Re: Windows Firewall Has A Backdoor
You say (or the article does) that "If you are currently using Window's own
firewall to protect you, either ensure that there are no unknown exceptions
or find a better firewall."
Finding a better firewall does absolutely nothing when, as the article
states, "As long as the person currently logged into the computer has
Administrative privileges, an application can easily add an entry into the
HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/AuthorizedApplications/List/
key that will allow any application full rights to and from the computer
without the user's interaction or knowledge."
I've said it a million times-- any text following the words "as long as
you're an admin" might as well be "blah, blah, blah."
Don't run as admin. Oh, I know, here come the "some applications require
admin" responses, but the reality is that most applications can be made to
work perfectly well under a normal user account with the right permission
configurations. Those that can't can easily use "RunAs."
Yes, some users have never heard of "RunAs." Why? Because articles like
this end with "find a better firewall" when they should end with something
that helps educate the reader that running as Admin is dangerous, and that
other methods exist to easily obviate exceptions.
I have over 130 users at my company that run all manner of software, and not
one of them has administrative permissions. Not one. And they don't even
know it.
That's the skinny on that.
t
----- Original Message -----
From: "Jay Calvert" <jcalvert@xxxxxxxxxxxxxxxxxxxx>
To: <bugtraq@xxxxxxxxxxxxxxxxx>
Sent: Saturday, February 19, 2005 12:52 PM
Subject: Windows Firewall Has A Backdoor
By adding a new key to the registry in
HKEY_LOCAL_MACHINE/SYSTEM/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/AuthorizedApplications/List
you can circumvent the whole purpose of the firewall with out the users
interaction or knowledge. Spyware / Adware manufacturer's are already do
this.
More information and a little rant at:
http://habaneronetworks.com/viewArticle.php?ID=144
--
Jay Calvert
HabaneroNetworks.com