do firewalls really work?

Archived from groups: comp.security.firewalls (More info?)

The word firewall seems to indicate a powerful piece of software that
will protect our computers from hackers while we are online. But if a
cracker can unlock a trial firewall program in a few minutes, then how
can we trust any firewall program to protect us?
23 answers Last reply
More about firewalls work
  1. Archived from groups: comp.security.firewalls (More info?)

    What makes you think "a cracker can unlock a trial firewall program in a few
    minutes?"
    --
    Dave "Crash" Dummy - A weapon of mass destruction
    crash@gpick.com?subject=Techtalk (Do not alter!)
    http://lists.gpick.com
  2. Archived from groups: comp.security.firewalls (More info?)

    "\"Crash\" Dummy" <dvader@deathstar.mil> wrote in message news:<10drvv5m1f70j32@corp.supernews.com>...
    > What makes you think "a cracker can unlock a trial firewall program in a few
    > minutes?"

    An experienced cracker who is familiar with protection systems could
    patch the trialware in a very short time to give the full version.
    I've seen how it's done.
  3. Archived from groups: comp.security.firewalls (More info?)

    John Smith wrote:

    > The word firewall seems to indicate a powerful piece of software that
    > will protect our computers from hackers while we are online. But if a
    > cracker can unlock a trial firewall program in a few minutes, then how
    > can we trust any firewall program to protect us?

    A firewall is like a bullet-resistant vest. People never say
    "bullet-resistant", do they? No, they always say "bullet-proof",
    because they don't understand security or safety.
  4. Archived from groups: comp.security.firewalls (More info?)

    On 26 Jun 2004 15:48:15 -0700, John Smith wrote:
    > The word firewall seems to indicate a powerful piece of software that
    > will protect our computers from hackers while we are online. But if a
    > cracker can unlock a trial firewall program in a few minutes, then how
    > can we trust any firewall program to protect us?

    It would be a pretty poor firewall which can be disabled from the
    internet side of the connection. Now if the user runs programs
    (browser/email,...) which can disable the firewall, the best firewall
    inthe world is useless.

    My solution is to take Micro$oft's advice you see on their product
    specifications,
    Memory: 128meg or more
    OS: win98 or better
    So I run linux OS.
  5. Archived from groups: comp.security.firewalls (More info?)

    >It would be a pretty poor firewall which can be disabled from the
    >internet side of the connection. Now if the user runs programs
    >(browser/email,...) which can disable the firewall, the best firewall
    >inthe world is useless.

    >My solution is to take Micro$oft's advice you see on their product
    >specifications,
    > Memory: 128meg or more
    >OS: win98 or better
    >So I run linux OS.

    Oh? Will Linux protect you if you run malicious software on your computer?
    --
    Dave "Crash" Dummy - A weapon of mass destruction
    crash@gpick.com?subject=Techtalk (Do not alter!)
    http://lists.gpick.com
  6. Archived from groups: comp.security.firewalls (More info?)

    >An experienced cracker who is familiar with protection systems could
    >patch the trialware in a very short time to give the full version.
    >I've seen how it's done.

    And he can do this over the internet with the firewall running?
    --
    Dave "Crash" Dummy - A weapon of mass destruction
    crash@gpick.com?subject=Techtalk (Do not alter!)
    http://lists.gpick.com
  7. Archived from groups: comp.security.firewalls (More info?)

    On Sat, 26 Jun 2004 19:16:31 -0400, "Crash" Dummy wrote:
    >>It would be a pretty poor firewall which can be disabled from the
    >>internet side of the connection. Now if the user runs programs
    >>(browser/email,...) which can disable the firewall, the best firewall
    >>inthe world is useless.
    >
    >>My solution is to take Micro$oft's advice you see on their product
    >>specifications,
    >> Memory: 128meg or more
    >>OS: win98 or better
    >>So I run linux OS.
    >
    > Oh? Will Linux protect you if you run malicious software on your computer?

    It will not run it unless I save/download it, change the permissions
    to execute, then execute it.

