More Security Issues concerning the new Windows Firewall
Recall --
Yesterday, I posted a comment on the fact that the new Windows Firewall (present in XP Service Pack 2) does not monitor outgoing traffic. As we discovered, this is especially problematic for Spyware attacks, as it may be possible for a Spyware program to extract personal information from your computer and relay it to a third party -- all without you knowing about it.
Infopackets Reader Tom M. writes:
" Dennis: [in reference to your original article], you mused as to why Microsoft hasn't followed the ideology of full firewall protection. Might I cynically speculate that it may be a perceived legal matter? By this I mean they may be trying to fend off claims of having a monopoly by not putting everything into their operating system. Appearing to have a firewall, albeit half of one, is good marketing directed at those who would prefer one-stop shopping and/or are ill-informed.
Those who realize they need something better, including those who learn it from useful newsletters such as yours, will go out and download a free or purchased copy of a 'real' firewall. One-stop shopping would be a great boon to customers, only if the included functions were 'top of the line'. But it could put a lot of serious smaller companies, which provide good products, out of business and draw too much negative attention. Mind you, putting in a half-baked firewall draws negative attention too. Perhaps its a matter of choosing the lesser of two evils. Of course I could be full of it, but.... "
Interesting (and amusing) comments. In terms of security, Infopackets Reader 'Alias Zero' pointed out some very interesting facts about the new Windows Firewall that comes standard with Windows XP Service Pack 2:
" In fact, the new XP Firewall does little to stop anything. Microsoft has created an API which allows programs to add a Firewall rules at whim. Although administrator access level is required to change the rule set, I'm speculating that someone (at some point) will find a way to exploit the API to allow for further exploitation of the operating system. " (Paraphrased)
Side note: API stands for "Application Program Interface". In short, APIs are used as plug-ins for existing programs. In "operating systems that support a graphical user interface, the API also defines functions to support windows, icons, pull-down menus, and other components of the interface. In network operating systems, an API defines a standard method application programs can use to take advantage of all the network features." (Source: angelFire.com)
My response:
I did a bit of research on this using Google and found a post via securityFocus.com which essentially underscores what Alias Zero has pointed out:
" Besides manual configuration of the rule set, [the Windows Internet Connection Firewall, or 'ICF'] contains an API that allows applications to temporarily modify the [firewall] rule set. In the screenshot below, Windows messenger automatically opened up TCP port 12212 and UDP port 13037 for its own use.
This is both a good and scary feature. It's good because it allows applications like Windows messenger the ability to interoperate with [the Windows Firewall]. This is especially useful for applications that open up dynamic ports [random communication ports used on the Internet]. With applications that open up dynamic ports, you cant specify a rule that would allow the traffic through, since the port could change. This is great for people who play games that support DirectPlay 8. At the same time, most security professionals get a little wary when applications can change firewall rule sets willy nilly. A big complaint people have about the [Windows Firewall] API is that it requires administrative privileges. If your Windows XP account is a 'limited' account, applications you run cant manipulate the ICF rule set using the [Windows Firewall] API. " (Source: securityFocus.com)
Indeed, a scary thought; and again, I recommend scrapping the SP2's Windows Firewall in favor of Zone Alarm -- a much better firewall which has the ability to notify you of all incoming *and* outgoing communication (something that the Windows Firewall doesn't do).
And as I mentioned yesterday, the Zone Alarm Firewall (free) will be covered explicitly in my new Service Pack 2 fail-safe installation guide, which will be released very shortly.
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.