Farewell Kerio continued
in [Freeware]
|
Prev: Parted Magic 4.9
Next: What I like about Chrome
From: David H. Lipman on 30 Dec 2009 17:49 From: "John Corliss" <q34wsk20(a)yahoo.com> | David H. Lipman wrote: >> From: "N4469P" <samuelluter(a)gmail.com> >> | On Wed, 30 Dec 2009 12:25:36 GMT, hummingbird wrote: >>>> 'David H. Lipman' wrote thus: >>>>> The OS will query the user when OBJECT.EXE tries to access the >>>>> Internet to allow or deny OBJECT.EXE that access. >>>>> However in XP OBJECT.EXE can write its own FireWall Policy to >>>>> allow itself access to the Internet and thus not query the user. >>>> Do you mean that it can effectively by-pass the user's PFW? >>>> or just the Windows firewall? ...or both? >>>>> This was fixed in Vista and strengthened in Win7. >> | Cite? >> Don't need to. I have replicated the ability of malware inserting a FireWall Policy >> allowing in WinXP and it fails under Vista. | Actually, yes, you do need to cite if you're going to make a claim in | this group. Demanding that others take your word without any proof is a | waste of everybody's time. | By the way, your attribution marks are non-standard (see the quoted | material above.) When I do my own tests, there is nothing to cite. One can easily do their own tests via a REG file or a malware file that inserts its own FireWall Policy to Allow Internet access. Hell, I have even incorprated the capability in my Multi-AV Scanning tool. KiXtart line... $R=WriteValue("HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST","C:\AV-CLS\WGET.EXE","C:\AV-CLS\WGET.EXE:*:Enabled:WGET.EXE",REG_SZ) You can NOT do this under Vista and above. It doesn't work. You have to use the OS GUI. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: David H. Lipman on 30 Dec 2009 19:14
From: "hummingbird" <hummingb�rd(a)127.0.0.1> | 'David H. Lipman' wrote thus: >>From: "hummingbird" <hummingb�rd(a)127.0.0.1> >>| 'David H. Lipman' wrote thus: >>>>The OS will query the user when OBJECT.EXE tries to access the Internet to allow or >>>>deny >>>>OBJECT.EXE that access. >>>>However in XP OBJECT.EXE can write its own FireWall Policy to allow itself access to >>>>the >>>>Internet and thus not query the user. >>| Do you mean that it can effectively by-pass the user's PFW? >>| or just the Windows firewall? ...or both? >>Under WinXP - yes. Malware can (and does as I often see this) insert a Policy to allow >>the malcious file access to the Internet. | Thanks. That confirms what I have believed for some time. Sadly, | it drains the confidence that many people on ACF place in their | PFWs. Marketing hype works!!! Let me clarify -- That the MS WinXP built-in PFW. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |