Slashdot Mirror
New Windows Attack Can Disable Firewall
BobB writes to tell us NetworkWorld is reporting that new code released on Sunday could allow a fully patched Windows XP PC's personal firewall to be disabled via a malicious data packet. The exploit depends on the use of Microsoft's Internet Connection Service. From the article: "The attacker could send a malicious data packet to another PC using ICS that would cause the service to terminate. Because this service is connected to the Windows firewall, this packet would also cause the firewall to stop working, said Tyler Reguly, a research engineer at nCircle Network Security Inc."
From TFA: Its not clear if it only affects the windows default firewall, or any 3rd party firewall installed on the system.
Sure, it requires that you be on the internal LAN already, and that you be running ICS, and who runs ICS anyway? But what kind of shit design is this that lets you take down the firewall if you piss off the IP-masquerading software? Did someone cut their fuzz-testing budget? What's their excuse for having this kind of vulnerability?
Laws do not persuade just because they threaten. --Seneca
If the graphics applications you use require windows, and all of the major firewall vendors are bloated (symantec), worthless (keiro) or both (macaffee) then what can you do?
Microsofts company's public relations agency said Monday in a statement.
;(
"Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time."
Well then everything is fine and dandy then
The article didn't sound right calling it Internet Connection Service so I did some poking around on the blog the article referenced: http://blog.ncircle.com/archives/2006/10/microsoft _ics_d.htm/
ICS == Internet Connection Sharing.
http://en.wikipedia.org/wiki/Fire_extinguisher ?!
:)
nothing new here, go on...
Maybe the bug slipped past because nobody uses ICS. Too cheap to buy a free after rebate router?
What those engineers were thinking? A data package, the thing a firewall is filtering to some point, can disable the firewall? Who thought it would be a nice feature to have that?
"We need a firewall of our own!""Why?"
"To keep our monopoly; those firewall and antivirus companies are making money that should be in our pockets."
"But antitrust..?"
"We say it's because we want to have a secure system, it should've been in the first place. Those companies have no case! >:D"
"But even we cannot access their systems anymore without logging our activity on our massive 'slave-farm'."
"We'll add a backdoor, so we can remotely disable it. Noone will ever find it >:)"
"Excellent..."
Bill: "We must delay Vista a few more weeks because Sam the janitor found that if he logged on exactly at 12am, the system would implode and cause a reinstall. Thank god for QC!"
Grunt: "Hey Bill, there is a bug in XP that can totally disable the firewall! How about making an SP3 for XP?"
Bill: "You obviously don't share my vision do you?"
Valkyrie is about to die! Wizard needs food -- badly!
I never used Windows Firewall on my PC - I used Zonealarm or Tiny Personal Firewall. Why? Because given how many security holes XP had - and probably still has - I wouldn't trust my security to it. And lo and behold, here we are.
Windows firewall is the first thing i check for when i do a fresh install. I have *never* gotten a virus and i don't use any of the other products out on the market. So yea, some of us do. And we get better performance because of it.
So for this attack to work, according to the article...
1) The attacker has to be on the LAN already, or executing code from a PC on the LAN
2) The LAN has to be connected to the internet through a PC using ICS, and
3) There can be no external firewall device such as a router sitting between the LAN and the internet
While this is certainly a valid attack... so are a lot of other attacks once you're already in the LAN. This one just happens to nuke a software-based firewall from the inside. Big deal.
-David
How is this new? Any attack worth its salt disables the firewall first thing. Saying this is news is like telling people AIDs is linked to death.
If history repeats itself, why can't we study the future?
Well, I wouldn't agree with 'better performance' - software firewalls are ALWAYS a bottleneck. Just use a router :-)
A router does nothing to protect you from other hosts within the network.
Personal firewalls do not protect you against virus', anti-virus products do that. Personal firewalls protect your from hackers and worms, primarily. And good personal firewalls do egress filtering, which MS firewall does poorly at best.
Horns are really just a broken halo.
Whenever someone brags they have never gotten a virus, especially just after blithely disabling some security feature, it raises a big red flag. The question is: what is it that makes you think you've never had a virus/been compromised? You havent noticed anything? Perhaps McAffee or Norton didnt find anything so you assume you are clear? Sadly my friend, it is very possible your machine has been compromised by a virus or worm and you are simply unaware of it. The worst kinds of malware are not detected by virus scanners; in fact some are not even detectable in any way.
Why should you care if it doesnt appear to affect you? Well, it may actually effect you if its a keylogger tracking everything you type and collecting information about you for identity theft. Worse, for the rest of us anyway, your machine could have been co-opted by a bot-net that is used by criminals to extort money from web sites. What they do is secretly root thousands of unprotected computers operated by people who 'have never had a virus' and then use them to do a distributed denial of service attack against commercial websites, demanding money from them to stop.
In order to limit the power of these criminals, everyone must firewall and patch their machines. This may not even be enough though! What people really need to do is occasionally completely reformat after booting off a cd so any rootkit will be erased.
Real FPers use Refresh. You kids and your toys...
You should use the antivirus. The viagra & rollex offers that you send to 1000000 mailboxes every day take more CPU cycles and bandwidth than antivirus. Plus, A/V is something you avare of.
RTFA. It's new because it is a specific attack that's just been discovered. If you still don't think it's new, look up the word "specific" in a dictionary and see if you can figure it out. Hint: No one is claiming that it's a new kind of attack.
The hell it does. Are you sure you know what a firewall is?
Most attacks these days would completely ignore the firewall, and look for a way around it. Once inside, the only point to disabling the firewall would be to send spam, I guess, and the smarter ones would, again, attempt to go around it, so that a sneaky admin would still see their firewall supposedly working, and wouldn't see any suspicious rules to allow that particular app to connect.
In fact, I can't really think of any firewall-disabling attacks that make any sense. Even if we're talking about a big, corporate firewall, disabling it would be downright retarded -- the admin will be onto you in a heartbeat, and if it's any kind of decent firewall and you have the kind of access it takes to disable it, you almost certainly already have a tunnel as far in as you can go.
(Note: Almost. I can imagine some strange networks and situations where you'd be right, but you're still wrong, because we're talking about a single attack on a single Windows computer.)
Now, this attack is actually new and of a somewhat rare kind -- it disables the Windows firewall, which means it could potentially allow other attacks. It's amazing how stupid it is -- this attack should not work -- but it is not, by itself, a real danger.
I think you meant to say "AIDS". AIDS is not the plural of AID. AIDS stands for Auto-Immune Deficiency Syndrome. AIDS is singular.
Also, AIDS does not necessarily cause death. It just weakens your immune system ridiculously. Think of it like playing Halo without a shield, if such a thing was possible. People with AIDS have to be insanely cautious in order to simply stay alive, and to prevent spreading the virus to others, but it's entirely possible to live with AIDS.
So, basically, you're entirely wrong in every single thing you said. That's impressive! That's an accomplishment!
Don't thank God, thank a doctor!
When they advertise that XP installations come with a firewall, they in fact mean that XP installations come installed with a wall of fire. The EULA clearly states that, somewhere near the bottom next to the pictures of cats and the sudoku puzzles, because no-one ever reads that far...
Task Mangler
My Father's laptop got stung by this (i think) I tracked down two values in the registry for disabling AV and firewall. Now it's fckucked and the cpu is at 100%. Yum.
please step away from the keyboard until you have conquered your substance abuse problem
thanks
So much for my plans for shutting my firewall off remotely from work...
I turned mine off when I discovered it was blocking the winsock control even though I'd given the application USING the winsock control full access. It also slowed down email retrieval by a factor of ten. I tested it several times, firewall on and firewall off, and proved it to my own satisfaction. So, out the window with that particular feature.
Hal Spacejock: Science Fiction with Nuts
As it seems judging on the majority of the comments, the first thing an *experienced* user would do on an XP machine would be to deactivate the MS firewall and install a third party firewall.
