All software firewalls can be bypassed by hackers?

Is it true that all software firewalls such as ZoneAlarm, Comodo, Online Armor etc can be bypassed by hackers?
I also heard that once hackers bypass them, they disable them.
How can I be protected by these bypasses?

 

im sure if a hacker REALLY wanted to, they could. but what motivation would they have to concentrate all that energy to hack 1 regular person? its very unlikely. I look at software firewall more as protection against malware and ip scans, etc. rather than hacker protection. If a motivated hacker can hack the government, then i don't think good ol comodo or something will stop them.

 

Historically it has happened, there has been some malware out there that can disable some of the more popular antivirus and software firewall brands, it has happened, I've seen it on quite a few PCs over the years.

 

Bypassed from inside or outside?
Does this "hacker" have admin rights, local access to the machine?
Are we talking about malware installed with drivers, admin rights?

Now, contrary to what you see in stupid movies, if you do not have any services listening on the web, the machine won't be hacked by any incoming traffic, no matter what, unless we're talking very old, outdated firewalls.

In reality, you won't see any of the Swordish / Die Hard 4 bullshit where you merely monkey-slam the keyboard and magic happens.

And "hackers" do not hack governments, they merely hack websites that run outdated, unpatched versions of this or that webserver.

Reality > Hollywood

Mrk

 

but i love it when they monkey slam ther keyboards and the world goes into complete blackout but i gotta say transformers hack scenes were my fav.

 

If i remember well, ZoneAlarm and Norton products were a breeze to disable with OptixPro, Institution2k4, etc. some years ago.

 

Yeah back in the early days of broadband, when both DSL and cable ISPs always shipped plain bridged modems, and the PCs were directly on public IP addresses, there were many worms which spread around disabling those two.

And then of course the DCOM "Windows is shutting down in 30 seconds" errors that came bundled with the worms.

 

Some firewalls can be configured in a way that if they're disabled, shot down or/and when not working by any other means, the network connections are automaticly closed for all traffic. Then you'd password protect its access. But don't really know if there are any possible work-around this feature floating in the dark wild...

 

I was referring to trojans. People were also installing remote admin tools (radmin, etc.) without passwords.... That's what we call facilitating the process!

 

LoL! So true....

 

From the outside, it's not going to happen unless the user has already allowed some type of inbound access. This isn't bypassing the firewall. It's an example of the user letting an intruder in. Even then, it's not going to happen unless the app that's listening for inbound is vulnerable and the user hasn't taken any other steps to secure that PC.

 

Mrk, you say it best Not only that, but with self-protection in some of these firewalls and with even a semi-competent user behind the keyboard, it is a tall order to say the least.

 

With no internal access to the machine and no vulnerability involved?
Science Fiction...

Cheers,
Fax
EDIT: Spelling

 

i read a sthealth trojan horse can easilly bypass firewalls but thats when your antimalware comes to rescue

 

I have seen it happen..quite a few times, ZERO end user interaction required. See prior post.

 

Old, what you says used to be true 7-8 years ago when dialup (modem) was popular. Today, this is no longer the case.
Mrk

 

Malware executed from within can disable or bypass a firewall. That's an example of a compromised system disabling the firewall, not malware bypassing the firewall and compromising the system.

Worms that use open ports to gain access are taking advantage of poor configuration. The bypass is already there because the user never closed it. "ZERO end user interaction required" because the user didn't take the proper actions in the first place when they installed that firewall.

 

Even with open ports and no vulnerability on the listening port makes the bypass simply not possible...

Fax

 

But many people in IT support have to deal with that. Not all PCs out there are controlled by my well oiled network management, WSUS, behind UTM, etc. There are many end users, often from home, that we have to deal with. I can jump up and down and crap little NAT routers down their throat until they expload, I can beat them silly with my aluminum software bat about maintaining their Windows updates every single day, if not at least weekly. But it doesn't always happen...they aren't always good little soldiers.

I've seen, in the past, within a few days of a major outbreak....waves of dozens and dozens of PCs come into the service bench, because they'd been hit by these things. Some worms, when they came out, spread faster than people could take the time to do their Windows updates.

That's one of the beauties of being behind a NAT router though. Don't have to worry about most of those free spreading ones.

I don't deal with average home PC users anymore...mainly because of all the headaches stemming from this stuff. But I still deal wiht employees of business clients that I take care of..and that can spill over into home PCs...because they remote access their PCs at the office.

 

Ad absurdum: if there is not any way to bypass a well setted up fw software, why tou use an hardware firewall ?

 

No No Mrkvonic, don't start telling the truth please

DO NOT BLOW THE SWORDFISH MYTH, I BEG YOU

 

Because the network stack is executed before the process stack, a Software Firewall (operating at process level) can be intruded/bypassed in theory.

 

It's the thing I meant to say: there is an " hardware " level that can't be defended from a software firewall. Therefore the answer to the post question is: YES.

 

If a door can be closed a door can be opened.

 

Miyasashi, that's a completely wrong analogy...
Mrk