Bugtraq mailing list archives
Re: Windows Firewall Has A Backdoor
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Mon, 21 Feb 2005 11:22:42 -0800
You say (or the article does) that "If you are currently using Window's own firewall to protect you, either ensure that there are no unknown exceptions or find a better firewall."
Finding a better firewall does absolutely nothing when, as the article states, "As long as the person currently logged into the computer has Administrative privileges, an application can easily add an entry into the HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/AuthorizedApplications/List/ key that will allow any application full rights to and from the computer without the user's interaction or knowledge."
I've said it a million times-- any text following the words "as long as you're an admin" might as well be "blah, blah, blah."
Don't run as admin. Oh, I know, here come the "some applications require admin" responses, but the reality is that most applications can be made to work perfectly well under a normal user account with the right permission configurations. Those that can't can easily use "RunAs."
Yes, some users have never heard of "RunAs." Why? Because articles like this end with "find a better firewall" when they should end with something that helps educate the reader that running as Admin is dangerous, and that other methods exist to easily obviate exceptions.
I have over 130 users at my company that run all manner of software, and not one of them has administrative permissions. Not one. And they don't even know it.
That's the skinny on that. t----- Original Message ----- From: "Jay Calvert" <jcalvert () habaneronetworks com>
To: <bugtraq () securityfocus com> Sent: Saturday, February 19, 2005 12:52 PM Subject: Windows Firewall Has A Backdoor
By adding a new key to the registry in HKEY_LOCAL_MACHINE/SYSTEM/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/AuthorizedApplications/List you can circumvent the whole purpose of the firewall with out the users interaction or knowledge. Spyware / Adware manufacturer's are already do this.More information and a little rant at: http://habaneronetworks.com/viewArticle.php?ID=144 -- Jay Calvert HabaneroNetworks.com
Current thread:
- Windows Firewall Has A Backdoor Jay Calvert (Feb 21)
- Re: Windows Firewall Has A Backdoor Chris Wysopal (Feb 21)
- RE: Windows Firewall Has A Backdoor Chris Goodwin (Feb 21)
- Re: Windows Firewall Has A Backdoor Thor (Hammer of God) (Feb 22)
- <Possible follow-ups>
- RE: Windows Firewall Has A Backdoor Thor Larholm (Feb 22)