XP SP2 Firewall security breach

On Thu, 11 Nov 2004 19:49:55 GMT, John Jones spoketh

Two caveats:

1) The user needs to run the malicious program on his computer, and 2) The user needs to be logged in as administrator.

Lars M. Hansen

Remove "bad" from my e-mail address to contact me. "If you try to fail, and succeed, which have you done?"

So, you're spamming the internet with your sales ad?

"We are offering this product for a small donation $2 (£1.20). We do this only to cover our costs and we will provide any subsequent versions to you free of charge."

Interesting. But a $ 2.00 *donation* through PayPal to buy it? Strange.

On Fri, 12 Nov 2004 14:00:42 +0100, Thomas Wolf spoketh

The issue here is that this is a "vulnerability" with all software firewalls. Any firewall and/or anti-virus software can be shut of or even deleted when someone who are logged in as an administrator runs a program that they shouldn't have been running (either intentionally or accidentally by executing an attachment received via e-mail). The difference here, to some extent, is that this particular vulnerability allows for alteration of the firewall configuration rather than simply shutting it down, but the end result is pretty much the same. The firewall which was supposed to protect you no longer are...

Also, people shouldn't normally be logged in as administrators, and people shouldn't normally run random programs. But, there's a big difference between what people should do and what they actually do...

Lars M. Hansen

'badnews' with 'news' in e-mail address)

... and therefore nobody would stop the evil program to just kill the famous 'Firewall Monitor'. I would strongly suggest to install another program that constantly checks if the monitor is still running, alerting the user when it goes down ;-)

Thomas