Windows Firewall Can Be Disabled

[Thaising]

Hackers have published code that could let an attacker disable the Windows Firewall on certain Windows XP machines.

The code, which was posted on the Internet early Oct, 29, could be used to disable the Windows Firewall on a fully patched Windows XP PC that was running Windows' Internet Connection Service (ICS). This service allows Windows users to essentially turn their PC into a router and share their Internet connection with other computers on the local area network (LAN.) It is typically used by home and small-business users.

The attacker could send a malicious data packet to another PC using ICS that would cause the service to terminate. Because this service is connected to the Windows Firewall, this packet would also cause the firewall to stop working, said Tyler Reguly, a research engineer at nCircle Network Security, who has blogged about the issue.

"Once the firewall is down, where's your line of defense?" he said today in an interview.

Is An Attack Likely?

By knocking off the Windows Firewall, a criminal could open the door to new types of attacks, but there are a number of factors that make such an attack scenario unlikely, Reguly said.

For example, the attacker would have to be within the LAN in order to make the attack work, and, of course, it would only work on systems using ICS, which is disabled by default. Furthermore, the attack would have no effect on any third-party firewall being used by the PC, Reguly said.

Users can avoid the attack by disabling ICS, Reguly said. But this will also kill the shared Internet connection.

A Solution

An easier solution, may be for ICS users to simply move their networks onto a router or NAT (Network Address Translation) device, said Stefano Zanero, chief technology officer with Secure Network SRL. "They are so cheap right now, and in many cases they offer better protection and a easier administration of your LAN," he said via instant message.

Windows XP appears to be the only platform affected by this attack, which has not been successfully reproduced on Windows Server 2003, Reguly said.

Microsoft's initial investigation into the matter "has concluded that the issue only impacts users of Windows XP," the company's public relations agency said Monday in a statement. "Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time."

NO ENDING PROBLEMS FROM M$$$

[lingling]

source?

[Thaising]

source?

Robert McMillan, IDG News Service

Monday, October 30, 2006 04:00 PM PST

[crockett]

I believe many people disable MS Firewall anyway because they use other products.

Thus, it should not be a big issue.

[astral]

MS firewall is disabled on my machine as I run Zone Alarm which is a much more complete firewall offering inbound and outbound protection.

[waldwolf]

Virus's, Trojans and Rootkits, which allow a "hacker" to compromise a firewall and/or other security software, have been around for sometime.

IMHO any firewall (software or hardware) which only gives you one-way protection is basically useless. WindowsXP's built-in firewall falls into that category, as it is only designed to protect you against incoming threats, NOT outgoing. A router offers somewhat better protection due to its design, but again, it only offers protection against incoming threats, not outgoing.

As does astral, I prefer a two-way firewall like ZoneAlarm (which was originally conceived and developed by Steve Gibson of GRC) which keeps an encrypted image of the programs you have approved for access to the internet, and each time that program is used, checks it against the encrypted image to insure no changes have been made, before allowing it to enter the hostile outside world.

Unfortunately, most computer/internet users are unaware of many such threats and if they are aware, do not know how to properly protect themselves. I belief software developers have an moral and legal obligation to provide software that is as "hack proof" as humanly possible, however, should a security problem arise, fix that problem immediately. Unfortunately, many companies are rather indifferent on this subject. Again, IMHO, Microsoft's policy of only releasing critical "fixes" once a month, is inadequate.

waldwolf

[astral]

An outboud firewall also allows you to prevent programmes giving away all your secrets without your permission.

You will be surprised how many apparently innocent programmes are "reporting back to base" on what your are doing on your computer.

Windows Media player and Real Player are two that come immediately to mind.

A firewall, like ZoneAlarm allows you to control and preent such activity.

[Firefoxx]

The important phrase here is:

"For example, the attacker would have to be within the LAN in order to make the attack work,"

If you've got a malicious hacker actually *ON* your network, the disabling of the windows firewall is the *LEAST* of your problems. (And if you're sharing your wireless network without at last WEP, then....)

IMHO, the windows firewall is sufficient, as long as you aren't terminally stupid with the way you use your computer. IMHO.