Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Community » News & Announcements » Vista firewall easily tricked, says Symantec
Register Calendar Gallery Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 03-03-2007, 10:06 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Vista firewall easily tricked, says Symantec
Windows Vista's firewall can easily be subverted because of design decisions made by Microsoft Corp., a researcher at Symantec Corp. said today. Orlando Padilla, a Symantec security response team member who authored a study released this week on how well Vista stands up to current malware, took the new operating system's firewall to task today in a blog.
"[The firewall] poses a great limitation for malicious code looking to backdoor a host," said Padilla in the entry. "Unfortunately, the Unblock button may be accessed with the same privilege level as a standard user. This configuration of privileges creates a point of vulnerability that undermines the effectiveness of the firewall's policy in Windows Vista."
Padilla was unavailable for comment, but Javier Santoyo, manager of development in Symantec's research group, explained. "Subverting a firewall is nothing new, but Microsoft, with Vista and User Account Control [UAC], had the ability to strengthen the firewall." The company didn't take that opportunity, he said.
The problem, according to Santoyo, is that while Vista's firewall blocks all third-party and untrusted network traffic unless the user clicks the Unblock button, it's not hard for attackers to code their malware so that the software surreptitiously clicks the button. The SendMessage API call can be used to automate that function, said Padilla.
Microsoft could have guaranteed that only a click by a real live user would unblock the firewall for an application requesting Internet access. "They could have coded it so only an interactive user could click the button," he said. It's possible that rival firewall vendors may take up the approach, Santoyo said.
The motivation for tricking Vista into allowing malware access to the Internet is plain: "They could then download other malicious code" or hide the command-and-control traffic between an infected PC and the hacker using the machine as a spam zombie or denial-of-service attacker, said Santoyo.
"Assuming an attacker can perform the firewall unblock attack, most of the functionality commonly present in a bot is available," wrote Padilla in his research paper (download PDF).
"Yes, I think attackers will try this," said Santoyo. "It's not hard to do."
Microsoft officials could not be reached for comment.



The source:Computer World.com
Reply With Quote
Posted


Reply

  • Submit Thread to Digg Digg
  • Submit Thread to del.icio.us del.icio.us
  • Submit Thread to StumbleUpon StumbleUpon
  • Submit Thread to Google Google
    • Bookmarks

    « Previous Thread | Next Thread »
    Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
     
    Thread Tools
    Display Modes
    Linear Mode Linear Mode

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts
    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off
    Forum Jump



    All times are GMT -5. The time now is 11:32 AM.

    Contact Us - CyberAnswers - Archive - Privacy Statement - Top

    Firefox 2