Problems with Firewall Software

Internet News has a story about popular firewall software — including the package I use, Norton Personal Firewall — failing to stop outbound traffic that would be generated from something like a trojan or a virus.

The key for the Norton package is automatic rule-based outbound permission schemes. Basically if you foolishly choose the wrong option, Norton just assumes that if a program identifies itself as Internet Explorer, that it really is Internet Explorer and simply lets the outbound connection go through. Not a good idea.

As Steve Gibson, who wrote a utility called LeakTest to test the ability of various firewall programs to stop these sorts of trojans, says, “This idea of allowing all these apps pre-approval is ludicrous. It’s trivial to get permission out of the firewall without notifying the user.”

Norton replies that if you’re running a virus checker and the firewall the risk is minimal — but they’re going to update their software anyway. Gibson endorses ZoneAlarm which uses cryptographic signatures of pre-approved applications to make sure it’s really IE rather than a trojan or virus trying to make an outbound communication.

And yes, I’ve found these sort of things on my system, though how they got there I haven’t a clue, so the risk is real.

Post Revisions:

There are no revisions for this post.

Leave a Reply