Re: Windows Firewall Has A Backdoor
From: Michael J. Pelletier (mjpelletier_at_mjpelletier.com)
Date: Sun, 20 Feb 2005 21:28:09 -0800
> In message <MPG.firstname.lastname@example.org> Far Canal
> <email@example.com> wrote:
>>Jay Calvert wrote
>>> Did you know that programs on your computer can write their own rules
>>> for your firewall. This makes it pretty convenient for spyware, doesn't
>>>From elsewhere -
>>Nope, it's by design. The M$ developer notes specify it as a
>>method to add programs to the exception rules, originally
>>intended for on-line games to add themselves and avoid the hassle
>>of the technically illiterate having their PC get stuck in black
>>screen mode during on-line game start up (because any game that
>>utilises OpenGL or DirectX full screen mode will 'hide' the pop-
>>up message asking for access permission).
>>The guys on the M$ developer forums were discussing this some
>>time back in an effort to have M$ remove this 'feature' but
>>didn't get very far. The only suggestion that came back was to
>>use a program to monitor changes to the registry, such as SpyBot
>>Resident that intercepts all registry changes and asks for
>>If you have a newer version of eMule it has an option to open
>>ports on the firewall automatically when it starts and close them
>>when it ends.
> More importantly, Windows Firewall only firewalls inbound connections --
> Malware can already connect out, so there is little harm in allowing
> inbound connections anyway.
Ah then what is the point?
> You're ALREADY COMPROMISED by the time that this "exploit" (if you call
> it that) could possibly be invoked.