| View previous topic :: View next topic |
| Author |
Message |
!claire
General
Premium Member
Joined: Apr 21, 2002
Posts: 8380
|
 Posted: Sat Aug 03, 2002 9:01 am Post subject: Stealth?? |
|
|
Hi,
An intrigating test atwww.isa-llc.com
|
|
| Back to top |
|
 |
JackBenny
Sergeant
Joined: Jul 12, 2002
Posts: 140
Location: USA
|
|
| Back to top |
|
|
!claire
General
Premium Member
Joined: Apr 21, 2002
Posts: 8380
|
| Posted: Sat Aug 03, 2002 2:16 pm Post subject: PC AUDIT |
|
|
Hi Jackbenny,
Thank you for the links.BTW did you succesfully past the test?
Regards
|
|
| Back to top |
|
|
JackBenny
Sergeant
Joined: Jul 12, 2002
Posts: 140
Location: USA
|
| Posted: Sat Aug 03, 2002 2:40 pm Post subject: |
|
|
Yep, passed them all. Most rely on IE to get out, but I use an IE shell (MYIE), with no permissions allowed for IE in my firewall (OutpostPro). That defeats most. I also have a global rule that prevents any DNS resolution, except for what I allow in individual program permissions. That stops them. And last, I use System Safety Monitor, that among other things, can prevent any unauthorized programs or processes from running. That one catches all of them.
Here it is, if you want to have a look:
http://maxcomputing.narod.ru/ssme.html
|
|
| Back to top |
|
|
jmn1207
Lieutenant
Joined: Jun 07, 2002
Posts: 173
Location: USA
|
| Posted: Sat Aug 03, 2002 10:09 pm Post subject: |
|
|
Great links! Both of you.
The only problem I ever had with these outbound leak tests is that code was inevitably required to be downloaded and installed by the user. A simple file can be created if allowed to be installed that could turn some people's computers on in the middle of the night and format the entire contents of the disk, not to mention writing itself to piggy back within another trusted application to get through your firewall.
That said, I suppose the greatest threat from this type of vulnerability would be from legitimate software that would be used to spy on you, sending personal data out. A very realistic threat in my opinion.
From what I have seen with the latest versions of ZA+ and Pro, even without component control enabled, the slightest change in the application has required a renewed user acceptance for the program to access the internet. Just adding the Acrobat Reader plug-in to Opera and ZA+ will ask for permission to connect even if I had previously granted permanent permission.
This type of protection evidently can be accomplished without setting rules and limiting your browser to a handful of specific ports and types of packets.
Outbound leak tests have apparently made the firewall developers change the way their products handle this type of threat. For the most part, it appears that they have found a way to defeat this type of security breach. The warnings are there, if only you heed to them.
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