    Even at that, it can only wipe out my home directory/folder and not
    disable the firewall or any other system dammage.
  8. Archived from groups: comp.security.firewalls (More info?)

    x-no-archive: yes

    Bit Twister wrote:

    > On Sat, 26 Jun 2004 19:16:31 -0400, "Crash" Dummy wrote:
    >>> It would be a pretty poor firewall which can be disabled from the
    >>> internet side of the connection. Now if the user runs programs
    >>> (browser/email,...) which can disable the firewall, the best
    >>> firewall inthe world is useless.
    >>
    >>> My solution is to take Micro$oft's advice you see on their product
    >>> specifications,
    >>> Memory: 128meg or more
    >>> OS: win98 or better
    >>> So I run linux OS.
    >>
    >> Oh? Will Linux protect you if you run malicious software on your
    >> computer?
    >
    > It will not run it unless I save/download it, change the permissions
    > to execute, then execute it.
    >
    > Even at that, it can only wipe out my home directory/folder and not
    > disable the firewall or any other system dammage.

    Don't be naive. For one thing, you can run as a limited user on
    Windows, just as you can on Linux (though it's pretty unbearable in
    actual practice). And malware can do damage on Linux just as it does on
    Windows. There are privilege-elevation exploits on Linux, and there
    would be more of them if there were an impetus for malware authors to
    target the platform.

    Changing permissions has nothing to do with it for the average idiot. I
    don't care what platform you plop a moron down in front of--if that
    moron knows how to make something run, the moron will run it. Just look
    at the recent Windows malware which was sent in password-protected ZIP
    files. The payload email messages gave the users instructions on how to
    open the ZIP files, and the morons opened and ran it. Don't you think
    that the same morons would do the same thing, if they were at a Linux
    workstation, and that email gave instructions on how to change
    permissions and make something execute?
  9. Archived from groups: comp.security.firewalls (More info?)

    On Sat, 26 Jun 2004 23:33:39 GMT, · wrote:

    > Changing permissions has nothing to do with it for the average idiot. I
    > don't care what platform you plop a moron down in front of--if that
    > moron knows how to make something run, the moron will run it. Just look
    > at the recent Windows malware which was sent in password-protected ZIP
    > files. The payload email messages gave the users instructions on how to
    > open the ZIP files, and the morons opened and ran it. Don't you think
    > that the same morons would do the same thing, if they were at a Linux
    > workstation, and that email gave instructions on how to change
    > permissions and make something execute?

    No system is secure when the admin/superuser is an idiot.

    You cannot idiot proof anything because nature is constantly making
    better idiots.
  10. Archived from groups: comp.security.firewalls (More info?)

    >No system is secure when the admin/superuser is an idiot.

    >You cannot idiot proof anything because nature is constantly making
    >better idiots.

    That's why your gratuitous "So I run linux OS" was pointless. An informed user
    running Windows is more secure than an idiot running Linux. Of course, I don't
    expect anybody who spells Microsoft "Micro$oft" to be rational or objective.
    --
    Dave "Crash" Dummy - A weapon of mass destruction
    crash@gpick.com?subject=Techtalk (Do not alter!)
    http://lists.gpick.com
  11. Archived from groups: comp.security.firewalls (More info?)

    x-no-archive: yes

    Bit Twister wrote:

    > On Sat, 26 Jun 2004 23:33:39 GMT, · wrote:
    >
    >> Changing permissions has nothing to do with it for the average
    >> idiot. I don't care what platform you plop a moron down in front
    >> of--if that moron knows how to make something run, the moron will
    >> run it. Just look at the recent Windows malware which was sent in
    >> password-protected ZIP files. The payload email messages gave the
    >> users instructions on how to open the ZIP files, and the morons
    >> opened and ran it. Don't you think that the same morons would do
    >> the same thing, if they were at a Linux workstation, and that email
    >> gave instructions on how to change permissions and make something
    >> execute?
    >
    > No system is secure when the admin/superuser is an idiot.
    >
    > You cannot idiot proof anything because nature is constantly making
    > better idiots.

    Exactly my point. If you replaced Windows with Linux across the world,
    then you'd have millions of morons acting as Linux admins. And though
    the song would change, the music would still go on.
  12. Archived from groups: comp.security.firewalls (More info?)

    On Sun, 27 Jun 2004 00:08:26 GMT, · wrote:
    >
    > Exactly my point. If you replaced Windows with Linux across the world,
    > then you'd have millions of morons acting as Linux admins. And though
    > the song would change, the music would still go on.

    Hmmm, maybe, maybe not.
    Mandrakelinux out of the box has you create the user account
    and the gui login does not have the root/superuser account selection.

    That will work for the majority of the average users and they will not
    be getting infected just by reading an email.
  13. Archived from groups: comp.security.firewalls (More info?)

    "Bit Twister" <BitTwister@localhost.localdomain> skrev i meddelandet
    news:slrncds4ek.3uj.BitTwister@wb.home.invalid...
    > On Sun, 27 Jun 2004 00:08:26 GMT, · wrote:
    > >
    > > Exactly my point. If you replaced Windows with Linux across the world,
    > > then you'd have millions of morons acting as Linux admins. And though
    > > the song would change, the music would still go on.
    >
    > Hmmm, maybe, maybe not.
    > Mandrakelinux out of the box has you create the user account
    > and the gui login does not have the root/superuser account selection.
    >
    > That will work for the majority of the average users and they will not
    > be getting infected just by reading an email.
    >


    Can a hacker bypass a firewall from outside easily?
    As for spyware perhaps execution detection or registry monitoring is enough?
  14. Archived from groups: comp.security.firewalls (More info?)

    In article <df740488.0406261751.4888e728@posting.google.com>,
    warning_I_will_report_all_spam@yahoo.co.uk says...
    >An experienced cracker who is familiar with protection systems could
    >patch the trialware in a very short time to give the full version.
    >I've seen how it's done.

    You're confusing two very different "cracking" tasks. Cracking the
    program, assuming you have a copy of it on a local machine, is one thing,
    and isn't going to be any different than cracking any other type of copy-
    protection scheme. Bypassing the protection offered by firewall
    software, from a remote location when the firewall is active, is a very
    different task.

    Regards,

    George Wenzel
    --
    George Wenzel, B.A. (Criminology)
    E-mail: newsgroup1.10.geode@recursor.invalid
    E-mail address is munged. Instead of dot invalid, use dot net
  15. Archived from groups: comp.security.firewalls (More info?)

    On Sun, 27 Jun 2004 08:00:57 GMT, news wrote:

    > Can a hacker bypass a firewall from outside easily?

    Anything is easy when you know how. A CRACKER gets through the
    firewall by using a service or a bug in the firewall or Operating system.

    When you see the term *External Exploit* that means the attacker can get
    control from the outside. All the attacker has to do is it get the
    program with the external exploit to run.

    > As for spyware perhaps execution detection or registry monitoring is enough?

    Tell me, if some malware attaches it's self to a valid program which
    is already registered, would a registry monitoring program see it?
  16. Archived from groups: comp.security.firewalls (More info?)

    x-no-archive: yes

    Bit Twister wrote:

    > On Sun, 27 Jun 2004 08:00:57 GMT, news wrote:
    >
    >> Can a hacker bypass a firewall from outside easily?
    >
    > Anything is easy when you know how. A CRACKER gets through the
    > firewall by using a service or a bug in the firewall or Operating
    > system.
    >
    > When you see the term *External Exploit* that means the attacker can
    > get control from the outside. All the attacker has to do is it get the
    > program with the external exploit to run.
    >
    >> As for spyware perhaps execution detection or registry monitoring is
    >> enough?
    >
    > Tell me, if some malware attaches it's self to a valid program which
    > is already registered, would a registry monitoring program see it?

