Skype Messenger is Bypassing Windows Firewall-Firewall doesn't det

[Guest]

Skype is bypassing the Fireall and automatically adding itself to exception
list. Even if you remove it from exception or block, the skype automatic ally
adds itself.

Is it a security hole?

Also, skype is able to start during startup even after denying access.

Another security hole.

 

[Carey Frisch [MVP]]

"Skype" is not a Microsoft product.

Submit a Support Request to Skype
http://support.skype.com/?_a=tickets&_m=submit

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

:

| Skype is bypassing the Fireall and automatically adding itself to exception
| list. Even if you remove it from exception or block, the skype automatic ally
| adds itself.
|
| Is it a security hole?
|
| Also, skype is able to start during startup even after denying access.
|
| Another security hole.

 

[Rick \Nutcase\ Rogers]

Hi,

Part of why it has to be installed with Admin privileges. This isn't a
security hole, it's part of how the software works. If you don't like how it
works, uninstall it and don't use it.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[kurttrail]

Hi,

Part of why it has to be installed with Admin privileges. This isn't a
security hole, it's part of how the software works. If you don't like
how it works, uninstall it and don't use it.

While you may not consider a program being allowed to write it's own
breech through the firewall a security hole, I sure as hell would not
use a firewall that allowed it. With all the morons allowing spyware to
be installed on their computer, it seeks ridiculous to have a firewall
that allows that kind of behavior of a program writing its own ticket
through the firewall, without any warning to the End User.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[Alan Smith]

Skype is bypassing the Fireall and automatically adding itself to
exception
list. Even if you remove it from exception or block, the skype automatic
ally
adds itself.

Is it a security hole?

Also, skype is able to start during startup even after denying access.

Another security hole.

No. And you installed Skype- you are the cause of your perceived security
breach, not the program.It didn't install itself.

 

[Rick \Nutcase\ Rogers]

Hey kurt,

Haven't read the Skype EULA, but I'd bet it's in there someplace. Fact is,
for the software to work it has to open a port of some sort. I'm unfamiliar
with any software install routine that specifically states which ones it
opens, only that it will establish some paths. It, like many other programs,
installs with admin privileges so that it can establish these and operate
according to how the user expects it to.

Not saying I like it, or that it's good or bad, just that it is what it is,
and it's not alone.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[kurttrail]

Hey kurt,

Haven't read the Skype EULA, but I'd bet it's in there someplace.
Fact is, for the software to work it has to open a port of some sort.
I'm unfamiliar with any software install routine that specifically
states which ones it opens, only that it will establish some paths.
It, like many other programs, installs with admin privileges so that
it can establish these and operate according to how the user expects
it to.
Not saying I like it, or that it's good or bad, just that it is what
it is, and it's not alone.

You aren't quite understanding what I see as the problem. My software
firewall would warn me that a program is trying to access the interent
and ask me if I would want to allow it to happen. This has NOTHING to
do with a EULA, but with allowing a program opening a hole thru the
firewall without the firewall saying boo about it.

If Skype can open a two-way inbound/outbound hole through the firewall,
then ANY virus or spyware program can do it too.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[kurttrail]

No. And you installed Skype- you are the cause of your perceived
security breach, not the program.It didn't install itself.

No, but the firewall didn't warn that a hole was opened up in both
directions through it either. What good is a firewall that doesn't warn
a user that a hole has been created through it?

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[Rick \Nutcase\ Rogers]

Hi,

If Skype can open a two-way inbound/outbound hole through the firewall,
then ANY virus or spyware program can do it too.

I gotcha. That's why it installs with admin privileges, so that it can open
them unimpeded. Any virus can do this too. This is one scenario where a
third party firewall has an advantage over the native one.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[NoStop]

Skype is bypassing the Fireall and automatically adding itself to
exception list. Even if you remove it from exception or block, the skype
automatic ally adds itself.

Is it a security hole?

Also, skype is able to start during startup even after denying access.

Another security hole.

Skype uses Port 80 to communicate with the outside world, as does Windows
Media Services. I don't believe that Windoze firewall will block this port.

 

[Richard Urban]

Kurt,

I use Skype, along with ZoneAlarm. ZA catches it every time and I have to
give it permission.

I don't know what firewall it "writes" it's own permission for, unless it is
the Windows Firewall that has no control over outbound connections.

--
Regards,

Richard Urban

If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Guest]

Hi Rick,
This doesn't hapen with other Applications. Even those are installed with
the same admin privilege but caught by Windows firewall while trying to run.

Skype messenger tryes to run by adding itself diretcly to the exception list
should never happen if Windows tightens the Security.

I guess this is a Security hole in XP or a Violation in Skype.

 

[kurttrail]

Kurt,

I use Skype, along with ZoneAlarm. ZA catches it every time and I
have to give it permission.

I don't know what firewall it "writes" it's own permission for,
unless it is the Windows Firewall that has no control over outbound
connections.

Yes, I thought it was quite clear that we were talking about the Windows
Firewall, and this more than just an outboand connection. This program
opens up a two way hole through the firewall, without warning or asking
permission. It is creating a firewall rule, not just allowing all
outbound connections.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[Guest]

Hi Alan,
The same thing may happen unknowingly to some user. Shouldn't the XP's
Firewall warn him or prevent Application(s) that breaches security.