But then again, which unexperienced user would set up a LAN with the - advanced I would say - specifications described in the article? So, no real need to patch there... I am suprised they ever found out about this thing. It is easy to forget that all these little Windows tools are for users that will do no more than the occasional browsing and multimedia playback.
For the record, I have iSafer always enabled .
Windows has a firewall?
....sorry, please continue :)
Please see here:
http://isc.sans.org/diary.php?storyid=1809
MS Cluster Service will not work without ICS running, it is used for internal NAT handling.
So the problem is much more widespread than small LANs using ICS.
... firewalls disable you.
Personal firewalls protect your from hackers and worms
And also protects others from you:)
gtkaml.org
What if the attack just gets a PC on the LAN to send the attack packet?
Come on people. Routers are cheap. It is better to use a hardware router instead of a Windows machine as a router. At home, I run a 300MHz Pentium II as a router. At the office, a router is used.
Everyone knows Windows is insecure. It only costs $30/$40 for a router. $29 for a D-Link DI-704P 4-Port Cable/DSL Router at outpost.com
Fight Spammers!
Fortunaltey for all V(irus)B(uilding)S(script) coders, Microsoft gave us all a very easy way to silently disable the firewall at any time...
a bled = FALSE
Set objFirewall = CreateObject("HNetCfg.FwMgr")
objFirewall.LocalPolicy.CurrentProfile.FirewallEn
Malicious code can damage your computer. New bugs can be found on a patched system. News at 11.
Use a proven firewall such as OpenBSD which can both act as a firewall and provide NAT dhcp etc for the LAN.
Unlike windows OenBSD has suffered "Only one remote hole in the default install, in more than 10 years!".
Oh and version 4.0 is due out tomorrow - see http://openbsd.org/40.html
LOL. Either you're joking or you're insane.
Considering the number of security alerts concerning ZoneAlarm compared to the ones concerning Windows Firewall I would not be so proud...
But we are on slashdot so surely anything marked windows is worse!
You've most probably been been buying crap routers. D-link, Belkin, Linksys, Netgear - for chuff's sake, they might as well be branded "Barbie (or Action Man) My First Router". Treat yourself to a nice ZyXel router, and you might forget you even have a router in your network.
Je fume. Tu fumes. Nous fûmes!
I'm not joking. Perhaps you're just clueless?
Show me a router 150$ that can handle bittorrent + ed2k on 10mbit 24/7 (on top of "regular" stuff), and I'll show you flying pigs.
Yeah, I saw a couple nice ones that might have sufficed, but I didn't want to spend the 600$+ they were asking for (that was a sonicwall) when just installing a small app on a already running box with a spare NIC I had laying around works even better (for 600$ less).
Why does Windows get all the press? It's not fair! I want to see some coverage of stupid holes in Linux and the free BSDs!
Please correct me if I got my facts wrong.
Yep.
My old gateway with two 3com 3c905 and FreeBSD laughs at the measly bit torrent connections I throw at it. Before I set that up a few years ago, I had similar experiences with consumer grade networking gear.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
Squeal, fanboy! Squeal!
What makes you believe that a (home) router, which is a small microcontroller with some dedicated firmware running on it, will outperform a modern PC that has 10-20 times more CPU power available?
Actually, he's probably partly referring to the routers flooding their wireless connection which happens with Zyxel routers too./ index.html?chart=124
http://www.tomsnetworking.com/lans_routers/charts
You set up a p2p like bittorrent that is willing to use a lot of simulataneous connections and it floods your router and your connection drops.
Of course, it does sound like a lot of routers(1 a month?) to go through so if he's returning a lot of dead routers, a possible power problem in the home is possible.
Heh you replace it with one of those commercial backdoors do you? Umm whatsitcalled .. phone-home .. phone-alarm-something ...
0 _spyware_controversy
http://en.wikipedia.org/wiki/ZoneAlarm#Version_6.
Too late buddy, you already installed *windows*.
