All software firewalls can be bypassed by hackers?

Discussion in 'other firewalls' started by rOadToIS, Dec 29, 2008.

Thread Status:
Not open for further replies.
  1. rOadToIS

    rOadToIS Registered Member

    Joined:
    Dec 16, 2008
    Posts:
    168
    Is it true that all software firewalls such as ZoneAlarm, Comodo, Online Armor etc can be bypassed by hackers?
    I also heard that once hackers bypass them, they disable them.
    How can I be protected by these bypasses?
     
  2. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    im sure if a hacker REALLY wanted to, they could. but what motivation would they have to concentrate all that energy to hack 1 regular person? its very unlikely. I look at software firewall more as protection against malware and ip scans, etc. rather than hacker protection. If a motivated hacker can hack the government, then i don't think good ol comodo or something will stop them.
     
  3. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Historically it has happened, there has been some malware out there that can disable some of the more popular antivirus and software firewall brands, it has happened, I've seen it on quite a few PCs over the years.
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Bypassed from inside or outside?
    Does this "hacker" have admin rights, local access to the machine?
    Are we talking about malware installed with drivers, admin rights?

    Now, contrary to what you see in stupid movies, if you do not have any services listening on the web, the machine won't be hacked by any incoming traffic, no matter what, unless we're talking very old, outdated firewalls.

    In reality, you won't see any of the Swordish / Die Hard 4 bullshit where you merely monkey-slam the keyboard and magic happens.

    And "hackers" do not hack governments, they merely hack websites that run outdated, unpatched versions of this or that webserver.

    Reality > Hollywood

    Mrk
     
  5. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    but i love it when they monkey slam ther keyboards and the world goes into complete blackout :p but i gotta say transformers hack scenes were my fav.
     
  6. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    If i remember well, ZoneAlarm and Norton products were a breeze to disable with OptixPro, Institution2k4, etc. some years ago.
     
  7. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Yeah back in the early days of broadband, when both DSL and cable ISPs always shipped plain bridged modems, and the PCs were directly on public IP addresses, there were many worms which spread around disabling those two.

    And then of course the DCOM "Windows is shutting down in 30 seconds" errors that came bundled with the worms.
     
  8. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    Some firewalls can be configured in a way that if they're disabled, shot down or/and when not working by any other means, the network connections are automaticly closed for all traffic. Then you'd password protect its access. But don't really know if there are any possible work-around this feature floating in the dark wild...
     
  9. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    I was referring to trojans. People were also installing remote admin tools (radmin, etc.) without passwords.... That's what we call facilitating the process!
     
    Last edited: Dec 29, 2008
  10. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    293
    LoL! So true.... :D
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    From the outside, it's not going to happen unless the user has already allowed some type of inbound access. This isn't bypassing the firewall. It's an example of the user letting an intruder in. Even then, it's not going to happen unless the app that's listening for inbound is vulnerable and the user hasn't taken any other steps to secure that PC.
     
  12. wat0114

    wat0114 Guest

    Mrk, you say it best :thumb: Not only that, but with self-protection in some of these firewalls and with even a semi-competent user behind the keyboard, it is a tall order to say the least.
     
  13. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    With no internal access to the machine and no vulnerability involved?
    Science Fiction... :D

    Cheers,
    Fax
    EDIT: Spelling:ouch:
     
    Last edited: Dec 29, 2008
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i read a sthealth trojan horse can easilly bypass firewalls but thats when your antimalware comes to rescue:thumb:
     
  15. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I have seen it happen..quite a few times, ZERO end user interaction required. See prior post.
     
  16. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Old, what you says used to be true 7-8 years ago when dialup (modem) was popular. Today, this is no longer the case.
    Mrk
     
  17. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Malware executed from within can disable or bypass a firewall. That's an example of a compromised system disabling the firewall, not malware bypassing the firewall and compromising the system.

    Worms that use open ports to gain access are taking advantage of poor configuration. The bypass is already there because the user never closed it. "ZERO end user interaction required" because the user didn't take the proper actions in the first place when they installed that firewall.
     
  18. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Even with open ports and no vulnerability on the listening port makes the bypass simply not possible...

    Fax
     
  19. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    But many people in IT support have to deal with that. Not all PCs out there are controlled by my well oiled network management, WSUS, behind UTM, etc. There are many end users, often from home, that we have to deal with. I can jump up and down and crap little NAT routers down their throat until they expload, I can beat them silly with my aluminum software bat about maintaining their Windows updates every single day, if not at least weekly. But it doesn't always happen...they aren't always good little soldiers.

    I've seen, in the past, within a few days of a major outbreak....waves of dozens and dozens of PCs come into the service bench, because they'd been hit by these things. Some worms, when they came out, spread faster than people could take the time to do their Windows updates.

    That's one of the beauties of being behind a NAT router though. Don't have to worry about most of those free spreading ones. ;)

    I don't deal with average home PC users anymore...mainly because of all the headaches stemming from this stuff. But I still deal wiht employees of business clients that I take care of..and that can spill over into home PCs...because they remote access their PCs at the office.
     
  20. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Ad absurdum: if there is not any way to bypass a well setted up fw software, why tou use an hardware firewall ?
     
  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    No No Mrkvonic, don't start telling the truth please :doubt: :doubt:

    DO NOT BLOW THE SWORDFISH MYTH, I BEG YOU :oops: :oops:
     
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Because the network stack is executed before the process stack, a Software Firewall (operating at process level) can be intruded/bypassed in theory.
     
  23. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    It's the thing I meant to say: there is an " hardware " level that can't be defended from a software firewall. Therefore the answer to the post question is: YES.
     
  24. Miyasashi

    Miyasashi Registered Member

    Joined:
    Dec 10, 2008
    Posts:
    62
    If a door can be closed a door can be opened.
     
  25. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Miyasashi, that's a completely wrong analogy...
    Mrk
     
Loading...
Thread Status:
Not open for further replies.