Firewalls

[Matt]

Hi there, hope this is the right group.

I know in a layman's sense what firewalls are and what they do, and I
know that I need one (which I do), and I know that without one I am
potentially vulnerable to hackers.

One thing has always puzzled me though. This is typical of the sort of
advice that one reads on numerous websites:

"So YES... you do need a firewall. Without a firewall, your computer
can be compromised within SECONDS after connecting to the Internet."

What I would like to know is exactly HOW does this happen? In the
absence of a firewall preventing it, is there some component of
Windows XP (or other OS's for that matter) that is just sitting there
accepting connections from any unknown internet hacker who happens to
come along and then allowing them to do whatever the hell they please?
It seems an extraordinary idea...

To put it another way, with an out-of-the-box Windows XP installation
unprotected by a firewall, what exactly CAN an unauthorised over-the-
Internet hacker accomplish?

 

[Falcon]

Matt wrote:

[...]

To put it another way, with an out-of-the-box Windows XP installation
unprotected by a firewall, what exactly CAN an unauthorised over-the-
Internet hacker accomplish?

XP should be running a firewall, Matt.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
See: Microsoft Security at
http://www.microsoft.com/Security/

 

[Matt]

XP should be running a firewall, Matt.http://www.microsoft.com/windowsxp/using/networking/security/winfirew...
See: Microsoft Security athttp://www.microsoft.com/Security/

Thanks for your reply Falcon, but I already know this. To requote my
original post, what I'm puzzled about is as follows:

"is there some component of
Windows XP (or other OS's for that matter) that is just sitting there
accepting connections from any unknown internet hacker who happens to
come along and then allowing them to do whatever the hell they
please?"

In other words, if I DON'T have a firewall, and some Internet attack
"arrives", then what component of Windows XP is it that allows this
attack to "do something" on my computer, and what might that
"something" be?

Is my question clear?

 

[Falcon]

Thanks for your reply Falcon, but I already know this. To requote my
original post, what I'm puzzled about is as follows:

"is there some component of
Windows XP (or other OS's for that matter) that is just sitting there
accepting connections from any unknown internet hacker who happens to
come along and then allowing them to do whatever the hell they
please?"

In other words, if I DON'T have a firewall, and some Internet attack
"arrives", then what component of Windows XP is it that allows this
attack to "do something" on my computer, and what might that
"something" be?

Is my question clear?

Yes, it is clear thanks. My comment was a response to what I understood was
an assumption in your question that XP wasn't protected by default.

There are 65,000 ports on a computer many of which may be susceptible to
attack from other computers on the internet. Criminal software designers
constantly look for vulnerabilities in operating systems through which they
can mount an attack via the internet. For example the MSBlast worm that
exploited the buffer overflow in Windows' DCOM RPC protocol, wasn't the sort
of email-borne pest that anti-virus software is good at catching. Instead,
it infected computers directly through their Internet connections.

Although promptly installing the latest Microsoft patches should prevent
infections of this sort, using a firewall will help prevent attackers
exploiting vulnerabilities as they discover new methods of intrusion.

 

[Falcon]

Yes, it is clear thanks. My comment was a response to what I understood
was an assumption in your question that XP wasn't protected by default.

There are 65,000 ports on a computer many of which may be susceptible to
attack from other computers on the internet. Criminal software designers
constantly look for vulnerabilities in operating systems through which
they can mount an attack via the internet. For example the MSBlast worm
that exploited the buffer overflow in Windows' DCOM RPC protocol, wasn't
the sort of email-borne pest that anti-virus software is good at
catching. Instead, it infected computers directly through their Internet
connections.
Although promptly installing the latest Microsoft patches should prevent
infections of this sort, using a firewall will help prevent attackers
exploiting vulnerabilities as they discover new methods of intrusion.

My apologies, I meant to add that this is the primary reason why many virus
and other malware attacks attempt to disable an active firewall or the
Microsoft Security Centre when they are executed on the target machine.

 

[Matt]

There are 65,000 ports on a computer many of which may be susceptible to
attack from other computers on the internet. Criminal software designers
constantly look for vulnerabilities in operating systems through which they
can mount an attack via the internet. For example the MSBlast worm that
exploited the buffer overflow in Windows' DCOM RPC protocol, wasn't the sort
of email-borne pest that anti-virus software is good at catching. Instead,
it infected computers directly through their Internet connections.

Although promptly installing the latest Microsoft patches should prevent
infections of this sort, using a firewall will help prevent attackers
exploiting vulnerabilities as they discover new methods of intrusion.

Hi Falcon,

So, are you saying that if Windows did not have any bugs or
*unintended* vulnerabilities, then an Internet hacker would not be
able to wreak any damage on an out-of-the-box Windows PC that was
unprotected by a firewall? (I'm saying "out-of-the-box" to exclude
cases where the user has deliberately taken some action to allow some
type of over-the-Internet access.)

In other words, there is no intentionally built-in Windows software
that will, by default, allow damaging unsolicited access over the
Internet?

I'm sorry to bang on about this, but I have never seen it explained
and it has always been a great puzzle to me. Your help is much
appreciated.

 

[Jose]

Hi there, hope this is the right group.

I know in a layman's sense what firewalls are and what they do, and I
know that I need one (which I do), and I know that without one I am
potentially vulnerable to hackers.


To put it another way, with an out-of-the-box Windows XP installation
unprotected by a firewall, what exactly CAN an unauthorised over-the-
Internet hacker accomplish?

XP has a built in firewall and it is adequate for most home users, but
if you feel threatened you can replace it with a third party firewall
that has more features and configuration options. It is generally not
a good idea to run more than one firewall at a time but it may be
appropriate for some environments, so if you decide to add one you
should know that you may have new some issues to resolve if they start
to compete.

