Vulnerability Development mailing list archives
RE: Bug in Norton FireWall 2003
From: Michael Wojcik <Michael.Wojcik () microfocus com>
Date: Mon, 11 Aug 2003 15:38:33 -0700
From: nowak.a () pg com [mailto:nowak.a () pg com] Sent: Monday, August 11, 2003 5:15 PMI suppose a simple defense for "personal firewall" vendors against this sort of thing would be to use hard-to-guess window titles for their popups...This simple defense may not be enough, as there are ways to find out the names of all "child" windows belonging to specific process.
Agreed. "simple" wasn't really the adjective I wanted; something more like "preliminary" or "first-cut" was what I meant. Another possibility would be to require that the window be visible when the event is received, and have been visible for some minimum time (even on the order of a few seconds), which would allow an alert user to see the trojan in action, anyway. Some firewall products of this type allow a "reject without prompting" configuration, which is safer, albeit potentially frustrating. (I'm familiar with the Symantec products, and getting log information out of them is not a pleasant process. Their UIs in general are not well-designed.) Is there a reliable mechanism in Windows for distinguishing between real and spoofed events? I've never looked into the subject, as I avoid GUI-mode programming like the plague (which is an apt description, in my book). Of course, the popup window shouldn't be owned by a process running with elevated privileges anyway. -- Michael Wojcik Principal Software Systems Developer, Micro Focus
Current thread:
- Bug in Norton FireWall 2003 Boy Bear (Aug 11)
- <Possible follow-ups>
- RE: Bug in Norton FireWall 2003 Michael Wojcik (Aug 11)
- Re: Bug in Norton FireWall 2003 pr00f (Aug 12)
- RE: Bug in Norton FireWall 2003 nowak . a (Aug 11)
- RE: Bug in Norton FireWall 2003 Michael Wojcik (Aug 11)
- RE: Bug in Norton FireWall 2003 Kayne Ian (Softlab) (Aug 12)
- Re: Bug in Norton FireWall 2003 xenophi1e (Aug 12)
- Re: Bug in Norton FireWall 2003 Boy Bear (Aug 19)