Security Hole: Windows Internet Connection Firewall

Discussion in 'Computer Security' started by Jay Calvert, Oct 14, 2004.

  1. Jay Calvert

    Jay Calvert Guest

    Jay Calvert, Oct 14, 2004
    #1
    1. Advertising

  2. From the article:

    "Imagine this scenario, your computer is blocked from the Internet with the
    Firewall enabled, hiding you from all the nasties out there. You get an email,
    (which is still allowed through), it contains a virus. The first thing this
    virus does upon execution is disable the firewall. Secondly, it notifies the
    VXer (Virus Writer) that your machine is wide open. They now can get to your
    computer and do with it what they feel like."

    Opinions may vary, but I hardly consider that a hole in the firewall.
    --
    Dave "Crash" Dummy - A weapon of mass destruction
    ?subject=Techtalk (Do not alter!)
    http://lists.gpick.com
    \Crash\ Dummy, Oct 14, 2004
    #2
    1. Advertising

  3. Jay Calvert

    Leythos Guest

    In article <>,
    says...
    > From the article:
    >
    > "Imagine this scenario, your computer is blocked from the Internet with the
    > Firewall enabled, hiding you from all the nasties out there. You get an email,
    > (which is still allowed through), it contains a virus. The first thing this
    > virus does upon execution is disable the firewall. Secondly, it notifies the
    > VXer (Virus Writer) that your machine is wide open. They now can get to your
    > computer and do with it what they feel like."
    >
    > Opinions may vary, but I hardly consider that a hole in the firewall.


    Actually, if the email were to infect you, and you were behind a
    properly configured firewall device, the outbound traffic might not be
    stopped, but they would certainly not find your machine "wide open", in
    fact, if you were behind a firewall device they could not disable it,
    and would only be able to contact your infected computer by having the
    infected computer phone home for instructions. Additionally, even if
    infected, the computer, from behind a firewall device, might not be able
    to do any real harm, since SMTP would be limited to only the ISP/Mail
    Server, file/sharing ports would not be permitted outbound, and only
    simple services like HTTP, HTTPS, DSN requests, etc... would be
    permitted outbound.

    So, even with a simple NAT device, you can thwart many of the
    compromised systems, even block the outbound ports the spread through in
    many cases, and you get to sleep better at night.

    Relying on personal firewall application running on a used machine, one
    where the user interacts with the desktop on a routine bases, is just
    asking for trouble.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Oct 14, 2004
    #3
  4. MS published how to silently disable the firewall for SP2 in their API
    documentation before the service pack was ever released :)

    "Jay Calvert" <> wrote in message
    news:XLCbd.2906$cr4.973@edtnps84...
    > If you are using Microsoft's Built-in Internet Connection Firewall, you
    > might want to read this...
    >
    > http://www.habaneronetworks.com/viewArticle.php3?ID=51
    >
    > --
    > Jay Calvert
    > http://habaneronetworks.com
    >
    >
    >
    John E. Carty, Oct 15, 2004
    #4
  5. Yes. Registry settings and using the SC.EXE command to disable the ICS/ICF Service.

    I used this technique for installing WinXP SP2 because or MIS/IS central office indicated
    the FireWall *must* be disabled.

    Dave



    "John E. Carty" <> wrote in message
    news:...
    | MS published how to silently disable the firewall for SP2 in their API
    | documentation before the service pack was ever released :)
    |
    | "Jay Calvert" <> wrote in message
    | news:XLCbd.2906$cr4.973@edtnps84...
    | > If you are using Microsoft's Built-in Internet Connection Firewall, you
    | > might want to read this...
    | >
    | > http://www.habaneronetworks.com/viewArticle.php3?ID=51
    | >
    | > --
    | > Jay Calvert
    | > http://habaneronetworks.com
    | >
    | >
    | >
    |
    |
    David H. Lipman, Oct 15, 2004
    #5
  6. David Fosdike, Oct 15, 2004
    #6
  7. Jay Calvert

    me Guest

    the article was interesting, but there was one small detail the writer
    failed to point out properly--this concept only works if someone opens an
    email attachment without first taking the necessary precautions to make sure
    it is clean--true there are alot of silly people in the world who don't take
    the time, nor do they consider the consequences of opening email attachments
    without scanning--this is the primary reason virus writers are still active.
    However, anyone with any type of common sense--(1) won't open an attachment
    without first scanning it, (2) won't use a computer without a decent
    firewall, and (3) won't publish the details of their security
    countermeasures. When everyone uses proper countermeasures against these
    virus writers--they will get a real job and stop trying to trash that which
    does not belong to them. Until that day though we will have to continue
    this real life chess game with the virus writers trying to outmaneuver those
    who are engaged in protecting our systems from their scourge.
    "David Fosdike" <> wrote in message
    news:416f11d7$0$41374$...
    > Yet another reason to push the concept of 'security in depth'.
    >
    > David
    >
    > "Jay Calvert" <> wrote in message
    > news:XLCbd.2906$cr4.973@edtnps84...
    > > If you are using Microsoft's Built-in Internet Connection Firewall, you
    > > might want to read this...
    > >
    > > http://www.habaneronetworks.com/viewArticle.php3?ID=51
    > >
    > > --
    > > Jay Calvert
    > > http://habaneronetworks.com
    > >
    > >
    > >

    >
    >
    me, Oct 15, 2004
    #7
  8. "Jay Calvert" <> wrote in message
    news:XLCbd.2906$cr4.973@edtnps84...
    > If you are using Microsoft's Built-in Internet Connection Firewall, you
    > might want to read this...
    >
    > http://www.habaneronetworks.com/viewArticle.php3?ID=51


    This may come as a shock to you, but.. once you have completely compromised
    a machine (your basic assumption), then you can do whatever you like to it.

