Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Windows Firewall Has A Backdoor

from [Chris Wysopal] Network Security [Permanent Link]
Subject: Re: Windows Firewall Has A Backdoor
Date: Mon, 21 Feb 2005 15:42:08 -0500 (EST) 


On Sat, 19 Feb 2005, Jay Calvert wrote:




By adding a new key to the registry in
HKEY_LOCAL_MACHINE/SYSTEM/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/AuthorizedApplications/List
you can circumvent the whole purpose of the firewall with out the users
interaction or knowledge.  Spyware / Adware manufacturer's are already
do this.


This is not a backdoor or vulnerability. The default permissions on this
key are Full Control for SYSTEM and Administrators and Read for Users.
The Administrator should be able to configure the firewall to allow
programs to connect outbound.

The security problem that has created the spyware malaise on Windows is
the default Windows installation for home users, which creates the user's
named account in the Administrators group.  When this account is used to
browse the internet there is no protection to prevent spyware/malware from
bypassing security mechanisms, such as the XP SP2 firewall, by exploiting
vulnerabilities or tricking the user.

The advent of spyware/malware using NT rootkit technology to hide from AV
and Anti-spyware programs will force Microsoft to change to an
installation where there are 2 accounts, one for administration and a
low permission one for browsing the internet. This has been the standard
for Linux and OS X for years.

-Chris
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Joint encryption?, Ruud H.G. van Tol
Next by Date:  Re: SHA-1 broken, Damian Menscher
Previous by Thread:  Windows Firewall Has A Backdoor, Jay Calvert
Next by Thread:  RE: Windows Firewall Has A Backdoor, Chris Goodwin
Indexes:  [Date] [Thread] [Top] [All Lists]