True. That why further down in the post I talk about using the Mozilla browser, anti-virus, IDS and spyware apps. Nothing is 100%, but getting into the 90% range helps me sleep better at night.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nicob Sent: Friday, January 16, 2004 7:03 AM To: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause On Fri, 2004-01-16 at 05:44, James Patterson Wicks wrote: > Your NAT router works at Layer 3. You still need a personal firewall or > proxy system that looks at as many layers as possible. You need > something like Sygate Personal Firewall that alerts you when an > application or process that you have not approved tries to go OUT to the > Internet from your PC. Even with a personal firewall, a trojan could go out to the Internet without your knowledge, using different tactics : - exploiting a bug (in filtering) of the personal firewall used (like not monitoring UDP 53 outbound) - exploiting a bug (like a buffer overflow) of the personal firewall used and using these new privs to modify the setup and allowing itself - bypassing the personal firewall by using authorized applications (like Internet Explorer via the OLE controls) - bypassing the personal firewall by injecting your own code in authorized applications (à la CreateRemoteThread) - bypassing the personal firewall by injecting your network data under the hook in the TCP/IP stack - ... -- Nicob <[EMAIL PROTECTED]> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to [EMAIL PROTECTED] and destroy all electronic and paper copies of this e-mail. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
