Sign in with
Sign up | Sign in
Your question

do firewalls really work?

Last response: in Networking
Share
Anonymous
a b 8 Security
June 26, 2004 7:48:15 PM

Archived from groups: comp.security.firewalls (More info?)

The word firewall seems to indicate a powerful piece of software that
will protect our computers from hackers while we are online. But if a
cracker can unlock a trial firewall program in a few minutes, then how
can we trust any firewall program to protect us?

More about : firewalls work

Anonymous
a b 8 Security
June 26, 2004 10:59:49 PM

Archived from groups: comp.security.firewalls (More info?)

What makes you think "a cracker can unlock a trial firewall program in a few
minutes?"
--
Dave "Crash" Dummy - A weapon of mass destruction
crash@gpick.com?subject=Techtalk (Do not alter!)
http://lists.gpick.com
Anonymous
a b 8 Security
June 26, 2004 10:59:50 PM

Archived from groups: comp.security.firewalls (More info?)

"\"Crash\" Dummy" <dvader@deathstar.mil> wrote in message news:<10drvv5m1f70j32@corp.supernews.com>...
> What makes you think "a cracker can unlock a trial firewall program in a few
> minutes?"

An experienced cracker who is familiar with protection systems could
patch the trialware in a very short time to give the full version.
I've seen how it's done.
Related resources
June 27, 2004 2:57:23 AM

Archived from groups: comp.security.firewalls (More info?)

John Smith wrote:

> The word firewall seems to indicate a powerful piece of software that
> will protect our computers from hackers while we are online. But if a
> cracker can unlock a trial firewall program in a few minutes, then how
> can we trust any firewall program to protect us?

A firewall is like a bullet-resistant vest. People never say
"bullet-resistant", do they? No, they always say "bullet-proof",
because they don't understand security or safety.
Anonymous
a b 8 Security
June 27, 2004 3:00:02 AM

Archived from groups: comp.security.firewalls (More info?)

On 26 Jun 2004 15:48:15 -0700, John Smith wrote:
> The word firewall seems to indicate a powerful piece of software that
> will protect our computers from hackers while we are online. But if a
> cracker can unlock a trial firewall program in a few minutes, then how
> can we trust any firewall program to protect us?

It would be a pretty poor firewall which can be disabled from the
internet side of the connection. Now if the user runs programs
(browser/email,...) which can disable the firewall, the best firewall
inthe world is useless.

My solution is to take Micro$oft's advice you see on their product
specifications,
Memory: 128meg or more
OS: win98 or better
So I run linux OS.
Anonymous
a b 8 Security
June 27, 2004 3:00:03 AM

Archived from groups: comp.security.firewalls (More info?)

>It would be a pretty poor firewall which can be disabled from the
>internet side of the connection. Now if the user runs programs
>(browser/email,...) which can disable the firewall, the best firewall
>inthe world is useless.

>My solution is to take Micro$oft's advice you see on their product
>specifications,
> Memory: 128meg or more
>OS: win98 or better
>So I run linux OS.

Oh? Will Linux protect you if you run malicious software on your computer?
--
Dave "Crash" Dummy - A weapon of mass destruction
crash@gpick.com?subject=Techtalk (Do not alter!)
http://lists.gpick.com
Anonymous
a b 8 Security
June 27, 2004 3:14:10 AM

Archived from groups: comp.security.firewalls (More info?)

>An experienced cracker who is familiar with protection systems could
>patch the trialware in a very short time to give the full version.
>I've seen how it's done.

And he can do this over the internet with the firewall running?
--
Dave "Crash" Dummy - A weapon of mass destruction
crash@gpick.com?subject=Techtalk (Do not alter!)
http://lists.gpick.com
Anonymous
a b 8 Security
June 27, 2004 3:26:10 AM

Archived from groups: comp.security.firewalls (More info?)

On Sat, 26 Jun 2004 19:16:31 -0400, "Crash" Dummy wrote:
>>It would be a pretty poor firewall which can be disabled from the
>>internet side of the connection. Now if the user runs programs
>>(browser/email,...) which can disable the firewall, the best firewall
>>inthe world is useless.
>
>>My solution is to take Micro$oft's advice you see on their product
>>specifications,
>> Memory: 128meg or more
>>OS: win98 or better
>>So I run linux OS.
>
> Oh? Will Linux protect you if you run malicious software on your computer?

It will not run it unless I save/download it, change the permissions
to execute, then execute it.

Even at that, it can only wipe out my home directory/folder and not
disable the firewall or any other system dammage.
June 27, 2004 3:33:39 AM

Archived from groups: comp.security.firewalls (More info?)

x-no-archive: yes

Bit Twister wrote:

> On Sat, 26 Jun 2004 19:16:31 -0400, "Crash" Dummy wrote:
>>> It would be a pretty poor firewall which can be disabled from the
>>> internet side of the connection. Now if the user runs programs
>>> (browser/email,...) which can disable the firewall, the best
>>> firewall inthe world is useless.
>>
>>> My solution is to take Micro$oft's advice you see on their product
>>> specifications,
>>> Memory: 128meg or more
>>> OS: win98 or better
>>> So I run linux OS.
>>
>> Oh? Will Linux protect you if you run malicious software on your
>> computer?
>
> It will not run it unless I save/download it, change the permissions
> to execute, then execute it.
>
> Even at that, it can only wipe out my home directory/folder and not
> disable the firewall or any other system dammage.

Don't be naive. For one thing, you can run as a limited user on
Windows, just as you can on Linux (though it's pretty unbearable in
actual practice). And malware can do damage on Linux just as it does on
Windows. There are privilege-elevation exploits on Linux, and there
would be more of them if there were an impetus for malware authors to
target the platform.

Changing permissions has nothing to do with it for the average idiot. I
don't care what platform you plop a moron down in front of--if that
moron knows how to make something run, the moron will run it. Just look
at the recent Windows malware which was sent in password-protected ZIP
files. The payload email messages gave the users instructions on how to
open the ZIP files, and the morons opened and ran it. Don't you think
that the same morons would do the same thing, if they were at a Linux
workstation, and that email gave instructions on how to change
permissions and make something execute?
Anonymous
a b 8 Security
June 27, 2004 3:45:12 AM

Archived from groups: comp.security.firewalls (More info?)

On Sat, 26 Jun 2004 23:33:39 GMT, · wrote:

> Changing permissions has nothing to do with it for the average idiot. I
> don't care what platform you plop a moron down in front of--if that
> moron knows how to make something run, the moron will run it. Just look
> at the recent Windows malware which was sent in password-protected ZIP
> files. The payload email messages gave the users instructions on how to
> open the ZIP files, and the morons opened and ran it. Don't you think
> that the same morons would do the same thing, if they were at a Linux
> workstation, and that email gave instructions on how to change
> permissions and make something execute?

No system is secure when the admin/superuser is an idiot.

You cannot idiot proof anything because nature is constantly making
better idiots.
Anonymous
a b 8 Security
June 27, 2004 3:45:13 AM

Archived from groups: comp.security.firewalls (More info?)

>No system is secure when the admin/superuser is an idiot.

>You cannot idiot proof anything because nature is constantly making
>better idiots.

That's why your gratuitous "So I run linux OS" was pointless. An informed user
running Windows is more secure than an idiot running Linux. Of course, I don't
expect anybody who spells Microsoft "Micro$oft" to be rational or objective.
--
Dave "Crash" Dummy - A weapon of mass destruction
crash@gpick.com?subject=Techtalk (Do not alter!)
http://lists.gpick.com
June 27, 2004 4:08:26 AM

Archived from groups: comp.security.firewalls (More info?)

x-no-archive: yes

Bit Twister wrote:

> On Sat, 26 Jun 2004 23:33:39 GMT, · wrote:
>
>> Changing permissions has nothing to do with it for the average
>> idiot. I don't care what platform you plop a moron down in front
>> of--if that moron knows how to make something run, the moron will
>> run it. Just look at the recent Windows malware which was sent in
>> password-protected ZIP files. The payload email messages gave the
>> users instructions on how to open the ZIP files, and the morons
>> opened and ran it. Don't you think that the same morons would do
>> the same thing, if they were at a Linux workstation, and that email
>> gave instructions on how to change permissions and make something
>> execute?
>
> No system is secure when the admin/superuser is an idiot.
>
> You cannot idiot proof anything because nature is constantly making
> better idiots.

Exactly my point. If you replaced Windows with Linux across the world,
then you'd have millions of morons acting as Linux admins. And though
the song would change, the music would still go on.
Anonymous
a b 8 Security
June 27, 2004 4:16:19 AM

Archived from groups: comp.security.firewalls (More info?)

On Sun, 27 Jun 2004 00:08:26 GMT, · wrote:
>
> Exactly my point. If you replaced Windows with Linux across the world,
> then you'd have millions of morons acting as Linux admins. And though
> the song would change, the music would still go on.

Hmmm, maybe, maybe not.
Mandrakelinux out of the box has you create the user account
and the gui login does not have the root/superuser account selection.

That will work for the majority of the average users and they will not
be getting infected just by reading an email.
Anonymous
a b 8 Security
June 27, 2004 12:00:57 PM

Archived from groups: comp.security.firewalls (More info?)

"Bit Twister" <BitTwister@localhost.localdomain> skrev i meddelandet
news:slrncds4ek.3uj.BitTwister@wb.home.invalid...
> On Sun, 27 Jun 2004 00:08:26 GMT, · wrote:
> >
> > Exactly my point. If you replaced Windows with Linux across the world,
> > then you'd have millions of morons acting as Linux admins. And though
> > the song would change, the music would still go on.
>
> Hmmm, maybe, maybe not.
> Mandrakelinux out of the box has you create the user account
> and the gui login does not have the root/superuser account selection.
>
> That will work for the majority of the average users and they will not
> be getting infected just by reading an email.
>




Can a hacker bypass a firewall from outside easily?
As for spyware perhaps execution detection or registry monitoring is enough?
Anonymous
a b 8 Security
June 27, 2004 3:58:28 PM

Archived from groups: comp.security.firewalls (More info?)

In article <df740488.0406261751.4888e728@posting.google.com>,
warning_I_will_report_all_spam@yahoo.co.uk says...
>An experienced cracker who is familiar with protection systems could
>patch the trialware in a very short time to give the full version.
>I've seen how it's done.

You're confusing two very different "cracking" tasks. Cracking the
program, assuming you have a copy of it on a local machine, is one thing,
and isn't going to be any different than cracking any other type of copy-
protection scheme. Bypassing the protection offered by firewall
software, from a remote location when the firewall is active, is a very
different task.

Regards,

George Wenzel
--
George Wenzel, B.A. (Criminology)
E-mail: newsgroup1.10.geode@recursor.invalid
E-mail address is munged. Instead of dot invalid, use dot net
Anonymous
a b 8 Security
June 27, 2004 4:10:21 PM

Archived from groups: comp.security.firewalls (More info?)

On Sun, 27 Jun 2004 08:00:57 GMT, news wrote:

> Can a hacker bypass a firewall from outside easily?

Anything is easy when you know how. A CRACKER gets through the
firewall by using a service or a bug in the firewall or Operating system.

When you see the term *External Exploit* that means the attacker can get
control from the outside. All the attacker has to do is it get the
program with the external exploit to run.

> As for spyware perhaps execution detection or registry monitoring is enough?

Tell me, if some malware attaches it's self to a valid program which
is already registered, would a registry monitoring program see it?
June 27, 2004 9:18:56 PM

Archived from groups: comp.security.firewalls (More info?)

x-no-archive: yes

Bit Twister wrote:

> On Sun, 27 Jun 2004 08:00:57 GMT, news wrote:
>
>> Can a hacker bypass a firewall from outside easily?
>
> Anything is easy when you know how. A CRACKER gets through the
> firewall by using a service or a bug in the firewall or Operating
> system.
>
> When you see the term *External Exploit* that means the attacker can
> get control from the outside. All the attacker has to do is it get the
> program with the external exploit to run.
>
>> As for spyware perhaps execution detection or registry monitoring is
>> enough?
>
> Tell me, if some malware attaches it's self to a valid program which
> is already registered, would a registry monitoring program see it?

It's possible to bypass most normal means of file system and registry
monitoring, by screwing with the Windows APIs. This is why you really
need to do your forensics from a different, known-clean system. I'm not
saying this kind of attack is at all common.
Anonymous
a b 8 Security
June 27, 2004 9:23:04 PM

Archived from groups: comp.security.firewalls (More info?)

On 26 Jun 04 20:06, "Crash" Dummy wrote:

> Of course, I don't expect anybody who spells Microsoft "Micro$oft" to
> be rational or objective.

That's not entirely fair, I still do it when being facetious. ;) 
--
Zarggg
KeyID: 0x6425C4ED
<http://www.zarggg.net/&gt;
See <http://www.zarggg.net/contact.html&gt; for contact information.
Anonymous
a b 8 Security
June 28, 2004 10:48:45 PM

Archived from groups: comp.security.firewalls (More info?)

On 2004-06-26, · <sdglockman@hotmail.com> wrote:
> Don't be naive. For one thing, you can run as a limited user on Windows,
> just as you can on Linux (though it's pretty unbearable in actual
> practice). And malware can do damage on Linux just as it does on Windows.
> There are privilege-elevation exploits on Linux, and there would be more
> of them if there were an impetus for malware authors to target the
> platform.

There is a huge impetus for malware authors to target Linux: servers.

As far as privilege-elevation exploits go, on Linux they are almost always
implementation bugs, which are quickly fixed. On Windows, a huge fraction
of the IE and OE bugs are architectural problems.

--
--Tim Smith
Anonymous
a b 8 Security
June 28, 2004 10:48:46 PM

Archived from groups: comp.security.firewalls (More info?)

>There is a huge impetus for malware authors to target Linux: servers.

>As far as privilege-elevation exploits go, on Linux they are almost always
>implementation bugs, which are quickly fixed. On Windows, a huge fraction
>of the IE and OE bugs are architectural problems.

There is an informative article on the relative security of various systems
here:
http://www.techworld.com/security/news/index.cfm?newsid...
--
Dave "Crash" Dummy - A weapon of mass destruction
crash@gpick.com?subject=Techtalk (Do not alter!)
http://lists.gpick.com
Anonymous
a b 8 Security
June 29, 2004 1:29:52 AM

Archived from groups: comp.security.firewalls (More info?)

Taking a moment's reflection, Bit Twister mused:
|
| Tell me, if some malware attaches it's self to a valid program which
| is already registered, would a registry monitoring program see it?

Several of the latest software firewall implementations would detect
this change.
Anonymous
a b 8 Security
June 29, 2004 1:30:26 AM

Archived from groups: comp.security.firewalls (More info?)

Taking a moment's reflection, John Smith mused:
|
| An experienced cracker who is familiar with protection systems could
| patch the trialware in a very short time to give the full version.
| I've seen how it's done.

Cracking the protection code to enable features in the software is
actually quite the opposite of disabling the software.
Anonymous
a b 8 Security
June 29, 2004 2:12:13 AM

Archived from groups: comp.security.firewalls (More info?)

On Mon, 28 Jun 2004 21:29:52 GMT, mhicaoidh wrote:
> Taking a moment's reflection, Bit Twister mused:
> |
> | Tell me, if some malware attaches it's self to a valid program which
> | is already registered, would a registry monitoring program see it?
>
> Several of the latest software firewall implementations would detect
> this change.

We were talkkng about a registery monitoring program. I know
anti-virus software checks for program changes, I had no idea that
/firewall softwaare/ has started do the checks also.
Anonymous
a b 8 Security
June 29, 2004 6:17:49 AM

Archived from groups: comp.security.firewalls (More info?)

Bit Twister <BitTwister@localhost.localdomain> wrote in
news:slrnce15tt.ami.BitTwister@wb.home.invalid:

> On Mon, 28 Jun 2004 21:29:52 GMT, mhicaoidh wrote:
>> Taking a moment's reflection, Bit Twister mused:
>> |
>> | Tell me, if some malware attaches it's self to a valid program which
>> | is already registered, would a registry monitoring program see it?
>>
>> Several of the latest software firewall implementations would
detect
>> this change.
>
> We were talkkng about a registery monitoring program. I know
> anti-virus software checks for program changes, I had no idea that
> /firewall softwaare/ has started do the checks also.

Some PFW solutions use the MD5 checksum technology.

Duane :) 
!