Re: Kerio personal firewall 2.1b3 - VXD drivers problem
From: Michael (news_acc[REMOVE)Date: 02/11/02
- Next message: OverByte: "Re: How do I config a router for the LAN side of things."
- Previous message: Kyle Davis: "Re: BlackICE 2.9car bombs on XP...."
- In reply to: Blinky the Shark: "Re: Kerio personal firewall 2.1b3 - VXD drivers problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Michael" <news_acc[REMOVE]@hotmail.com> Date: Mon, 11 Feb 2002 05:15:38 -0000
> > You can disable VxD checking by changing registry key value:
> >
> > HKLM\System\CurrentControlSet\Services\VxD\fwdrv
> > Key: "KernelModuleAuth"
> > From value: 01 00 00 00
> > To value: 00 00 00 00
>
> Are there circumstances in which this needs to be enabled for
> legitimate purposes?
>
I am no expert in this matter but I believe a trojan or any application
using a kernal module (VxD) could bypass the firewall and thereby gain free
access to the network. The checker simply informs the user that an
application is trying to load a VxD. Thus if you were not expecting it you
could stop it. The problem is that it throws up alot of alerts. What is
needed is someway to allow program rights one time and not ask again unless
the MD5 signature is altered. Ofcourse this would still allow accepted
applications the possibility of free access. I think it is probably a
standoff between security and how long you can stand the alerts. Either way
KPF is still in beta and there is some fine tuning to be done I imagine. For
example it would be a simple matter for a trojan to make the registry hack
to disable VxD checking.
Michael
- Next message: OverByte: "Re: How do I config a router for the LAN side of things."
- Previous message: Kyle Davis: "Re: BlackICE 2.9car bombs on XP...."
- In reply to: Blinky the Shark: "Re: Kerio personal firewall 2.1b3 - VXD drivers problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