A person who uses ICS is even more guilty against mother Earth than SUV owners. ICS requires the gateway PC to run even if you use only the client PC and this means 250Watt or more excess electric consumption. An ICS user fills the air with CO2 emitted from coal powerplants that make electricity. If you dont buy a 20$ ADSL router that runs off 12 Volt wall adapter and runs your net sharing on 10Watts or less then you are a pollution terrorist, a cohort of fossil fuel barons.
I hope all ICS users get hacked to death and their mangled bodies displayed on spikes to educate the masses on the importance of conserving resources.
according to this sans article the DOS attacks comes from outside.
If i understand it is with a corrupted DNS reply packet.
Hell yes, I sit at a wireless internet helpdesk at my university. I think 75% or something of our visitors use Windows firewall. There must be lots and lots of people using it.
or similar windows-only ISP. Or if you aren't ready to jump through the hoops of convincing them that the DSLAM head is broken and not that you're running Linux that is causing your connection to fail.
So I see dozens of comments about "Its no big deal, you have to be on the lan". Am I the only one that hasn't forgotten how common wireless networks are and how trivial it is to gain access to most of them?
The only change I can believe in is what I find in my couch cushions.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Does anyone actually leave windows firewall on anyways? Its one of the first things to go when I have to use windblows xp.
For friends and family (until recently) had no choice to leave it on but turned off. Computer browser stopped or simply wouldn't work and when Joe Clueless tries to access his pr0n^H^H^H^H^Hwedding pictures on other PC the Computer Browser service wouldn't access the other PC. For some reason firewall had to run (even if turned off) for Computer Browser to function properly. I think this "feature" has been fixed as an SP2 post fix.
Also, my sister doesn't have a router, she uses a dialup for her net so I left firewall on. It's primitive but it does the job.
Are you talking about viruses and worms that afflict computers or some kind mystic God? If they are not detectable in anyway, even you might be hosting malware and would not be aware of it. Right?
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Yeah because there are so many vulnerabilities in ZoneAlarm. </sarcasm>
I have a Linksys WRT54GL router (http://en.wikipedia.org/wiki/WRT54GL). It uplinks via 36-54mbit (depending on conditions) wireless connection, and acts as a router for a network of ~10 computers with quite heavy p2p traffic. It is stable and rarely slows down. Of course, I run a custom linux firmware on top of it (HyperWRT Thibor, original firmware sucks quite bad).
Oh, and it cost me ~70 USD.
--Coder
Because you can't meaningfully implement NAT on a single-machine "network"?
Justice is the sheep getting arrested while an impartial judge declares the vote void.
You have a few options:
1. Run Windows natively but unplug your CAT-5 cable or disable your networking devices under the device manager. Having no internet access under Windows fixes this and many other problems nicely.
2. Are you really sure that the graphics applications you use require Microsoft Windows? I think that you would be very surprised by how good the support is for most Adobe products, including Photoshop, using WINE.
3. Run Windows and your graphics applications in a virtual environment using VMWare. Unless your graphics applications require advanced, DirectX-based rendering or some such thing (unlikely), then this will work great too.
Hope that helps!
I feel for people who have no other options, but... software routers suck. That they are made by microsoft or anybody else. Hardware firewalls for the win. (which I guess in the end ARE just embedded softwares...still better at the end of the day)
You got a point, but the wrong set of routers.
D-link, Belkin, and Netgear is crap and has these issues.
However, Linksys certainly does not. I have never had issues with Linksys routers. ZyXel is as crappy as the rest.
Hey mods, mod parent up.
If you want your life to be different, live it differently.
So I tried using MS Virtual PC to run another copy of WinXP and run Azureus in that sandbox. Same problem.
I thought maybe I was being attacked via bad packets sent to Azureus but was told I was being way too paranoid.
I switched to a Linux virtual machine to run Azureus just in case.
"I don't know why I bothered to type this in."
The smaller ZyXel routers use a traditional transformer power pack with 12V AC output. Judging by the temperature rise, the on-board regulator is most probably a switched-mode type. I'd guess this would be quite tolerant of power surges, just with the presence of a mains transformer (hefty inductance; doesn't like rapidly-changing current). The "surge suppressor coils" found in cheap, switched-mode power packs are laughable. A well-designed power supply should fail safely and protect the connected equipment, but cheap ones often aren't well-designed.
