex, Jan 16, 2004
    #3
  4. There are a slew of infectors that can disable AV software and FireWall software. Over the
    past year this has become almost a standard to be performed by an infector.

    Some examples...
    W32/Magistr.b@MM - http://vil.nai.com/vil/content/v_99199.htm
    W32/AceBot.worm - http://vil.nai.com/vil/content/v_99402.htm
    W32/Yaha.k@MM - http://vil.nai.com/vil/content/v_99918.htm
    W32/Kindal@MM - http://vil.nai.com/vil/content/v_100207.htm

    Dave



    "Raw Sex" <> wrote in message
    news:...
    | Hello,
    |
    | I've set an administrator password on my Kerio Personal Firewall 2.1.5. I've
    | heard that some 'malicious' code, be they viruses or trojans, can disable a
    | firewall.
    |
    | When I try and shutdown the firewall manually, I'm asked for the password.
    | Failure to input the correct password results in the firewall program
    | remaining active.
    |
    | Would a virus or trojan have the same problem ? Or do they use some 'system
    | call' to stop the service and so make the password entering redundant ? I
    | don't know if 'system call' is the right phrase, sorry.
    |
    | Egrads,
    |
    | Pete.
    |
     
    David H. Lipman, Jan 18, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Geoff

    Disabling XP firewall

    Geoff, Apr 4, 2005, in forum: Wireless Networking
    Replies:
    4
    Views:
    728
    Brian McMullen
    Apr 5, 2005
  2. Anne Heddal
    Replies:
    0
    Views:
    477
    Anne Heddal
    Jan 31, 2004
  3. DAISY

    Temp. Disabling Programs - Is it Possible??

    DAISY, Oct 14, 2003, in forum: Computer Information
    Replies:
    3
    Views:
    791
    DAISY
    Oct 14, 2003
  4. sheila

    Windows firewall disabling its self

    sheila, Nov 9, 2005, in forum: Computer Support
    Replies:
    3
    Views:
    7,575
  5. Jeff G
    Replies:
    2
    Views:
    386
    Duane Arnold
    Feb 10, 2006
Loading...

Share This Page