Trojans Bypassing Firewalls
Using a permission-based firewall isn't that much different from being a good parent. If your son or daughter wants to go out, you expect they will ask permission and tell you where they are going. Most of us don't, for example, tell our child that it's okay to go outside without notice so long as they are 'just going to Sally's house'. Even if Sally lives right next door, you always want to know in advance. I know I do. And I expect the same from my firewall.
I use ZoneAlarm, which asks during setup if it should manage permissions automatically. Opting in for that automatically grants access to certain operating system services and standard programs such as Internet Explorer, Outlook Express, and other Internet-related apps - including BITS. The moment you opt-in to allowing your firewall to make the decisions for you, that's the moment you've defeated the whole purpose of having a permission-based firewall.
My strategy is 'trust nothing'. I don't grant any carte blanche rights to any application. If it needs to access the Internet, it has to ask me first. That way, I minimize the chance of some miscreant app (i.e. malware) sneaking out by piggy-backing on something I've already allowed. To minimize alerts, I disable services I don't need (The Elder Geek has a great walkthrough for this) and I tend not to allow programs to update automatically. (On the flip side, I am fastidious about manually updating to ensure I'm protected against the latest vulnerabilities - visiting Microsoft Update once a month and checking my system with Secunia Security Advisor every couple of weeks.
Security is never a passive endeavor. And it's never guaranteed. But going the extra mile to monitor, evaluate, and make decisions on a case-by-case basis pays off - with both parenting and computers.
No comments yet. Leave a Comment