Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Windows Firwall security?

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 01-08-2007
=?Utf-8?B?Um9iZXJ0IFNjaG91bHR6?=
 

Posts: n/a
Windows Firwall security?
Hello.

I've found Windows Firewall fascinating but I've always used other software
firewalls instead of it. I've tried the firewall in Windows Vista RC1 and it
works just fine. However, something scares the hell out of me. I installed a
torrent client called uTorrent, in this torrent client there is a checkbox
which says "Add uTorrent to Windows Firewall exceptions (Windows XP SP2 and
later only)".

I'm impressed with the security the firewall has but this is insane, you are
actually allowing third party programs to allow themselves through the
firewall? Say hello to Trojans...

--
/Robert
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 01-08-2007
Robert Moir
 

Posts: n/a
Re: Windows Firwall security?
Robert Schoultz wrote:
> Hello.
>
> I've found Windows Firewall fascinating but I've always used other
> software firewalls instead of it. I've tried the firewall in Windows
> Vista RC1 and it works just fine. However, something scares the hell
> out of me. I installed a torrent client called uTorrent, in this
> torrent client there is a checkbox which says "Add uTorrent to
> Windows Firewall exceptions (Windows XP SP2 and later only)".
>
> I'm impressed with the security the firewall has but this is insane,
> you are actually allowing third party programs to allow themselves
> through the firewall? Say hello to Trojans...


As has been explained countless times in the various Microsoft forums, this
has been the problem with 'software firewalls' that filter outgoing traffic
all along - if you are logged in with an admin account then any software you
run can do whatever it wants to any and all of your security software.
Switch it off, subvert it, add itself as an 'exception' to the rules,
whatever it wants, and probably without you ever knowing if it wants to do
that too.

Always been the case. The only difference between the Microsoft firewall
here and any other competitor you care to name is that at least Microsoft
are being honest about it!

regards
Rob Moir.


Reply With Quote
  #3 (permalink)  
Old 01-08-2007
=?Utf-8?B?Um9iZXJ0IFNjaG91bHR6?=
 

Posts: n/a
Re: Windows Firwall security?
Well, I am logged into my administrator account, however the application
never asked for administrator privilieges (like many other applications does
like installers etc.) and this is what worries me.

And yeah, all software firewalls can be worked around but I actually thought
the Windows firewall had more security than other software firewalls since it
is a part of the operative system thus I at least think it should be more
protected. That's my opinion.
--
/Robert


"Robert Moir" wrote:

> Robert Schoultz wrote:
> > Hello.
> >
> > I've found Windows Firewall fascinating but I've always used other
> > software firewalls instead of it. I've tried the firewall in Windows
> > Vista RC1 and it works just fine. However, something scares the hell
> > out of me. I installed a torrent client called uTorrent, in this
> > torrent client there is a checkbox which says "Add uTorrent to
> > Windows Firewall exceptions (Windows XP SP2 and later only)".
> >
> > I'm impressed with the security the firewall has but this is insane,
> > you are actually allowing third party programs to allow themselves
> > through the firewall? Say hello to Trojans...

>
> As has been explained countless times in the various Microsoft forums, this
> has been the problem with 'software firewalls' that filter outgoing traffic
> all along - if you are logged in with an admin account then any software you
> run can do whatever it wants to any and all of your security software.
> Switch it off, subvert it, add itself as an 'exception' to the rules,
> whatever it wants, and probably without you ever knowing if it wants to do
> that too.
>
> Always been the case. The only difference between the Microsoft firewall
> here and any other competitor you care to name is that at least Microsoft
> are being honest about it!
>
> regards
> Rob Moir.
>
>
>

Reply With Quote
  #4 (permalink)  
Old 01-09-2007
Alun Jones
 

Posts: n/a
Re: Windows Firwall security?
"Robert Schoultz" <RobertSchoultz@discussions.microsoft.com> wrote in
message news:7DCF68DA-9162-4E81-8076-70868C92CBC9@microsoft.com...
> Well, I am logged into my administrator account, however the application
> never asked for administrator privilieges (like many other applications
> does
> like installers etc.) and this is what worries me.
>
> And yeah, all software firewalls can be worked around but I actually
> thought
> the Windows firewall had more security than other software firewalls since
> it
> is a part of the operative system thus I at least think it should be more
> protected. That's my opinion.


It's certainly very secure in what it does - but as the administrator, you
can configure it. If you can configure it, then any program running under
your account can configure it.

This is the same for any other firewall (but with a lower market
penetration, they won't get a special button just to disable them). I find
it hard to imagine how Microsoft could make this more secure - some kind of
option that says "figure out if this is me, or a program pretending to be
me" is way beyond the sort of computer models that I've seen.

Curiously enough, Microsoft does have a leg of their Trustworthy Computing
initiative that talks about having signed operations in a secure area, so
that you can be certain that an action was approved at the real keyboard,
but this requires having cryptographic hardware in your keyboard, your video
card, your monitor and possibly even your mouse. What you're asking for is
expensive.

Alun.
~~~~


Reply With Quote
  #5 (permalink)  
Old 01-09-2007
=?Utf-8?B?bWlr?=
 

Posts: n/a
RE: Windows Firwall security?


"Robert Schoultz" wrote:

> I'm impressed with the security the firewall has but this is insane, you are
> actually allowing third party programs to allow themselves through the
> firewall? Say hello to Trojans...


I agree with you.
UAC as a lot of warning but the crazy thing is tha UAC programmers forgotten
to add a check for adding rules into the firewall and so any installation
programs can open ports, create a rule, destroy all rules, without user
consent! This is bad!!!
Reply With Quote
  #6 (permalink)  
Old 01-09-2007
=?Utf-8?B?bWlr?=
 

Posts: n/a
RE: Windows Firwall security?
"Robert Schoultz" wrote:

> I'm impressed with the security the firewall has but this is insane, you are
> actually allowing third party programs to allow themselves through the
> firewall? Say hello to Trojans...


I agree with you.
UAC has a lot of warnings, but the crazy thing is that UAC programmers
forgotten
to add a check for adding rules into the firewall and so any installation
program can open ports, create a rule, destroy all rules, without user
consent! This is bad!!! They could add an UAC check similar to one present
in IE7 which show an UAC warning when an user change an IE7 option.
Reply With Quote
  #7 (permalink)  
Old 01-09-2007
=?Utf-8?B?Um9iZXJ0IFNjaG91bHR6?=
 

Posts: n/a
RE: Windows Firwall security?
"mik" wrote:
> I agree with you.
> UAC has a lot of warnings, but the crazy thing is that UAC programmers
> forgotten
> to add a check for adding rules into the firewall and so any installation
> program can open ports, create a rule, destroy all rules, without user
> consent! This is bad!!! They could add an UAC check similar to one present
> in IE7 which show an UAC warning when an user change an IE7 option.


Exactly!
--
/Robert
Reply With Quote
  #8 (permalink)  
Old 01-10-2007
Robert Moir
 

Posts: n/a
Re: Windows Firwall security?
Robert Schoultz wrote:
> "mik" wrote:
>> I agree with you.
>> UAC has a lot of warnings, but the crazy thing is that UAC
>> programmers forgotten
>> to add a check for adding rules into the firewall and so any
>> installation program can open ports, create a rule, destroy all
>> rules, without user consent! This is bad!!! They could add an UAC
>> check similar to one present in IE7 which show an UAC warning when
>> an user change an IE7 option.

>
> Exactly!


There's a flaw in your thoughts, folks.

The installation program *already* has had UAC authorisation from you by the
time it gets around to changing the firewall, or it already wouldn't be
running. Remember back to when you started the install routine and UAC
popped up and invited you to only allow the process to go ahead if you
trusted the source because you were about to authorise the installer to do
whatever it wanted to your system? But instead you want the UAC prompt at
the start to actually read your mind and only allow the sorts of changes you
want to allow?

How annoyed would you be if your idea of breaking down the actions of the
installer and authorising some parts of the install seperately was taken to
its conclusion? Because if we're breaking out changes to the firewall as
