X
xmp
I've been writing an Oracle client app and Kerio catches any change in
the .exe. I can remove a space character, recompile, run the program
and Kerio alerts me before allowing any connection. This is pretty
valuable in itself. The program .exe cannot be spoofed to another app
or changed without notification.
yes, a good set of comments from you. i agree with most of what you
said. firewalls do a lot of scrubbing and aren't dumb packet filters
anymore.
it checks the exe's most likely with a cryptographic or traditional
checksum. in this way it's harder for trojans to disguise themselves
and connect to the outside. better personal firewalls prevent more
advanced techniques like DLL injection.
michael