Alarming vulnerability with XPSP2 Firewall
From: Adam Lyttle (adam_at_lyttlesoft.com)
Date: 08/28/04
- Next message: Len Segal: "Re: Hyperlinks in Email"
- Previous message: David H. Lipman: "Re: Should I install SP2"
- Next in thread: Kammbo: "Alarming vulnerability with XPSP2 Firewall"
- Reply: Kammbo: "Alarming vulnerability with XPSP2 Firewall"
- Reply: Juergen Heinzl: "Re: Alarming vulnerability with XPSP2 Firewall"
- Reply: Robert Moir: "Re: Alarming vulnerability with XPSP2 Firewall"
- Reply: Roger Abell [MVP]: "Re: Alarming vulnerability with XPSP2 Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Aug 2004 07:53:46 -0700
I came across an alarming feature in the Windows XP SP2 Firewall:
Programs can systematically add themselves to the firewall exception
list, effectively giving themself complete access to the internet
without triggering any warnings or prompts, as documented here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ics/ics/wf_adding_an_application.asp
This is definitely a feature that should never have been released with
the Service Pack. It effectively underminds the entire emphasis that
has been placed on the newer and more "secure" service pack. If a
program can *give itself* privileges to gain unrestricted access to
the internet, then the firewall itself is theoretically useless.
Instead of the rules being managed by the computer owner, they are
being managed by the applications themselves.
With a few lines of code a virus, worm or trojan can give itself full
access to the internet on the users computer. A worm could distribute
itself in the background without even prompting the firewall and a
trojan can open ports and wait for incoming connections without firing
off a warning of any sort from the firewall. All of this adds up to
one thing: an unsecure firewall.
In my opinion, an unsecure firewall can often be more dangerous than
having no firewall installed what-so-ever. If the user assumes they
are protected, they may open files with less caution.
It is my honest opinion (in fact, I plea) that this feature be removed
from the Service Pack. I assume that most people running the service
pack are also using the Automatic Update feature. If a patch is
distributed via the Automatic Update feature this problem can be fixed
before it is used in malicious programs.
Or at least there should be some sort of compromise. Instead of
allowing all programs the access to this feature, how about only
letting programs that have been digitally signed and verified to
access it?
Adam Lyttle
Software Developer
adam@lyttlesoft.com
Lyttlesoft Studios
PO Box 99
Mitcham SC, 5062
South Australia
+61-422-072-537
- Next message: Len Segal: "Re: Hyperlinks in Email"
- Previous message: David H. Lipman: "Re: Should I install SP2"
- Next in thread: Kammbo: "Alarming vulnerability with XPSP2 Firewall"
- Reply: Kammbo: "Alarming vulnerability with XPSP2 Firewall"
- Reply: Juergen Heinzl: "Re: Alarming vulnerability with XPSP2 Firewall"
- Reply: Robert Moir: "Re: Alarming vulnerability with XPSP2 Firewall"
- Reply: Roger Abell [MVP]: "Re: Alarming vulnerability with XPSP2 Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