In't it the job of OS to prevent? Or the user should prevent it. More than
60% of user wouldn't know a security breach unless if he is a Techie.

 

[Bruce Chambers]

Yes, I thought it was quite clear that we were talking about the Windows
Firewall, and this more than just an outboand connection. This program
opens up a two way hole through the firewall, without warning or asking
permission. It is creating a firewall rule, not just allowing all
outbound connections.

This has *always* been the main weakness of WinXP's built-in firewall:
It doesn't monitor or impede out-bound traffic at all, and it passes
in-bound responses to that traffic without a quibble. It's based upon
the rather silly premise that the average computer user knows what he's
doing when he installs an application.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Torgeir Bakken \(MVP\)]

This has *always* been the main weakness of WinXP's
built-in firewall: It doesn't monitor or impede out-bound
traffic at all, and it passes in-bound responses to that
traffic without a quibble. It's based upon the rather silly
premise that the average computer user knows what he's doing
when he installs an application.

Hi,

If you read the article by Christian Huitema [MSFT] in the link below,
it looks that it's more based on the premise that the average computer
user do /not/ knows what he's doing when he installs an application.

The Windows XP/SP2 Firewall
http://www.huitema.net/sp2-firewall.asp

 

[Torgeir Bakken \(MVP\)]

Hi Rick,
This doesn't hapen with other Applications. Even those are
installed with the same admin privilege but caught by Windows
firewall while trying to run.

Skype messenger tryes to run by adding itself diretcly to the
exception list should never happen if Windows tightens the
Security.

I guess this is a Security hole in XP or a Violation in Skype.

Hi,

Actually, it is by design and not a security hole. Microsoft decided
that an application that already was running on your computer was
allowed to add itself to the FW exception list without the FW warning
you about it. But Microsoft recommends that the developer adds code
that asks the user for permission before doing it (and Skype have
obviously not followed that recommendation).

See this article by Christian Huitema [MSFT] for more on the reasoning
behind this decision:

The Windows XP/SP2 Firewall
http://www.huitema.net/sp2-firewall.asp

 

[kurttrail]

This has *always* been the main weakness of WinXP's
built-in firewall: It doesn't monitor or impede out-bound
traffic at all, and it passes in-bound responses to that
traffic without a quibble. It's based upon the rather silly
premise that the average computer user knows what he's doing
when he installs an application.

Hi,

If you read the article by Christian Huitema [MSFT] in the link below,
it looks that it's more based on the premise that the average computer
user do /not/ knows what he's doing when he installs an application.

The Windows XP/SP2 Firewall
http://www.huitema.net/sp2-firewall.asp

Ease of Use vs. Security. There same old aurgument, and the same old
Microsoft. Security is not job one.

I don't buy the argument given in the article, especially when you
consider that MS expects its end users to know and deal with all the
policies of PA, but a firewall, that the end user shouldn't have to deal
with!

When it comes to securing the OS from its paying customers, pile on the
BS, when it comes to securing the OS FOR its paying customers, make sure
that its easy to use!

Sorry Torgeir, don't mean to pile this on you, I'm just cannot believe
that argument for one second.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[cquirke (MVP Windows shell/user)]

Rick "Nutcase" Rogers wrote:

While you may not consider a program being allowed to write it's own
breech through the firewall a security hole, I sure as hell would not
use a firewall that allowed it.

Yup. What you're seeing here is that NT was (and still is) written to
be remotely administered, as appropriate for corporate use. There's
typically more that can be done by software than from the keyboard,
and most everything can be done remotely, too.

As a consumer, you'd rather have a system under full control from the
keyboard, with limits to what software can do, and absolutely nothing
to be possible from anywhere "out there" - but, etc.

--------------- ----- ---- --- -- - - -

Never turn your back on an installer program

 

[cquirke (MVP Windows shell/user)]

kurttrail wrote:

This has *always* been the main weakness of WinXP's built-in firewall:
It doesn't monitor or impede out-bound traffic at all... It's based upon
the rather silly premise that the average computer user knows what he's
doing when he installs an application.

Let's look at the silliness of that premise:
- that it's the user who is initiating the install
- that what the user thinks he's doing, is what's happening

You can create a file called "THIS IS A VIRUS.EXE" and sure enough,
some users will run it. This has been PoC'd.

You can also write malware, even commercial malware, that the system
auto-installs without prompting at all. This too has been PoC'd.

Between these extremes, as well as piled up at both ends of the
spectrum, is a lot of stuff. Sometimes this stuff exploits genuine
mistakes in how the system is coded, such as CoolWebSearch vs. Java,
Lovesan vs. RPC, Sasser vs. LSASS, the latest bots vs. ANS.1

Sometimes this stuff exploits bad software design at the code detail
level, such as raw code within .PIF, MIME-spoofed attachments
exploiting IE's failure to sanity-check this, or Word macros within
file types that should not contain them, such as .RTF

Other times, this stuff simply uses the system as it was designed to
be used. For example, web trash can put up a free-standing dialog
that looks exactly like a "system" dialog box, and which runs the code
as if you pressed OK when you click the top right-hand [X] or the
Cancel button - all without having to "exploit" anything at all.

--------------- ----- ---- --- -- - - -

Never turn your back on an installer program