Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Windows Firewall Has A Backdoor

from [Thor (Hammer of God)] Network Security [Permanent Link]
Subject: Re: Windows Firewall Has A Backdoor
Date: Mon, 21 Feb 2005 11:22:42 -0800
You say (or the article does) that "If you are currently using Window's own firewall to protect you, either ensure that there are no unknown exceptions or find a better firewall."

Finding a better firewall does absolutely nothing when, as the article states, "As long as the person currently logged into the computer has Administrative privileges, an application can easily add an entry into the HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/AuthorizedApplications/List/ key that will allow any application full rights to and from the computer without the user's interaction or knowledge."

I've said it a million times-- any text following the words "as long as you're an admin" might as well be "blah, blah, blah."

Don't run as admin. Oh, I know, here come the "some applications require admin" responses, but the reality is that most applications can be made to work perfectly well under a normal user account with the right permission configurations. Those that can't can easily use "RunAs."

Yes, some users have never heard of "RunAs." Why? Because articles like this end with "find a better firewall" when they should end with something that helps educate the reader that running as Admin is dangerous, and that other methods exist to easily obviate exceptions.

I have over 130 users at my company that run all manner of software, and not one of them has administrative permissions. Not one. And they don't even know it.

That's the skinny on that.
t





----- Original Message ----- From: "Jay Calvert" <jcalvert@habaneronetworks.com>
To: <bugtraq@securityfocus.com>
Sent: Saturday, February 19, 2005 12:52 PM
Subject: Windows Firewall Has A Backdoor




By adding a new key to the registry in HKEY_LOCAL_MACHINE/SYSTEM/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/AuthorizedApplications/List you can circumvent the whole purpose of the firewall with out the users interaction or knowledge. Spyware / Adware manufacturer's are already do this.

More information and a little rant at:
http://habaneronetworks.com/viewArticle.php?ID=144


--
Jay Calvert
HabaneroNetworks.com



[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [NOBYTES.COM: #5] iGeneric eShop 1.2 - Information Disclosure & Possible SQL Injection, John Cobb
Next by Date:  RE: Windows Firewall Has A Backdoor, Thor Larholm
Previous by Thread:  RE: Windows Firewall Has A Backdoor, Chris Goodwin
Next by Thread:  RE: Windows Firewall Has A Backdoor, Thor Larholm
Indexes:  [Date] [Thread] [Top] [All Lists]