funsec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Windows Vista Firewall: No Outbound Filtering By Default

From: "Krpata, Tyler" <tkrpata () bjs com>
Date: Wed, 26 Apr 2006 12:49:50 -0400
Perhaps the "what is this program" link should be changed to read "CLICK HERE for CHEAP VIAGRA and FREE PRAWNS" in 
order to increase the number of end users who actually click it before blindly slapping the ok/yes/allow/whatever 
button.  
 
-----Original Message-----
From: Blanchard_Michael () emc com [mailto:Blanchard_Michael () emc com] 
Sent: Wednesday, April 26, 2006 12:40 PM
To: warkda () yahoo com; funsec () linuxbox org
Subject: RE: [funsec] Windows Vista Firewall: No Outbound Filtering By Default

Oh, got an idea :-) 

  Using the signed application deal sounds good, and can be used for automatic opening perhaps.  But, for those that 
aren't signed, and the user is asked do you want to open this port?  There should be a  link on that request, that goes 
out to a Microsoft site (perhaps?) that explains what this program is/does/etc.   A  "What is this program?" link, then 
on that page there is the "open this port" button.
   Any program that pops up and doesn't have a description, the general user should be warned that it could be a virus, 
etc.
   Of course, Microsoft would have to keep that web site as up to date as possible.  This would also be a great 
resource for us to look up unknown processes :-)


   Mike B


Michael P. Blanchard
Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² 
Corporation 4400 Computer Dr. 
Westboro, MA 01580 


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of warkda rrior
Sent: Wednesday, April 26, 2006 12:09 PM
To: funsec () linuxbox org
Subject: RE: [funsec] Windows Vista Firewall: No Outbound Filtering By Default

Michael P. Blanchard wrote:


 Now if any product installed on vista would be able

to

open up their own ports, with user's permission (and perhaps user's 
password?), then Microsoft could probably ship with all ports turned 
off in/out.



This would work quite nicely for (not against!) a virus/bot/spyware, given that users tend to click OK/Yes/Allow almost 
automatically.

"The application Mydoom.Internet_helper is trying to open an Internet connection. Allow? Y|N"

Then the outgoing firewall is useless.

I wonder whether Microsoft could use signed binaries to allow known third party applications to open ports 
automatically. Something as follows: vendor X has a new version of application Y. Vendor X provides Y to Microsoft, 
together with a list of desired ports.
Microsoft signs app Y or attaches a certificate saying this app can open certain ports. Vendor X distributes certified 
app Y. Then Vista firewall could check the app binary: if MS signature/certificate present and valid, then ports are 
opened automatically. Otherwise prompt the user.


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.com 
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: