XP SP2 Firewall security breach

Discussion in 'Computer Security' started by John Jones, Nov 11, 2004.

  1. John Jones

    John Jones Guest

    Came across this today, can't believe what I'm reading, but it seems
    microsoft have put in a backdoor to the XP SP2 Firewall! check out this link

    http://www.cebrasoft.com/FWMonitor
    John Jones, Nov 11, 2004
    #1
    1. Advertising

  2. Does this work if you run this under a restricted user? I don't have XP here
    so I can't test it. It seems to be only exploitable internally so you have
    to get software on your computer that will abuse this first.

    If you do all your work from an account with administrator privileges (the
    default account has them) then nothing you do can protect you from malicious
    programs already on your computer. They can do anything if they run under
    these accounts, from altering the firewall to formatting the hard drive. It
    is far more secure to have an admin account but do your everyday work from
    an account with only the privileges that you need.

    To do this, add a new user from the control panel and don't have it set to
    "Administrator". Give the user access to everything they need, and after
    that only use the admin account for changing settings and installing new
    software.

    If you do that and stick with it, you will gain a great boost (although
    nowhere near complete security, nothing is completely secure) in your
    protection against malicious code of all sorts including viruses, worms,
    trojans and the like.

    If you don't want to go through all that, the applet they offer there looks
    like it might be helpful.

    P.S. It isn't really a 'back door'. It's more an issue of not forcing people
    to use secure methods and then assuming that they will behave
    security-consciously anyway. I haven't read the XP manual or anything but
    Microsoft don't exactly go out of their way to warn people of the dangers of
    using admin accounts on a daily basis.

    "John Jones" <> wrote in message
    news:ylPkd.150$...
    > Came across this today, can't believe what I'm reading, but it seems
    > microsoft have put in a backdoor to the XP SP2 Firewall! check out this

    link
    >
    > http://www.cebrasoft.com/FWMonitor
    >
    >
    >
    Timothy Goddard, Nov 11, 2004
    #2
    1. Advertising

  3. John Jones

    Leythos Guest

    In article <ylPkd.150$>,
    says...
    > Came across this today, can't believe what I'm reading, but it seems
    > microsoft have put in a backdoor to the XP SP2 Firewall! check out this link
    >
    > http://www.cebrasoft.com/FWMonitor


    So, you're spamming the internet with your sales ad?

    "We are offering this product for a small donation $2 (L$1.20). We do
    this only to cover our costs and we will provide any subsequent versions
    to you free of charge."


    --
    --

    (Remove 999 to reply to me)
    Leythos, Nov 11, 2004
    #3
  4. John Jones

    David Shaw Guest

    It doesn't seem like that big of a deal to me. Any program can do that
    to any firewall- it's how worms kill unpatched firewalls and
    antiviruses. It doesn't quite seem a "Microsoft placed backdoor" to
    me.

    - ds
    David Shaw, Nov 11, 2004
    #4
  5. John Jones

    John Jones Guest

    So if someone asks for your opinion on an article that happens to include a
    link to a product its spam?

    Next time I wont bother asking the groups advice.

    "Leythos" <> wrote in message
    news:...
    > In article <ylPkd.150$>,
    > says...
    >> Came across this today, can't believe what I'm reading, but it seems
    >> microsoft have put in a backdoor to the XP SP2 Firewall! check out this
    >> link
    >>
    >> http://www.cebrasoft.com/FWMonitor

    >
    > So, you're spamming the internet with your sales ad?
    >
    > "We are offering this product for a small donation $2 (L$1.20). We do
    > this only to cover our costs and we will provide any subsequent versions
    > to you free of charge."
    >
    >
    > --
    > --
    >
    > (Remove 999 to reply to me)
    John Jones, Nov 12, 2004
    #5
  6. John Jones

    Leythos Guest

    In article <JtZkd.6$>,
    says...
    > So if someone asks for your opinion on an article that happens to include a
    > link to a product its spam?
    >
    > Next time I wont bother asking the groups advice.
    >
    > "Leythos" <> wrote in message
    > news:...
    > > In article <ylPkd.150$>,
    > > says...
    > >> Came across this today, can't believe what I'm reading, but it seems
    > >> microsoft have put in a backdoor to the XP SP2 Firewall! check out this
    > >> link
    > >>
    > >> http://www.cebrasoft.com/FWMonitor

    > >
    > > So, you're spamming the internet with your sales ad?
    > >
    > > "We are offering this product for a small donation $2 (L$1.20). We do
    > > this only to cover our costs and we will provide any subsequent versions
    > > to you free of charge."


    You posted, without properly cross posting, your same question to
    several groups, and it appeared to me (and I've made mistakes before)
    that, once I got to the end of the article, that it was spam. If I made
    a mistake please accept my apology, but it looked like spam to me, which
    is typical of hotmail and yahoo account posters.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Nov 12, 2004
    #6
  7. John Jones

    John Jones Guest

    "Leythos" <> wrote in message
    news:...
    > In article <JtZkd.6$>,
    > says...
    >> So if someone asks for your opinion on an article that happens to include
    >> a
    >> link to a product its spam?
    >>
    >> Next time I wont bother asking the groups advice.
    >>
    >> "Leythos" <> wrote in message
    >> news:...
    >> > In article <ylPkd.150$>,
    >> > says...
    >> >> Came across this today, can't believe what I'm reading, but it seems
    >> >> microsoft have put in a backdoor to the XP SP2 Firewall! check out
    >> >> this
    >> >> link
    >> >>
    >> >> http://www.cebrasoft.com/FWMonitor
    >> >
    >> > So, you're spamming the internet with your sales ad?
    >> >
    >> > "We are offering this product for a small donation $2 (L$1.20). We do
    >> > this only to cover our costs and we will provide any subsequent
    >> > versions
    >> > to you free of charge."

    >
    > You posted, without properly cross posting, your same question to
    > several groups, and it appeared to me (and I've made mistakes before)
    > that, once I got to the end of the article, that it was spam. If I made
    > a mistake please accept my apology, but it looked like spam to me, which
    > is typical of hotmail and yahoo account posters.
    >
    > --
    > --
    >
    > (Remove 999 to reply to me)
    John Jones, Nov 12, 2004
    #7
  8. John Jones

    John Jones Guest

    I am genuinely concerned and interested by this. I have posted to quite a
    few groups because from what I have read this is an issue that people need
    to be aware of.

    OK so there is a link for a product at the end but the article seems to do
    a good job of showing an issue in the firewall.






    "Leythos" <> wrote in message
    news:...
    > In article <JtZkd.6$>,
    > says...
    >> So if someone asks for your opinion on an article that happens to include
    >> a
    >> link to a product its spam?
    >>
    >> Next time I wont bother asking the groups advice.
    >>
    >> "Leythos" <> wrote in message
    >> news:...
    >> > In article <ylPkd.150$>,
    >> > says...
    >> >> Came across this today, can't believe what I'm reading, but it seems
    >> >> microsoft have put in a backdoor to the XP SP2 Firewall! check out
    >> >> this
    >> >> link
    >> >>
    >> >> http://www.cebrasoft.com/FWMonitor
    >> >
    >> > So, you're spamming the internet with your sales ad?
    >> >
    >> > "We are offering this product for a small donation $2 (L$1.20). We do
    >> > this only to cover our costs and we will provide any subsequent
    >> > versions
    >> > to you free of charge."

    >
    > You posted, without properly cross posting, your same question to
    > several groups, and it appeared to me (and I've made mistakes before)
    > that, once I got to the end of the article, that it was spam. If I made
    > a mistake please accept my apology, but it looked like spam to me, which
    > is typical of hotmail and yahoo account posters.
    >
    > --
    > --
    >
    > (Remove 999 to reply to me)
    John Jones, Nov 12, 2004
    #8
  9. John Jones

    Leythos Guest

    In article <IT1ld.62$>,
    says...
    > OK so there is a link for a product at the end but the article seems to do
    > a good job of showing an issue in the firewall.


    The problem is, as many have already posted, is that you can compromise
    any machine, when running as ROOT or Administrator, from the inside. A
    firewall, even is not much help when the users don't know enough about
    it or to not configure it.

    The real problem is not the firewall, it's Users not knowing enough
    about the computers, not reading any of the recommendations, not wanting
    to be inconvenienced by learning about the expensive toy they bought.

    I have a mother-inlaw that was getting her machine compromised every
    month, not one I had setup, I rebuilt it, set her up as a User, with
    elevated rights for running Quicken (since it won't run as a user
    account), and installed FireFox browser. She's been trouble free since,
    still uses IE for POGO games, and bi-monthly scans indicate she's
    virus/spyware free. Oh, the Windows Firewall is disabled on her
    computer, but she sits behind a Linksys BEFSR41 router with no inbound
    ports forwarded to her system.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Nov 12, 2004
    #9
  10. John Jones

    John Jones Guest

    The issue for me is though what this article says.....its the fact that MS
    tell you their firewall is secure and blatantly state that if a program runs
    a server process you get notified. This article shows this is not the case.

    Most users go with MS settings, runnig as admin etc. and do (foolishly)
    trust Microsoft. Microsoft need to make better recommendations.....


    "Leythos" <> wrote in message
    news:...
    > In article <IT1ld.62$>,
    > says...
    >> OK so there is a link for a product at the end but the article seems to
    >> do
    >> a good job of showing an issue in the firewall.

    >
    > The problem is, as many have already posted, is that you can compromise
    > any machine, when running as ROOT or Administrator, from the inside. A
    > firewall, even is not much help when the users don't know enough about
    > it or to not configure it.
    >
    > The real problem is not the firewall, it's Users not knowing enough
    > about the computers, not reading any of the recommendations, not wanting
    > to be inconvenienced by learning about the expensive toy they bought.
    >
    > I have a mother-inlaw that was getting her machine compromised every
    > month, not one I had setup, I rebuilt it, set her up as a User, with
    > elevated rights for running Quicken (since it won't run as a user
    > account), and installed FireFox browser. She's been trouble free since,
    > still uses IE for POGO games, and bi-monthly scans indicate she's
    > virus/spyware free. Oh, the Windows Firewall is disabled on her
    > computer, but she sits behind a Linksys BEFSR41 router with no inbound
    > ports forwarded to her system.
    >
    > --
    > --
    >
    > (Remove 999 to reply to me)
    John Jones, Nov 12, 2004
    #10
  11. John Jones

    Pete Guest

    On 2004-11-11, David Shaw <> wrote:
    > It doesn't seem like that big of a deal to me. Any program can do that
    > to any firewall- it's how worms kill unpatched firewalls and
    > antiviruses. It doesn't quite seem a "Microsoft placed backdoor" to
    > me.



    I'm glad the OP made that post. It was interesting to me and brought something
    to my attention that I'd otherwise not have known about. The inclusion of a URL
    to a product (in this case) can be called spam, but I think given the usefulness
    of the post, that can be waived. Compared to 'Your Data Is At Risk'(or similar) posts
    on here recently, which are blatant spam, I think *that's* not too big a deal, not
    the topic in question.

    What I've read in replies to the OP's article makes sense though. A lot of
    problems concerning security on *any* machine can be mitigated by not always
    running as root/Administrator. I totally agree with that, and practise that
    religiously. However, this is an 'ideal', and people being people, won't if
    ever, follow that ideal, if it means more inconvenience together with actually
    accepting the fact that a little paranoia is not necessarily a bad thing.