    It's possible to bypass most normal means of file system and registry
    monitoring, by screwing with the Windows APIs. This is why you really
    need to do your forensics from a different, known-clean system. I'm not
    saying this kind of attack is at all common.
  17. Archived from groups: comp.security.firewalls (More info?)

    On 26 Jun 04 20:06, "Crash" Dummy wrote:

    > Of course, I don't expect anybody who spells Microsoft "Micro$oft" to
    > be rational or objective.

    That's not entirely fair, I still do it when being facetious. ;)
    --
    Zarggg
    KeyID: 0x6425C4ED
    <http://www.zarggg.net/>
    See <http://www.zarggg.net/contact.html> for contact information.
  18. Archived from groups: comp.security.firewalls (More info?)

    On 2004-06-26, · <sdglockman@hotmail.com> wrote:
    > Don't be naive. For one thing, you can run as a limited user on Windows,
    > just as you can on Linux (though it's pretty unbearable in actual
    > practice). And malware can do damage on Linux just as it does on Windows.
    > There are privilege-elevation exploits on Linux, and there would be more
    > of them if there were an impetus for malware authors to target the
    > platform.

    There is a huge impetus for malware authors to target Linux: servers.

    As far as privilege-elevation exploits go, on Linux they are almost always
    implementation bugs, which are quickly fixed. On Windows, a huge fraction
    of the IE and OE bugs are architectural problems.

    --
    --Tim Smith
  19. Archived from groups: comp.security.firewalls (More info?)

    >There is a huge impetus for malware authors to target Linux: servers.

    >As far as privilege-elevation exploits go, on Linux they are almost always
    >implementation bugs, which are quickly fixed. On Windows, a huge fraction
    >of the IE and OE bugs are architectural problems.

    There is an informative article on the relative security of various systems
    here:
    http://www.techworld.com/security/news/index.cfm?newsid=1798
    --
    Dave "Crash" Dummy - A weapon of mass destruction
    crash@gpick.com?subject=Techtalk (Do not alter!)
    http://lists.gpick.com
  20. Archived from groups: comp.security.firewalls (More info?)

    Taking a moment's reflection, Bit Twister mused:
    |
    | Tell me, if some malware attaches it's self to a valid program which
    | is already registered, would a registry monitoring program see it?

    Several of the latest software firewall implementations would detect
    this change.
  21. Archived from groups: comp.security.firewalls (More info?)

    Taking a moment's reflection, John Smith mused:
    |
    | An experienced cracker who is familiar with protection systems could
    | patch the trialware in a very short time to give the full version.
    | I've seen how it's done.

    Cracking the protection code to enable features in the software is
    actually quite the opposite of disabling the software.
  22. Archived from groups: comp.security.firewalls (More info?)

    On Mon, 28 Jun 2004 21:29:52 GMT, mhicaoidh wrote:
    > Taking a moment's reflection, Bit Twister mused:
    > |
    > | Tell me, if some malware attaches it's self to a valid program which
    > | is already registered, would a registry monitoring program see it?
    >
    > Several of the latest software firewall implementations would detect
    > this change.

    We were talkkng about a registery monitoring program. I know
    anti-virus software checks for program changes, I had no idea that
    /firewall softwaare/ has started do the checks also.
  23. Archived from groups: comp.security.firewalls (More info?)

    Bit Twister <BitTwister@localhost.localdomain> wrote in
    news:slrnce15tt.ami.BitTwister@wb.home.invalid:

    > On Mon, 28 Jun 2004 21:29:52 GMT, mhicaoidh wrote:
    >> Taking a moment's reflection, Bit Twister mused:
    >> |
    >> | Tell me, if some malware attaches it's self to a valid program which
    >> | is already registered, would a registry monitoring program see it?
    >>
    >> Several of the latest software firewall implementations would
    detect
    >> this change.
    >
    > We were talkkng about a registery monitoring program. I know
    > anti-virus software checks for program changes, I had no idea that
    > /firewall softwaare/ has started do the checks also.

    Some PFW solutions use the MD5 checksum technology.

    Duane :)
Ask a new question

Read More

Firewalls Computers Security Software Networking