RE: Personal firewalls not so safe - huh?

[Stephen Gutknecht \(firewalls\)]

Someone want to explain to me how a "real firewall" like Checkpoint
Firewall-1 would prevent such a trojan any better than a personal firewall
package?  What is "new" about this?

This zdnet story describes a situation where a user downloads a trojan
program that is named "netscape.exe" and this fools the personal firewall
software.

So let's say I design such a trojan program.  Let's say this program
searches your hard drive for Microsoft Money or Intuit Quicken data files,
if it finds them, it does an HTTP POST to a specific web server.

How would a real firewall (Checkpoint Firewall-1) block this any better than
a "personal firewall" (ZoneAlarms)?

The point is: you install a program on your system, regardless if out if
intention or ignorance, you run a risk!  Normal policy is not to block
outbound traffic, especially if on a common port like 80 (http post).

Yes yes, the firewall admin could block the specific destination web
server.. but that would assume you knew you had a problem... and a
anti-virus program on the PC could just as easily catch the trojan in such a
case.  The point is, the story talks about the trojan programs as if it is
an unknown one (otherwise even with a personal firewall, wouldn't the virus
scanner catch the trojan)?

or am I overlooking something big here?

  Stephen Gutknecht
  Renton, Washington


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Monday, December 11, 2000 1:41 PM
To: [EMAIL PROTECTED]
Subject: Personal firewalls not so safe.


A new kind of vulnerability has been discovered, more info on the link
above.


http://www.zdnet.com/eweek/stories/general/0,11011,2663028,00.html


Rico Ferrari
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]