RE: Skype bypasses Windows XP Firewall

["Roger A. Grimes" <roger () banneretcs com>]

Any time you execute any executable, it can modify any program or OS's
behavior. This is not limited to Windows, it can occur with any OS where
the user is logged in as admin or root. Microsoft has even published an
API which can be used by software developers to modify the Windows
Firewall behavior.

It goes back to the #1 security mantra, if you run an executable on your
computer it can do anything it wants.

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Computer Security
Consultant 
*CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by
O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****

 

-----Original Message-----
From: David Low [mailto:david.low () imcorporation com] 
Sent: Thursday, June 16, 2005 9:04 PM
To: security-basics () securityfocus com
Subject: RE: Skype bypasses Windows XP Firewall

Dear All,

I'm wondering does anyone have clue regarding Skype (A free internet
VOIP thingy : http://www.skype.com) which bypasses Windows XP SP2
firewall. 

It just automatically adds itself to the exception list without user
intervention.

But if u were to use ZoneAlarm, the ZA is still able to detect and block
connection. 

It there something lagging in the Windows Firewall or is it the program
which can bypass it.

If you require further assistance or would like more details, please do
not hesitate to contact us.
 
Regards,
 
David Low
System / Network Engineer
 
I'M Technologies Ltd
51 Changi Business Park Central 2
# 09-13 The Signature
Singapore 486066 

DID: (65) 6780 0815
Fax: (65) 6789 3980
www.imcorporation.com 

                                             ====================
IMPORTANT NOTICE ====================
(1)  This email and all attachments transmitted with it are intended
solely for the use of the recipients named above.  The information
contained herein may be confidential, privileged or protected from
disclosure by applicable laws.  If you have received this transmission
by mistake, please notify the author of this email immediately and
delete this email and all attachments from your system.  Unauthorized
copying, dissemination or use of any of the
contents of this transmission is strictly prohibited.  (2)   The views
and
opinions expressed in this email are the author's own and do not
necessarily represent that of I'M Technologies Ltd, its subsidiaries,
representative and branch office or any of its affiliated companies.