funsec mailing list archives
RE: Windows Vista Firewall: No Outbound Filtering By Default
From: Blanchard_Michael () emc com
Date: Wed, 26 Apr 2006 12:40:03 -0400
Oh, got an idea :-) Using the signed application deal sounds good, and can be used for automatic opening perhaps. But, for those that aren't signed, and the user is asked do you want to open this port? There should be a link on that request, that goes out to a Microsoft site (perhaps?) that explains what this program is/does/etc. A "What is this program?" link, then on that page there is the "open this port" button. Any program that pops up and doesn't have a description, the general user should be warned that it could be a virus, etc. Of course, Microsoft would have to keep that web site as up to date as possible. This would also be a great resource for us to look up unknown processes :-) Mike B Michael P. Blanchard Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of warkda rrior Sent: Wednesday, April 26, 2006 12:09 PM To: funsec () linuxbox org Subject: RE: [funsec] Windows Vista Firewall: No Outbound Filtering By Default Michael P. Blanchard wrote:
Now if any product installed on vista would be able
to
open up their own ports, with user's permission (and perhaps user's password?), then Microsoft could probably ship with all ports turned off in/out.
This would work quite nicely for (not against!) a virus/bot/spyware, given that users tend to click OK/Yes/Allow almost automatically. "The application Mydoom.Internet_helper is trying to open an Internet connection. Allow? Y|N" Then the outgoing firewall is useless. I wonder whether Microsoft could use signed binaries to allow known third party applications to open ports automatically. Something as follows: vendor X has a new version of application Y. Vendor X provides Y to Microsoft, together with a list of desired ports. Microsoft signs app Y or attaches a certificate saying this app can open certain ports. Vendor X distributes certified app Y. Then Vista firewall could check the app binary: if MS signature/certificate present and valid, then ports are opened automatically. Otherwise prompt the user. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Windows Vista Firewall: No Outbound Filtering By Default Fergie (Apr 26)
- RE: Windows Vista Firewall: No Outbound Filtering By Default Blanchard_Michael (Apr 26)
- RE: Windows Vista Firewall: No Outbound Filtering By Default Larry Seltzer (Apr 26)
- <Possible follow-ups>
- RE: Windows Vista Firewall: No Outbound Filtering By Default Brian Azzopardi (Apr 26)
- RE: Windows Vista Firewall: No Outbound Filtering By Default Larry Seltzer (Apr 26)
- RE: Windows Vista Firewall: No Outbound Filtering By Default warkda rrior (Apr 26)
- RE: Windows Vista Firewall: No Outbound Filtering By Default Blanchard_Michael (Apr 26)
- RE: Windows Vista Firewall: No Outbound Filtering By Default Krpata, Tyler (Apr 26)