part of the installer, I'd quite like to have changes to my start menu
notified, because I'm one of those types who likes to keep the start menu
arranged just so.

I know, start menus may seem trivial to you, but then this carping on about
the firewall like it's something sacred seems trivial to me, and frankly I
find it a real pain in the hoop to have to constantly tidy up my start menu
when I get everything 'just so' and an installer runs and does whatever it
wants to all my lovely menu categories (and don't reply and tell me this
isn't a security issue. I can point out lots of reasons why it could easily
be, but this is going to be a pretty long post as it is).

I think if MS accept your special case they should accept mine too. But
wait, I'm not the whole world, and neither are you. In fact not even
everyone on this thread combined is the whole world, so lets think about
other people's special cases as well. Got to be fair!

I'm willing to bet that some people will want to know about changes to the
hard disk, e.g. what files get installed and where. If we're lucky, they
*won't* want to know about changes to different areas of the disk as
seperate notifications.

Then there's the registry. Again, if we're lucky, people won't insist on
seperate notifications for each hive.

Then of course the firewall, the reason we're here. Ok, fine.

Better check that the user doesn't consider adding an icon to the desktop as
seperate from adding it to the start menu; there might be someone out there
even more obsessive about where the icons get put than me! Actually, while
we're here, is the quick-launch menu seperate from the desktop and the start
menu? Better ask for authorisation for that too.

Is that everything? Ooh wait, should changes to the browser be notified as a
seperate thing? I wouldn't normally bother myself, but while we're here we
might as well throw that in too.

Ok, so if we install something that hits all these buttons, that's one UAC
auth to start setup, and *at least* 6 or 7 more for each 'section' I've
outlined above. Something like 8 UAC prompts, if we follow this through
properly.

Seems a little over the top to me. Maybe we should... oh let it come...
actually realise that whoever has an admin password effectively "owns" the
computer and maybe take responsibility for our own actions when we choose to
trust a software installer with our admin password?

Regards
Rob


Reply With Quote
  #9 (permalink)  
Old 01-11-2007
=?Utf-8?B?RmlyZVdhbGwy?=
 

Posts: n/a
Re: Windows Firwall security?
Hello Robert,

Very much I enjoyed reading your Post.

--
Firewall


"Robert Moir" wrote:

> Robert Schoultz wrote:
> > "mik" wrote:
> >> I agree with you.
> >> UAC has a lot of warnings, but the crazy thing is that UAC
> >> programmers forgotten
> >> to add a check for adding rules into the firewall and so any
> >> installation program can open ports, create a rule, destroy all
> >> rules, without user consent! This is bad!!! They could add an UAC
> >> check similar to one present in IE7 which show an UAC warning when
> >> an user change an IE7 option.

> >
> > Exactly!

>
> There's a flaw in your thoughts, folks.
>
> The installation program *already* has had UAC authorisation from you by the
> time it gets around to changing the firewall, or it already wouldn't be
> running. Remember back to when you started the install routine and UAC
> popped up and invited you to only allow the process to go ahead if you
> trusted the source because you were about to authorise the installer to do
> whatever it wanted to your system? But instead you want the UAC prompt at
> the start to actually read your mind and only allow the sorts of changes you
> want to allow?
>
> How annoyed would you be if your idea of breaking down the actions of the
> installer and authorising some parts of the install seperately was taken to
> its conclusion? Because if we're breaking out changes to the firewall as
> part of the installer, I'd quite like to have changes to my start menu
> notified, because I'm one of those types who likes to keep the start menu
> arranged just so.
>
> I know, start menus may seem trivial to you, but then this carping on about
> the firewall like it's something sacred seems trivial to me, and frankly I
> find it a real pain in the hoop to have to constantly tidy up my start menu
> when I get everything 'just so' and an installer runs and does whatever it
> wants to all my lovely menu categories (and don't reply and tell me this
> isn't a security issue. I can point out lots of reasons why it could easily
> be, but this is going to be a pretty long post as it is).
>
> I think if MS accept your special case they should accept mine too. But
> wait, I'm not the whole world, and neither are you. In fact not even
> everyone on this thread combined is the whole world, so lets think about
> other people's special cases as well. Got to be fair!
>
> I'm willing to bet that some people will want to know about changes to the
> hard disk, e.g. what files get installed and where. If we're lucky, they
> *won't* want to know about changes to different areas of the disk as
> seperate notifications.
>
> Then there's the registry. Again, if we're lucky, people won't insist on
> seperate notifications for each hive.
>
> Then of course the firewall, the reason we're here. Ok, fine.
>
> Better check that the user doesn't consider adding an icon to the desktop as
> seperate from adding it to the start menu; there might be someone out there
> even more obsessive about where the icons get put than me! Actually, while
> we're here, is the quick-launch menu seperate from the desktop and the start
> menu? Better ask for authorisation for that too.
>
> Is that everything? Ooh wait, should changes to the browser be notified as a
> seperate thing? I wouldn't normally bother myself, but while we're here we
> might as well throw that in too.
>
> Ok, so if we install something that hits all these buttons, that's one UAC
> auth to start setup, and *at least* 6 or 7 more for each 'section' I've
> outlined above. Something like 8 UAC prompts, if we follow this through
> properly.
>
> Seems a little over the top to me. Maybe we should... oh let it come...
> actually realise that whoever has an admin password effectively "owns" the
> computer and maybe take responsibility for our own actions when we choose to
> trust a software installer with our admin password?
>
> Regards
> Rob
>
>
>

Reply With Quote
  #10 (permalink)  
Old 01-11-2007
=?Utf-8?B?SmVzcGVy?=
 

Posts: n/a
RE: Windows Firwall security?
How does that have anything to do with UAC? You are running an installer
elevated. UAC allows you to run more things elevated and helps you elevate
more easily. If you elevate malware UAC is completely out of the picture.

Based on this type of logic you could complain that Adobe Photoshop doesn't
stop malicious software running as an admin from adding firewall rules
either. It has about the same level of bearing on what malicious software you
elevated does as does UAC.

"mik" wrote:

> "Robert Schoultz" wrote:
>
> > I'm impressed with the security the firewall has but this is insane, you are
> > actually allowing third party programs to allow themselves through the
> > firewall? Say hello to Trojans...

>
> I agree with you.
> UAC has a lot of warnings, but the crazy thing is that UAC programmers
> forgotten
> to add a check for adding rules into the firewall and so any installation
> program can open ports, create a rule, destroy all rules, without user
> consent! This is bad!!! They could add an UAC check similar to one present
> in IE7 which show an UAC warning when an user change an IE7 option.

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
XP Can't access Vista Share TedF microsoft.public.windows.vista.networking sharing 12 04-30-2010 14:12
Windows Easy Transfer Companion MICHAEL microsoft.public.windows.vista.performance maintenance 7 06-23-2007 04:55
Dave Pogue Reviews Vista in the NYT "Vista Wins on Looks. As for lacks..." Chad Harris microsoft.public.windows.vista.general 28 03-01-2007 20:46
Re: SUID Kurt Harriger microsoft.public.windows.vista.security 7 12-18-2006 11:06
Re: Vista Security Guide Review and Feedback PA Bear microsoft.public.windows.vista.security 0 12-07-2006 03:15




All times are GMT +1. The time now is 15:35.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120