Re: Is it OK to allow rundll32.exe and svchost.exe to have free reign?

From: NormanM (norman_miller@11BlauWaldmail.com)
Date: 02/16/02 

From: norman_miller@11BlauWaldmail.com (NormanM)
Date: Sat, 16 Feb 2002 06:57:03 GMT

On Tue, 12 Feb 2002 00:40:52 -0600, EDGKing <nobody@notwarmmail.com>
wrote:

>I'm running my LAN through a Linksys BEFSR41 router with Norton Internet
>Security on each local PC.
>
>I'm running WindowsXP-Pro
>
>When I first installed NIS, it asked me if I wanted to allow rundll32
>and svchost.exe to access the internet and it recommended permitting
>full access (which I did)
>
>My question is couldn't a trogan come in the form of a program that
>calls upon one of these two "allowed" programs and thereby gain full
>access? When you look at the processes running (Ctrl-Alt-Delete) you
>only see these services and as far as I can tell, you cannot see the
>program that called them up.
>
>I guess this is a newbie question an may have a straight forward answer
>that I was unable to find in a google search.
>
>Thanks for the advice.

I don't know, does NIS have application level control of the firewall
rules? When you run a LAN, sometimes there are services which are good
for the LAN, but dangerous on the WAN. You need to be able to
configure trusted addresses for the LAN, and differentiate the rules
for LAN-side access and WAN-side access.

As for the Trojan, it has to be loaded onto your computer to do its
damage. The issue is how to get it their; the malicious sorts who try
aren't going to find a Trojan on a clean machine, nor get one
installed on a properly secure machine. What you should concentrate
upon is securing the machine from exploits the crackers are seeking.

Norman M.
>>>Clear-cut the Blue Forest to reply by email.<<<

Relevant Pages

  • Re: WOL security issue
    ... issue if somebody inside our LAN is infected with malware. ... WOL itself is not a security issue. ... it needs to know the MAC address of the ethernet card. ...
    (alt.internet.wireless)
  • Re: Unauthorised switchport access
    ... Your LAN becomes a major target to ... And don't be pacified into a false sense of security by VLANs they are ... Lock all non used switchports and enable a "sticky" MAC learning ... Look into Network Access Control, even if you don't want to ...
    (Security-Basics)
  • Re: A new concept for security management?
    ... Creating a LAN is no problem. ... What they'd still be missing is active security. ... >bare-bones LAN for the company and let an MSSP provide the security. ... Anti-Virus software with auto-updating. ...
    (Security-Basics)
  • RE: Linux on military aircraft
    ... Subject: Linux on military aircraft ... Which Base LAN are they talking about? ... Maybe Linux is really more secure than people here want to admit ... Its just that in order to keep that level of enhanced security, ...
    (comp.os.vms)
  • RE: [Full-Disclosure] Learn from history?
    ... SMB generally arent worrie about running simething like WIndows Update ... >>That does not work with the workarounds customer need to facilitate ... Block the ports BEFORE they hit the LAN. ... Proactive security. ...
    (Full-Disclosure)
Quantcast