Re: Re: Personal Firewalls Spring Security Leaks - Update

[InfoSec News <isn () c4i org>]

Forwarded from: Mike Fratto <mfratto () nwc com>

> > Techniques for defeating the outbound data filters in popular personal
> > firewalls such as Zone Alarm and Norton Personal Firewall have been
> > independently posted on the Web by several researchers.
>
> This, however, is complete and utter bullshit.
>
> You can _never_ restrict outgoing traffic in a meaningful way, i.e.
> you can never lock a box down in a way so that an evil attacker could
> not leak supposedly secret information out, except if you don't allow
> any data to flow out at all.

Define "meaningful".  :)

You can raise the difficulty of getting a trojan to work properly on
desktop with a firewall by specifying path constraints, but once your
desktop is compromised then it's game over.

More to the point, no system is totally secure nor can any system be
made to be totally secure. The best you can hope for is to make the
attack so difficult that the cost of success is higher than the value
of the goods sought.

> Instead of explaining to the illiterate users of this snake oil
> software the risks they are exposing themselves to, this article dumbs
> them down even more.  It is very sad that this drivel is published at
> all, and then forwarded to a respected mailing list as this, but it is
> even sadder that apparently noone except me considers this
> nauseatingly stupid, bordering on criminal.

Please, let's not insult people more. The firewall vendors are selling
these personal firewalls as security devices and part of the
marketing, the differentiators, is that personal firewalls provide
access control to network connections are more secure than firewalls
that simply filter traffic. The public is being sold a half truth and
shouldn't they be made aware of it? No system is totally secure, but
knowing both the features and limitations of a security product lets
you implement the proper controls while making you aware of the
limitations of the products you are using. A personal firewall that
restricts network connections to applications is more difficult to
defeat than one that doesn't. Apply a desktop virus scanner and keep
the signatures updated it gets harder still. Install applications as
administrator but run them at "User" level and it gets more difficult
to defeat. Yes, there are ways to defeat the security controls, but
the cost (difficulty) is higher.

Show me any useful system that can not be defeated and I will eat my hat.

mike



___________________

Mike Fratto
Senior Technology Editor
Network Computing
001 Machinery Hall
Syracuse University
Syracuse, NY  13244
___________________



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.