OT: Personal Firewall "Snake Oil" .... why so many are misinformed
Monday, September 17, 2012, 07:00 PM
Posted by Administrator
Yes, software vendors of security suites are really smart.
They give you always advice to have the latest anti virus solution, and, last but not least, they suggest to use personal firewalls as one part of their complete suite as well.
Unfortunately (software) personal firewalls permit always access for some "trusted" applications like your own browser. Very often they do not check if the browser is using original DLLs and of course they can't check if the permitted applications are remotely controlled by another application.
So if a malware opens a browser in a invisible/hidden window, this malware can send commands (messages) to this opened (program) window with ease.
Such a malware can send data via that hidden browser window, e.g. with a special formed URL or with the help of a html (input) form on a well prepared server.
The personal firewall will not be able to forbid this.
Even Microsoft itself describes that weakness:
http://support.microsoft.com/default.as ... -us;327618 ...
Ok, you ask me how a malware can do this, because you didn't download (yet) unknown executables ? Very easy. Just look for zero day exploits, preferrable also for your browser, like the newly discovered exploit here -
http://eromang.zataz.com/2012/09/16/zer ... -over-yet/ ... works easily by using flash (I hate flash meanwhile, this ugly plugin isn't necessary anymore since HTML 5 was implemented).
Hint: Using Firefox with "noscript" plugin would prevent getting such flash (look for "moh2010.swf") malware. Also, most of my 5 year old advices are still valid, see
http://www.z80.eu/protected.html for more infos.