As for the wireless stuff, well, that's too bad. But your computer already needs one connection to the wall to get its power. Will one more for data kill you?
Je fume. Tu fumes. Nous fûmes!
Sure you could build your own firewall appliance and shove it in a DMZ on your home LAN. And you could implement hardware dongles for wireless. And you could sandbox everything and so on and so on and so on.
But is that reasonable? Do you really have content on your machines that's so valuable that it has to be preserved at all costs? Is it really worth the time, effort and money to do so? Did you remember to back it up? People should take reasonable precautions such as a good software firewall, a real time AV scanner, a few spyware tools, a good registry cleaner, etc. Run them once or twice a month unless you see obvious artifacts of some problem. Keep the OS patched on a more or less regular basis but avoid chucking everything on all the time ASAP. Let someone else debug it. That should keep you running.
More than that you should evaluate the rationale for it, just like building a business case at work. If protecting the machines takes as much effort at using the machines, you might have missed the mark.
This is true, but I don't think that's the point others are trying to make. In this particular case a router removes the need to run ICS, and consequently removes the threat from this exploit.
Check out the cave on the east side of lake Hylia. Strange and wonderful things live in it.
Windows firewall is a bad idea --it gives users a false sense of security and is, in reality, only half a firewall.
Last night, while surfing in IE6 (god forgive me), I got nailed with a trojan JUST BY VISITING a website! And this is on a rigorously patched XP Pro box. If not for ZoneAlarm (which, unlike IE, blocks outbound requests too) my system would have been compromised.
Where's the trust Micro$oft?
Ask me about my sig!
I cant wait till a journalist finally gets something right..
/.'s captcha's are SO good that even I cant read them - round 2)
Its not "Internet Connection Service" its "Internet Connection Sharing" which hardly anyone has running anyway. They probably fudded it on purpose just to make their article sound more relevant.
(and
The MS firewall has never been secure. For a few reasons completely unrelated to the current bug.
1. It's configurable via the registry. I.e. write a few keys into the registry and your application has all rights to come and go as it pleases. And that's what malware usually does.
2. Its "warning" windows have a standard window handle and can thus be intercepted by programs and answered "correctly". Another standard tactic of malware.
3. It's attacked by every single halfway modern malware, since it's on every system by default. Every single piece of malware has to defeat it to be "complete". And every malware does. It's not really hard, usually it's enough to do 1. (by simply setting the keys accordingly) or 2. (by creating a thread that waits for the window to pop up and flick it away with the "ok, let it pass" message).
Relying on the Windows Firewall to keep malware out is like relying on a politician to resist bribery.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The fact that ZoneAlarm can do bi-directional firewall control is the reason why I don't use Windows' own incoming-block only firewall.
For this attack there has to be a number of factors in place, and most people here on /. seem to dismiss the likelihood of an attack because of these factors. But remember, the majority of the population aren't like people here.
1. Must be within the LAN
How many average joes run unsecured wireless? In my neighborhood that's lots of people.
2. ICS must be running
How many average joes have never even opened Services much less turned off unneccessary Windows services?
3. No other firewall is running.
How many average joes do not buy a third party firewall because one comes with Windows XP?
This attack can be mitigated easily for computer savvy people. Most people aren't that computer literate. Just my 2 cents.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Yeah, instead of closing exploitable network ports, let's throw another layer in front of them! That's sure to be foolproof!
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
You OpenBSDats just want to cut and run from Windows. We need to stay the course if we do not want the smoking router to become a mushroom CPU.
Stay with Windows, or the hackers win!
Obama likes poor people so much, he wants to make more of them.
And, laying blame properly.
When you buy a new computer, it comes with XP. On the hard disk. Without a manual. Really.
My nanny just bought an Acer laptop. It did come with a "quick start guide".
Nothing about security. Although XP does pop up a dialog asking you to install anti-something-ware software. And natters about using unencrypted wireless links.
So for you points 2 and 3, the vendors are to blame. For point 1? I believe that the warning that you are using an unsecured wireless connection is probably just fine.
Generally, I'll blaim the vendors. Not only are MANUALS not packed, but even CDs are omitted on shipping. How is the "average user" supposed to know? Intuition? I guess they are supposed to read the fine dialogs, and resolve these issues at that time. I guess the vendors take the easy road and throw in "Norton Antivirus" to get rid of the nagging.
Ratboy
Just another "Cubible(sic) Joe" 2 17 3061
I was a strong proponent of Kerio's free firewall. However, a fully patched Windows XP machine running Windows firewall works just as well. A "shield's up test" reveals no open ports using either system. However, Opening ports using Kerio has always been a pain in the ass. After having numerous issues with bittorrent and ssh using Kerio, I gave up. I now use a hardware firewall which is in my router and the built in WinXP firewall. Two firewalls are enough, IMHO.
Why aren't there any free/open-source/GNU easy to configure software firewalls for windows? Anyone know of any?
Since when did "interesting" mean "shills for my favourite product" ?
Je fume. Tu fumes. Nous fûmes!
I've always known ICS to mean Internet Connection Sharing, not Internet Connection Service. I could be wrong though.
If carrots got you drunk, rabbits would be fucked up. - Comedian Mitch Hedberg R.I.P. 03/30/68-2/24/05
It can do some good. Write your filtering rules to drop all TCP/UDP, port 137:139 like a hot rock! Who needs that protocol anyway. I haven't missed it in years.
What the fuck is going on with the Mods nowadays??? The guy has a valid point, not applicable to most of us, but a valid one anyway. And he's a flamebait now?
Oh, how I long for this kind of abuse when [meta]moderating...
Uncopyrightable: The longest word you can write without repeating a letter.
Thank God for Linux based firewalls.
This is something about XP that really bothers me, and I consider a design flaw. Several services run together under each svchost.exe process. (Tasklist /svc will show them.)
I have something wrong with my system now, where one of those svchost processes (after while) dies with an unhelpful messages, killing a bunch of other services with it (including ICS/Firewall). They won't restart for me, either. I'm still in the process of disabling services and trying to identify the single one that is causing grief, and bringing others down with it.
And now, according the article, this same behaviour is used as a security exploit. I wonder if my services have been dying from this same exploit being attempted from the outside on my machine.
Love many, trust a few, do harm to none.
If firewalls are a sign of weakness, why does Linux come with a firewall built-in?
I guess you never use dialup? Dialup users get screwed on this bug, yet again.
Oh You POS
I think that's cool, the stupid firewall that comes with XP causes more problems than I can count AND it always turns itself back on! Something to turn it off and keep it off would actually be a plus.
If closed the mind be, so then the mouth should follow.
Thank goodness Vista will lock out third-party firewall software, and prevent these kinds of problems.
Oh, wait...
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Who the hell uses ICS anymore? I used ICS once when I was on dialup. I quickly wired another phone line to my second PC and learned to live without concurrent connections. Dialup is fast on its way out anyway.
"If your parents never had children, chances are you wonât either." -Dick Cavett
Uhm, we're not talking about getting a virus. Or do you not know the difference between, say, a trojan horse and a virus? Besides, windows firewall doesn't protect against outgoing connection attempts. So, you're probably all zombied up and don't even know it... and you're reading /. . Great.
have you read the Moderation Guidelines Addendum?
Sounds to me like part of trusting proprietary software to do a good job with security. Uninspectable, unmodifiable, unsharable software shouldn't be trusted to perform securely. You need software freedom.
Digital Citizen
I, for one, welcome our new Windows Firewall pwning overlords.
Seriously though, Windows Firewall is great for very general and basic protection, but it serves no match to free and more efficient [zonelabs.com] firewall software that is actually easier and more understandable to the user.
None of these software firewalls are of any use as they can be disabled by the next exploit. What is needed is a firewall running on standalone embedded hardware. Of course with the use of RPC over HTTP and SOAP, a firewall is of limited use in this day and age.
davecb5620@gmail.com
And in other (non)news, a man unlocked his security door, invited a stranger into his home, and then that stranger then mugged him.
Mods don't have a "-1 Poster appears to be an Idiot" option. Hence Flamebait.
I say there's not even enough electricity flowing through the network circuits of the router to cause it to overheat like you say.
Why does open source hate our freedom?
That is not nearly the first post, not to mention it would have been a very stupid first post.
Nobody uses Internet Connection Sharing (ICS) in Windows. Nothing to see here, move a long.
I use Black Ice Defender.
What the hell does a firewall have to do with you being retarded enough to visit a website and getting trojanned?
As for the wireless stuff, well, that's too bad. But your computer already needs one connection to the wall to get its power. Will one more for data kill you?
No, but my girlfriend nearly did when I started laying bright yellow cat5 cable in the house...
It's official. Most of you are morons.
> What the hell does a firewall have to do with you being retarded enough to visit
> a website and getting trojanned?
Well AC... Perhaps you should spend more time reading the title of the article ("New Windows Attack Can Disable Firewall") and less time attacking complete strangers. May we assume that you are also retarded since Slashdot is a website? It's not like I went looking for sites crawling with virii.
Please. Lighten up. I've already been punished for using IE6 and Windows.
Ask me about my sig!
It is pointless having a firewall which monitors outgoing connections for a lot of users because of this. Last month I watched one of them click 'Ignore' (I think it was ignore as it kept repeatedly appearing every so often) when AVG caught a Trojan trying to activate. When I tried to point out what she had done she just shushed me as she was too engrossed with messenger! She never once read what it was trying to tell her. Her sound card drivers are kaput and it needs to be fixed but I just cannot be bothered to fix it.
If I install ZoneAlarm on anyone's PC these days I try to configure it for the programs they use. Unfortunately this means that I have to install everything to make sure that they have a working PC afterwards which is why I generally avoid it. I just stick on the Windows firewall, AVG, Spyware Blaster, Firefox and Adaware SE Personal (not that they ever run it). Funny how they are completely clueless about computers but if you put them in a limited account it is amazing how quickly it becomes one with full administrative privileges.
The only person who I've had any success with is my daughter.
wait a minute, its halloween, this is NOT a troll today.. (note goatse pumpkin)
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
In Windows, at least, there are class drivers for a variety of USB device classes.
Laws do not persuade just because they threaten. --Seneca
I hear you. Actually thinking while using a computer isn't for everybody.
With my parents and grandparents, buying a cheap router was about the best (almost) foolproof thing I could do for them. I still spend a day or two each year, when I visit, just undoing their damage.
Ask me about my sig!
This article is so worthless that I got around 15 full replies and 250 abrev.
I have never had problems with NetGear, but I am having big troouble with Linksys. I will never buy another linksys product *ever*.
... because the Windows "firewall" isn't a firewall.
I don't think Windows firewall is less secure just because a registry hack can turn it off. In order to perform that hack, malware has to be on the computer. The purpose of the Firewall is to keep malware off the computer. As long as it (and Windows Defender and a decent Antivirus program) are running on the computer, the malware won't be there.
On the other hand, third party firewalls tend to cause all kinds of problems for inexperienced users. Since Windows Firewall is ubiquitous, applications know how to play well with it (the flip side of the "all malware attacks it" scenario). Plus, if anything bad happens, you get to bitch about Micro$oft, and you'll get lots of sympathy. Who feels sorry for ZoneAlarm users these days?
It's a bonehead security vulnerability from Micro$oft (Again!), but it only affects a trivial number of users, and hasn't been exploited, probably because of the trivial number of targets. I don't think it is worth going ballistic over.
I'm a lot more worked up over the upcoming EULA restrictions coming up in Windows Vista. Looks like they're going to restrict how many times it can be reinstalled, and potentially, what kinds of upgrades they're going to allow you to make to your computer without paying for a new Vista license.
Fundamentalism is a crime against humanity