| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Feb 2005 15:42:08 -0500 (EST) From: Chris Wysopal <weld@...nwatch.org> To: Jay Calvert <jcalvert@...aneronetworks.com> Cc: bugtraq@...urityfocus.com Subject: Re: Windows Firewall Has A Backdoor On Sat, 19 Feb 2005, Jay Calvert wrote: > > > By adding a new key to the registry in > HKEY_LOCAL_MACHINE/SYSTEM/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/AuthorizedApplications/List > you can circumvent the whole purpose of the firewall with out the users > interaction or knowledge. Spyware / Adware manufacturer's are already > do this. This is not a backdoor or vulnerability. The default permissions on this key are Full Control for SYSTEM and Administrators and Read for Users. The Administrator should be able to configure the firewall to allow programs to connect outbound. The security problem that has created the spyware malaise on Windows is the default Windows installation for home users, which creates the user's named account in the Administrators group. When this account is used to browse the internet there is no protection to prevent spyware/malware from bypassing security mechanisms, such as the XP SP2 firewall, by exploiting vulnerabilities or tricking the user. The advent of spyware/malware using NT rootkit technology to hide from AV and Anti-spyware programs will force Microsoft to change to an installation where there are 2 accounts, one for administration and a low permission one for browsing the internet. This has been the standard for Linux and OS X for years. -Chris
Powered by blists - more mailing lists