Some folks just do not like the Windows firewall because it is too
relaxed and feel the need for another one. If the third party ones
are not configured with default setup without some understanding of
how firewalls work, you may have performance issues and not know why
or how to fix it, so proceed with understanding and don't just "try"
things.

Do not be intimidated by World Wide Web sites that report your system
is in danger, threatened or out of date and offer to fix it for you
for some price - or even with a free download. These things will
never analyze your system and tell you everything is fine. It is zero
$ for them.

It doesn't make sense to download third party applications (even free
ones) to fix something that should be working right in the first
place.

 

[Falcon]

Hi Falcon,

So, are you saying that if Windows did not have any bugs or
*unintended* vulnerabilities, then an Internet hacker would not be
able to wreak any damage on an out-of-the-box Windows PC that was
unprotected by a firewall? (I'm saying "out-of-the-box" to exclude
cases where the user has deliberately taken some action to allow some
type of over-the-Internet access.)

That's right, but it's worth adding that I'm not aware of any operating
system that hasn't had security vulnerabilities found and exploited, as you
can see here: http://support.apple.com/kb/HT1222

As you can see from the Apple list, it's also worth bearing in mind that
programs like Office (Microsoft and Open Office etc.), i-tunes, Adobe
products among many others are often exploited and should be patched
regularly.

In other words, there is no intentionally built-in Windows software
that will, by default, allow damaging unsolicited access over the
Internet?

I assume you mean "will, by default, 'prevent' unsolicited access"? No, not
really. Microsoft issue Windows patches on a regular basis as new
vulnerabilities are discovered, as do other OS developers. As far as I know
it simply hasn't been possible for anyone to develop an operating system
that doesn't require patching from time to time.

I'm sorry to bang on about this, but I have never seen it explained
and it has always been a great puzzle to me. Your help is much
appreciated.

No problem. The important thing is to take sensible precautions, follow the
advice of the operating system manufacturers - and don't loose too much
sleep over it. ;-)

 

[Matt]

That's right, but it's worth adding that I'm not aware of any operating
system that hasn't had security vulnerabilities found and exploited, as you
can see here:http://support.apple.com/kb/HT1222

Thanks Falcon, that's exactly what I wanted to know.

As you can see from the Apple list, it's also worth bearing in mind that
programs like Office (Microsoft and Open Office etc.), i-tunes, Adobe
products among many others are often exploited and should be patched
regularly.


I assume you mean "will, by default, 'prevent' unsolicited access"? No, not
really. Microsoft issue Windows patches on a regular basis as new
vulnerabilities are discovered, as do other OS developers. As far as I know
it simply hasn't been possible for anyone to develop an operating system
that doesn't require patching from time to time.

Actually, I did mean what I said, but my question was convolutedly
worded in the negative. Really my question was: "Is there any
intentionally built-in Windows software that will, by default, allow
damaging unsolicited access over the Internet?" But I think you have
already answered "no" to this in the first part of your reply.

Thanks again,

Matt

 

[Matt]

Yes, there is. It is always possible to subvert a piece of software if
you know where to look for its vulnerabilities.

Hi Syrya, I think you may have misunderstood me. I am asking about
features that are *intentionally* built in to Windows. I am well aware
that *unintentional* vulnerabilities may exist and may be exploited by
hackers.

 

[db]

it's simple to look at them like dam's that
separate dry land from massive amounts of
water.

--------------

rogue programs like to use ports to transfer
communications in and out of the computer.

these ports can be viewed as holes or windows
of your system.

a firewall will keep many ports or windows
closed that would otherwise be used by malware
to open.

on the other hand a firewall will then keep certain
ports opened to allow for the safe communications
to occur in and out of the computer.

so what is a "port?".

a port can be viewed as a channel or a lane(s) of a
multilane highway.

--------------

not all malware uses there own ports and can
use the regular ones.

however, this is why a firewall is just one piece
of weapon in the fight against computer attacks.

---------------

if you want to look at all your ports
to see which are in use or not,

install a freeware called SIW.

with it you can see what programs
are using what ports.

if you find any programs that should
not be running but have a port assigned
to them,

double check that program and see
if it is something you need or didn't
know you had it.

-----------------

in regards to your windows built in firewall,
set it to no exceptions to achieve maximum
protection with the class of malware that
would otherwise open ports in the back
ground.


--
db·´¯`·...¸><)))º>
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces
- @Hotmail.com
- nntp Postologist
~ "share the nirvana" - dbZen

~~~~~~~~~~~~~~~

 

[Matt]

these ports can be viewed as holes or windows
of your system.

a firewall will keep many ports or windows
closed that would otherwise be used by malware
to open.

Thanks for your reply, db. I already understand, in a conceptual way,
what ports are and what a firewall does. From all the "general advice"
that I'm getting, though still appreciated, it seems that I am
struggling to make my question clear.

My question, as I have tried to explain, is about HOW malware can take
advantage of open ports. For this to be possible, there must be some
software on my PC that accepts and actions requests sent over the
Internet. Now, this may be some piece of software that I've
deliberately set up to run to perform some task, or it may be an
unintended vulnerability (essentially a bug). However, as I now
understand it, there is no inbuilt component of Windows that, by
default (i.e. without any action in my part), *intentionally* allows a
remote agent to perform any action on my PC over the Internet. If that
is wrong then please correct me.

 

[Alister]

Hi Syrya, I think you may have misunderstood me. I am asking about
features that are *intentionally* built in to Windows. I am well aware
that *unintentional* vulnerabilities may exist and may be exploited by
hackers.

There are a number of features in XP which can be subverted but which
are intentionally included in the operating system, although not
necessarily a default install, the most obvious being the Telnet Server
and the IIS FTP server. Both of these can be used in such a fashion as
to gain access to the machine.

Alister