Re: Win xp sp2 firewall



Sebastian Gottschalk wrote:
Mr. Arnold wrote:


For typical PFWs you either have to
use some dirty tricks (while risking that some idiots will scream "HACK
ATTEMPT !!!11")

At most, the application would say that an unauthorized program was trying to access the Internet, that you the user didn't approve.


I'm talking about the application on its own adding a rule to the PFW for
allowing appropriate access. You won't get any queries then.

I don't want any application having the ability to add its own rules to a PFW, period. I don't care what it is.

Of course the application would have to implement this for every single
PFW, and since most don't offer any interface they'd have to use their own
dirty tricks (f.e. sending Windows messages, hijacking a kernel driver,
...), but it's generally no problem.

Considering an explicit interface being offered by Windows Firewall
therefore is no security problem, but rather a sign of sanity.

What are you talking about? Programmers are not stupid, particularly hacker types. You think someone couldn't figure out a program interface after hitting it numerous times to figure it out?

You think that information on how to access the interface is going to be kept under some kind Fort Knox lock and key?



or you'll have to ask the user to add the rules (which
they're usually incapable of).

And MS and its PFW somehow knows the intent and knows the correct decision to make?


At first, it's no PFW. And no, they don't have to know any intent, because
they delegate this task to the respective software itself.

Me, Job Blow program writing hacker who has cracked the interface, got some user with the happy fingers to click on something that did the install of my hacker program and I have good intentions. You come on let's do some delegation.


I don't want MS with some FW to be making any rules without user permission about anything.


Well, then why are you running with admin rights? With admin rights, this
would hold for any PFW. And without admin rights, it won't hold for Windows
Firewall.

Come on man, why is anyone running with admin rights? Maybe, it's because it's the default.



There is no way that the XP O/S or the XP FW knew the intent of that application good or bad as a client or server. And yet rules were set for the applications to punch through the FW. You name another PFW that allows this kind of rule setting, which is ridiculous.

Any does. By design.

We are not talking about any. We are talking about the XP FW that will set rules dead in your face, if one knew to go check.


The same is true for all other PFWs any would be true for any
implementation. Where's your argument? You're complaining about a trivial
and unavoidable fact.

I like the way you try to take the focal point away from your beloved XP FW. It won't hold.
.