    Regards,

    Pete.
    Pete, Nov 12, 2004
    #11
  12. John Jones

    srm Guest

    Leythos wrote:
    > she sits behind a Linksys BEFSR41 router


    How does she reach the keyboard from there? ;-)

    --
    @+
    srm, Nov 12, 2004
    #12
  13. John Jones

    IPGrunt Guest

    "John Jones" <> confessed in news:3c3ld.353$dO6.244
    @newsfe6-gui.ntli.net:

    > The issue for me is though what this article says.....its the fact that

    MS
    > tell you their firewall is secure and blatantly state that if a program

    runs
    > a server process you get notified. This article shows this is not the

    case.
    >
    > Most users go with MS settings, runnig as admin etc. and do (foolishly)
    > trust Microsoft. Microsoft need to make better recommendations.....
    >
    >
    > "Leythos" <> wrote in message
    > news:...
    >> In article <IT1ld.62$>,
    >> says...
    >>> OK so there is a link for a product at the end but the article seems

    to
    >>> do
    >>> a good job of showing an issue in the firewall.

    >>
    >> The problem is, as many have already posted, is that you can compromise
    >> any machine, when running as ROOT or Administrator, from the inside. A
    >> firewall, even is not much help when the users don't know enough about
    >> it or to not configure it.
    >>
    >> The real problem is not the firewall, it's Users not knowing enough
    >> about the computers, not reading any of the recommendations, not wanting
    >> to be inconvenienced by learning about the expensive toy they bought.
    >>
    >> I have a mother-inlaw that was getting her machine compromised every
    >> month, not one I had setup, I rebuilt it, set her up as a User, with
    >> elevated rights for running Quicken (since it won't run as a user
    >> account), and installed FireFox browser. She's been trouble free since,
    >> still uses IE for POGO games, and bi-monthly scans indicate she's
    >> virus/spyware free. Oh, the Windows Firewall is disabled on her
    >> computer, but she sits behind a Linksys BEFSR41 router with no inbound
    >> ports forwarded to her system.
    >>
    >> --
    >> --
    >>
    >> (Remove 999 to reply to me)

    >
    >



    John,

    Kudos. You did not spam the group, but simply provided a link to
    information that you (correctly) thought to be important.

    I don't use any so-called "software firewall" on my base systems as I find
    the term to be somewhat of an oxymoron, (though I do use one on my laptops,
    more as an IDS and not strictly for protection.)

    But, when I get a little time, I'm going to explore this issue vis-a-vis
    the Windows Group Policy settings to see if there's any way to limit this
    interface to administrators only, or to disable it alltogether in utility.
    If I find this to be true, I'll post the answer here.

    Thanks for sharing this information.

    -- ipgrunt
    IPGrunt, Nov 12, 2004
    #13
  14. John Jones

    Leythos Guest

    In article <>, says...
    > Leythos wrote:
    > > she sits behind a Linksys BEFSR41 router

    >
    > How does she reach the keyboard from there? ;-)


    I didn't stay she could reach the keyboard, how do you think I've been
    able to keep her machine bug free - we removed her artificial arms and
    duct taped them to the ceiling fan.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Nov 12, 2004
    #14
  15. John Jones

    David Shaw Guest

    I didn't mean to imply that the OP was spamming the group, simply that
    this doesn't seem to be breaking news. Overriding a firewall really
    just isn't that hard, that's all.

    - ds
    David Shaw, Nov 13, 2004
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?QUtBIFNwYXdu?=

    Security Breach

    =?Utf-8?B?QUtBIFNwYXdu?=, Aug 12, 2005, in forum: Wireless Networking
    Replies:
    6
    Views:
    624
  2. Brenda

    security breach?

    Brenda, Apr 23, 2004, in forum: Cisco
    Replies:
    2
    Views:
    423
  3. John

    XP SP2 Firewall security breach

    John , Nov 13, 2004, in forum: Computer Security
    Replies:
    1
    Views:
    448
    Moe Trin
    Nov 14, 2004
  4. Imhotep
    Replies:
    8
    Views:
    451
    Winged
    Aug 16, 2005
  5. Au79
    Replies:
    8
    Views:
    335
    Fuzzy Logic
    Jan 12, 2006
Loading...

Share This Page