Leythos schrieb:
OK, they can track outbound connections of programs that allow the PFW to control them. But what about all the others? Using a PFW is like having a police that is only capable of arresting criminals who show up in their office and tell them what they=B4ve just done.
Information is power if and only if you have the entire information. But this is exactly what you won=B4t get from a PFW.
As an example, Volker Birk has published a PoC to show how you can easily fool PFWs. His source code is available at
Why would you want to do that? On an uncompromised system you will only have outbound connections that you initiated. Why monitor them? If you have unwanted outbound connections then your system is compromised and you cannot trust any piece of software running on it.
Sorry, I am not a programmer. Others can certainly do better on that than I. But it is pretty obvious that a piece of software running with admin privileges can alter all settings of the OS or any applications without notifying the user. As a very common example, Windows Update does this all the time.
Regards Thomas