Re: Best Free Firewall Virus
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Best Free Firewall Virus

From: Volker Birk <bumens@dingens.org>
Date: Mon Jan 30 2006 - 09:03:04 CET



Robert <noone@noplace.nowhere> wrote:


> > I also recommend a software firewall on each machine to control 


> > outgoing traffic.  I'm looking for a current recommendation. 


> BINGO!  A lot of people overlook this point.



With Windows this will never work. If the user has one single application


or component, which is able to access the Internet, any other application


or component can use this one to help it out.



This is because Windows has so many possibilities for IPC and component-


ware, which have no security system at all.



This code shows as an example, how to use Windows' message system to


ignore any "Personal Firewall" by communicating with the web browser:



http://www.dingens.org/breakout-en.c (for Internet Explorer)


http://www.dingens.org/breakout-mozilla-firefox.c (for version 1.0.x)



Even if a manufacturer of "Personal Firewalls" is implementing a 


security system for Windows messages, then an attacker can use any other


possibility for IPC without security, for example COM. Because Zone Labs


tried to implement such a security system for Windows messages, I showed


example code, how to circumvent this useless trial again. In my sample


I'm using COM to ActiveDesktop - but you can easily modify this code for


using COM to any other application or component, too, which can communi-


cate. You'll find this PoC code here:



http://www.dingens.org/breakout-wp.cpp



Because it is so easy to ignore all "outgoing traffic filters" on Windows,


I don't think that it is a sensible effort to try.



Microsoft agree to my sight of these things, BTW. Here they're writing:



http://support.microsoft.com/default.aspx?scid=kb;en-us;327618


| For the Windows user interface, the desktop is the security boundary. Any 


| application that is running on the interactive desktop can interact with any 


| window that is on the interactive desktop, even if that window is not 


| displayed on the desktop. This behavior is true for every application, 


| regardless of the security context of the application that creates the 


| window and regardless of the security context of the application that is 


| running on the desktop.



Yours,


VB.



-- 
Netzwerkgrundlagen anhand Windows lernen zu wollen ist doch wie seine
ersten sexuellen Erfahrungen mit einer Prostituierten zu sammlen: Die
Leidenschaft fehlt, das wirklich Wichtige lernt man dabei nicht, und die
Chance sich einen Schädling einzufangen ist hoch. (Lukas Graf in d.c.s.m)


Received on Tue Feb  7 20:58:22 2006