BHO firewall, is it possible?

Discussion in 'other firewalls' started by Rasheed187, Aug 19, 2007.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Hi,

    Couldn´t really find a thread so I started a new one, but why isn´t it possible for firewalls to control BHO´s? I mean, I do know it´s because firewalls see them as part of the browser, but isn´t there a way to control them separately? Because basically, a BHO can do pretty much anything it likes not? :rolleyes:
     
    Last edited: Aug 19, 2007
  2. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hello Rasheed.

    A firewall does packet filtering, that's all. Controlling BHOs, as they are basically DLLs, is a job for HIPS. There are some firewalls with integrated HIPS ('component monitor' i.e.) which are able to control loaded DLLs on allow/deny principle. As the DLL has to use some process to do damage, I suppose allow/deny is sufficient.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    OK, so with component monitoring you should be able to control them? And is there any legit reason why BHO´s should make any outbound connections, probably not right? At the moment I´m using PopUpCop and IE7Pro, and I just started wondering about this stuff, guess I´m becoming a bit paranoid again. :)

    But I do know that spyware often install themselves as BHO´s, because they can then do just about anything they like, and your firewall will most likeley not notify you about any suspicious outbound connections. So you have to be damn sure if you trust a BHO or not, and even then it´s hard to figure out if they are behaving themselves. :shifty:
     
    Last edited: Aug 19, 2007
  4. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Yahoo Toolbar (example) is a BHO. If you do a search from it, I suppose you will want it to do outbound through your browser's process.

    A HIPS should warn you that DLL is about to be loaded. As I said, BHO cannot make network connections on its own, it has to use some process. So yes, it is up to you to decide whether you trust the loaded DLL or not :) As with any HIPS, user intervention is required. No matter how good a firewall (HIPS) is doing in leak-tests (among other things, they test DLL loading as well) it is up to user to decide if the process/dll is to be allowed or not. A firewall/HIPS is there just to prompt you.
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Don't some programs like SpywareBlaster monitor BHO installs and watch for nasty things?
     
Loading...
Thread Status:
Not open for further replies.