    Turn it off, for instance.

    Or maybe erase the HDD (as was being done a couple of decades ago)

    Or (assuming that the XP Firewall is pretty much a config GUI for the stuff
    that's been there since NT 3.0 in the early nineties), open a specific port
    that leaves the firewall running but allows access via a Trojan, or similar.

    Running everything on a single box is, by its very nature, a compromise. You
    compromise performance (quite a bit, with certain packages), convenience
    (having to "ZAP" those damn pop-ups ;o), and security.

    It's better than nothing, but not even close to best practise.

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
    Hairy One Kenobi, Oct 15, 2004
    #8
  9. Jay Calvert

    donnie Guest

    On Thu, 14 Oct 2004 20:46:23 -0400, "me" <> wrote:

    >However, anyone with any type of common sense--(1) won't open an attachment
    >without first scanning it,

    ######################
    I would like to take that one step further. There are many malicious
    VB scripts that read a person's address book and send the worm/virus
    to those addresses, one assumes many times that it was sent from a
    friend, so they open it. The only way I open an attachment is if I
    communicate w/ someone and pre-arrange the sending of an attachment.
    My sister clicked on one of those worms and it was sent to my
    brothers, my father and myself. One of my brothers clicked on it and
    was infected. My father who is in his 80s knew better and saved
    himself some trouble. Who said that you can't teach an old dog new
    tricks?
    donnie
    donnie, Oct 15, 2004
    #9
  10. Jay Calvert

    Moe Trin Guest

    In article <R4Fbd.1025$>, me wrote:
    >the article was interesting, but there was one small detail the writer
    >failed to point out properly--this concept only works if someone opens an
    >email attachment without first taking the necessary precautions to make sure
    >it is clean--true there are alot of silly people in the world who don't take
    >the time, nor do they consider the consequences of opening email attachments
    >without scanning--this is the primary reason virus writers are still active.


    Social Engineering - Because there's no patch for human stupidity.

    >However, anyone with any type of common sense--(1) won't open an attachment
    >without first scanning it, (2) won't use a computer without a decent
    >firewall, and (3) won't publish the details of their security
    >countermeasures


    --------------------
    >"I think when people get on the Internet their common
    >sense may be weakened if not suspended."
    > -- Charles Harwood, regional director of the
    > Federal Trade Commission's Seattle office.


    "The Internet is the most powerful stupidity amplifier ever invented.
    It's like television without the television part." -- James "Kibo" Parry
    --------------------

    As to your point three - I'll tell you exactly what my security setup
    for mail is - I don't use a f*cking web browser. I'm really not interested
    in seeing mail with your idea of fonts and colors and pictures. Remember
    the DOS command 'type'? That's pretty close to the capability of the
    tool I use to read mail. The tool that I use to receive mail from the
    POP server automatically deletes HTML mail, mail with ANY attachments,
    and mail in character sets that I don't use. Mail claiming to come from
    friends, but not coming from the mail servers they would use is
    quarantined on the server, and I'm shown only the headers. If I don't
    like what I see, it's gone.

    >When everyone uses proper countermeasures against these virus writers--they
    >will get a real job and stop trying to trash that which does not belong to
    >them.


    You are assuming that writing viruses isn't their real job, and that there
    are other real jobs in their area that they make be capable of doing. Big
    assumptions. Many viruses are just cut-and-paste jobs of existing code
    such as demonstrations, or earlier exploits that Microsoft can be bothered
    fixing until they can sell it as a new version.

    >Until that day though we will have to continue this real life chess game
    >with the virus writers trying to outmaneuver those who are engaged in
    >protecting our systems from their scourge.


    Or you could bite the bullet, and get rid of Outlook Express. Microsoft
    continues to build crap for sheep, because the sheep are stupid enough
    not to demand better. Your choice.

    Old guy
    Moe Trin, Oct 16, 2004
    #10
  11. Jay Calvert <> wrote:

    > If you are using Microsoft's Built-in Internet Connection Firewall, you
    > might want to read this...
    >
    > http://www.habaneronetworks.com/viewArticle.php3?ID=51


    to be fair i don't supose many firewalls will help much once a computer
    is comprimised in my view a good idea for having a router with at the
    very least NAT.

    roger
    Roger Merriman, Oct 17, 2004
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alex Vinokur
    Replies:
    23
    Views:
    936
    Kenneth E. Spress
    Jul 15, 2003
  2. Anonymous

    Windows XP Firewall/Internet Connection Firewall

    Anonymous, Dec 1, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    917
    Anonymous
    Dec 1, 2003
  3. mchiper
    Replies:
    0
    Views:
    409
    mchiper
    Sep 12, 2003
  4. Au79

    Microsoft Internet Explorer Security Hole

    Au79, Sep 25, 2006, in forum: Computer Support
    Replies:
    0
    Views:
    439
  5. Ari
    Replies:
    0
    Views:
    477
Loading...

Share This Page