Disabling Firewall Possible ?

Discussion in 'Computer Security' started by Raw Sex, Jan 15, 2004.

  1. Raw Sex

    Raw Sex Guest

    Hello,

    I've set an administrator password on my Kerio Personal Firewall 2.1.5. I've
    heard that some 'malicious' code, be they viruses or trojans, can disable a
    firewall.

    When I try and shutdown the firewall manually, I'm asked for the password.
    Failure to input the correct password results in the firewall program
    remaining active.

    Would a virus or trojan have the same problem ? Or do they use some 'system
    call' to stop the service and so make the password entering redundant ? I
    don't know if 'system call' is the right phrase, sorry.

    Egrads,

    Pete.
     
    Raw Sex, Jan 15, 2004
    #1
    1. Advertisements

  2. Raw Sex

    sponge Guest

    A system call can do it. The password is mainly to prevent an
    unauthorized employee, spouse, kids, etc. from shutting it down. There
    is malware that can do this although it is not terribly common;
    Mosucker supposedly will target well-known firewall and anti-virus
    applications.

    Various firewalls and other security applications have methods of
    dealing with this, from hooking the calls and APIs used to terminate
    processes and threads to more exotic measures.

    FWIW, I have examined and deliberately run a lot of malware, and never
    had one kill the firewall. KPF2 is slighly off the beaten path anyway.
    Frankly, since most people use Windows and most Windows users use
    Internet Explorer, which is a giant open door onto Windows systems,
    nuking the firewall is largely unnecessary.

    Sponge
    Sponge's Secure Solutions
    www.geocities.com/yosponge
    My new email: yosponge2 et yahoo dot com
     
    sponge, Jan 16, 2004
    #2
    1. Advertisements

  3. Raw Sex

    Raw Sex Guest

    On 15 Jan 2004 17:43:52 -0800, whilst in NewsFroup alt.computer.security,
    (sponge) articulated the following sentiments :

    Many thanks Sponge for the information.

    Egrads,

    Pete.
     
    Raw Sex, Jan 16, 2004
    #3
  4. There are a slew of infectors that can disable AV software and FireWall software. Over the
    past year this has become almost a standard to be performed by an infector.

    Some examples...
    W32/[email protected] - http://vil.nai.com/vil/content/v_99199.htm
    W32/AceBot.worm - http://vil.nai.com/vil/content/v_99402.htm
    W32/[email protected] - http://vil.nai.com/vil/content/v_99918.htm
    W32/[email protected] - http://vil.nai.com/vil/content/v_100207.htm

    Dave



    | Hello,
    |
    | I've set an administrator password on my Kerio Personal Firewall 2.1.5. I've
    | heard that some 'malicious' code, be they viruses or trojans, can disable a
    | firewall.
    |
    | When I try and shutdown the firewall manually, I'm asked for the password.
    | Failure to input the correct password results in the firewall program
    | remaining active.
    |
    | Would a virus or trojan have the same problem ? Or do they use some 'system
    | call' to stop the service and so make the password entering redundant ? I
    | don't know if 'system call' is the right phrase, sorry.
    |
    | Egrads,
    |
    | Pete.
    |
     
    David H. Lipman, Jan 18, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.