I think the point here is that ANY application could in principle control
your router. AFAIK there is no signing-mechanism or the like to ensure that
the app controlling your router is approved by a recognised vendor.
Thus, a Trojan could open a port for itself to send spam. Or, a commercial
program could do so for skulduggerous purposes such as monitoring your
activities or remote-controlling your computer.
The issue is at more the router, not so much in XP, in that a router which
responds to UPnP requests effectively has low security.
For that matter, who is to say that the SSDP/UPnP services are necessary in
order to control a router? With the correct coding it may be possible to send
UPnP commands to it directly, bypassing Windows' system-level services
completely. That may be possible from pre-XP versions, too.
That's right Ian. ANY application. But if you are letting ANY application run
on one of your computers, what are you doing owning a computer?
If you have some unknown application (ANY application) running on your computer,
and you don't know what it's doing, I submit to you that the LEAST of your
worries is it POSSIBLY opening a port in a UPnP enabled NAT router. You HAVE to
take control of your computers.
Which is why I continually state that depending upon application layer filtering
of outbound traffic, as Zone Alarm does, is not adequate security by itself.
You CANNOT depend upon detecting / preventing malware by logging / restricting
its actions at the perimeter (personal firewall on one computer, or NAT router
on the LAN). You have to prevent malware from operating, by using layered
security.
<
http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>
http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html
And if you depend upon manually opening and closing a port (manual port
forwarding), or semi automatically opening a port (port triggering), how is that
any better? If you're going to have an Internet server on your LAN, you have to
control your LAN. You cannot let it get to the point where having ONE unknown
application, that's UPnP capable, jeopardises your LAN.
Defend against the problem, not the symptom.