Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bug in Norton FireWall 2003

From: xenophi1e <oliver.lavery () sympatico ca>
Date: 12 Aug 2003 17:44:02 -0000
In-Reply-To: <75C025AE395F374B81F6416B1D4BDEFB0146BF63 () mtv-corpmail microfocus com>


Is there a reliable mechanism in Windows for distinguishing between real 

and

spoofed events?  I've never looked into the subject, as I avoid GUI-mode
programming like the plague (which is an apt description, in my book).

Of course, the popup window shouldn't be owned by a process running with
elevated privileges anyway.



No, their isn't even an unreliable way. 

I've talked to lots of people about this particular firewall hole that 
keeps getting rediscovered. For my money the best bet is to display the 
UI as a bitmap image which is difficult to decipher computationally. 
The 'Allow' portion of the bitmap changes position, and a click anywhere 
outside of this portion is treated as 'Reject'. Provided the bitmap is 
easy for a human to decipher, yet difficult for a machine to decipher, I 
think you would have a pretty good 'jury-rigged' solution.

Cheers,
~x
Previous By Date Next
Previous By Thread Next

Current thread: