What are these vulnerabilities caused by personal firewalls?

After reading many messages in this group about the disadvantages of personal firewalls, I have a kind of hazy understanding about what they are but one thing still puzzles me:-

What exactly are the vulnerabilities created by installing personal firewalls? The short answer seems to be:-

a) They don't stop outgoing traffic except from applications which allow themselves to be controlled.

To me this doesn't seem so serious - as I recall one contributor commented that some control over outgoing is better than non at all.

b) They open up some services in Windows XP which most users shouldn't have running, and therefore make the computer more vulnerable to malware.

This seems quite serious, but I can't recall anyone listing what those services are and I think to myself, "if these personal firewalls have been studied in a technical sense and found to open undesirable services, surely there would be a list of what they are, for each of the personal firewalls such as Kerio, Outpost, Sygate and Zone Alarm".

I'm just being curious, but has anyone a reference I could look up which lists what these services are, for each of the above firewalls?

(Or are people just making assumptions that personal firewalls can't operate without opening undesirable services)?


John S

Reply to
John S
Loading thread data ...

Security needs to be reliable. If a measure isn't reliable, it doesn't give you security. If someone wants a personal firewall to just monitor some application traffic without the reliability requirement: very well, but that is not a security measure and thus not subject to this group.

No, that's not quite it. They start services with SYSTEM privileges, and run them *interactively*. That may make the services vulnerable to local privilege elevations through shatter attacks.

It's not really "undesireable services", since the services in question are part of the personal firewalls. The issue at hand is the way they are implemented, which ignores Microsoft's recommendations concerning services.

Another problem with personal firewalls is that the code of the personal firewall itself may contain exploitable bugs, thus a computer with personal firewall may be more vulnerable than a computer without it (provided that the unneeded services have been turned off).

Also there's the "skill" issue. Usually personal firewalls do not provide sufficient information, nor are the users educated enough (which is why they use a personal firewall in the first place) to make reasonable decisions about whether to allow or deny something.


Reply to
Ansgar -59cobalt- Wiechers

It is not. It is not, if the user _knows_ that, and does not blieve in the advertisments of the "Personal Firewall" providers.

The user _must_ _not_ feel secure here.

And: it _is_ serious because of a psychological effect: usually, users understand those popups "Personal Firewalls" are showing as a warning from "malicious traffic".

And this does harm: users then often don't have the newest software version i.e. of Adobe Reader (or others), because the "Personal Firewall" warned from "malicious traffic" of the online software update. And this leads into the situation of users being vulnerable to malicous PDFs, for example, everytime when Adobe Reader has another exploit.

It is not because of arbitrary services or in the meaning of "network programs, which open listening sockets".

The problem is, that many "Personal Firewalls" implement nonsense like this:

or this:

Or make your PC vulnerable to the SelfDoS attack, or implement holes like that one the Witty worm used, or ...

Yours, VB.

Reply to
Volker Birk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.