Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

XP SP2 Firewall warning

Basically it'll pass GRC's Shields up test along with any other program that scans for open ports. What I first noticed in my RC1 Preview and a bit more detail in my RC2 Preview was that applications that are run on your system will connect to the internet and THEN give you a notice that looks like this:

Click image for larger version

Name:  firewall.PNG
Views: 135
Size:  14.2 KB

This box leads me to believe that if I choose to Keep Blocking this application that it won't be able to access the internet anymore. What I'm finding out is this simply doesn't do what it leads me to believe. What this box makes me believe is it will actually prevent the application from accessing the internet. It does NOT do this. Most firewall programs allow you to set allow/disallow settings per application (or .exe) Windows Firewall will only set the allow part. By giving a box like this it leads me to believe that it will also black list applications (which it does not).

Any kind of program will be able to access the internet. These applications will be able to both upload and download files. This is something that is absolutely horrible due to what can be done with viruses, spyware or any other programs that may slip through and access the internet. Any program being executed on your system has FULL upload and download capabilities. The only thing blocked is the ability for a person to connect to your system and give the program instructions. This is easily bypassed by setting an internal timer in the application that connects to a web address and downloads something like a .txt file which contains instructions.

The last part of that opening quote states this: Windows Firewall does not drop outgoing traffic. Everything DOS based I've tried will not even show one of those boxes prompting to block or unlock it. It simply allows it. All a person will have to do is create a DOS based application that will open (whitelist) certain ports and this Firewall is completely worthless. They'll whitelist certain programs/ports only if they want the firewall to still appear to be properly functioning. Most people would simply turn the firewall off.


Written By: Martin Krohn
Date: 6-24-04
Printer Friendly

Article Index:
Page 3 -->