Firewalls with hash checking

Discussion in 'other firewalls' started by n8chavez, Jan 10, 2020.

  1. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,646
    Location:
    Location Unknown
    Are there any firewalls that are bound by hash checking that would prevent an application from simply taking the location and name of another and thus getting their permissions? If that even something to be concerned about, or am I just being needlessly paranoid?
     
  2. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,613
    Wasn't that about the issue why Steve Gibson released his first LeakTest back in 2001 ?
    Name and path are not enough.
    There was a reason why file-integrity-checker NISFileCheck was made back at those years (no, it is not available anymore, but I do have it).
    Anyways, things have so much changed ...
     
    Last edited: Jan 10, 2020
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,378
    Location:
    Among the gum trees
    VoodooShield isn't a firewall but now that WhiteListCloud is incorporated it creates block rules in Windows Firewall for files it determines are unsafe by default. It does check the hash among other factors, and that allows you to check the hash on VT or elsewhere before you allow it. You can even choose files to blacklist manually.
     
  4. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    87
    Location:
    Here
    It should probably be an optional feature.. Optional because non-tech folk may find it frustrating to be prompted again and again for the same applications every time they update.

    A firewall doing static hash checking on an exe, while certainly not a bad thing for marginal gains, has limited use I think. If malware is in a position to both run and then replace another file in order to gain network/internet access, it could just as easily replace or modify a dll it knows the legitimate application will load. The firewall would need to check the validity of every file the executable loaded (including browser addons) and also monitor in memory to prevent code injection etc. If your system is badly compromised you can't trust a software firewall to help at all unless it's external to the compromised machine.

    I would sooner rely on other security software and OS security features to protect the integrity of applications and prevent malicious software running in the first place. Potential entry points like browsers should be untrusted and sandboxed to prevent them making system changes should they become compromised.. And if you want to go one step further use an external firewall to monitor/control traffic from your system.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,858
    Location:
    U.S.A.
    Assuming you're deploying a top tiered integrated AV solution, I would say you are.
     
  6. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,108
    local hash checks are pointless, they only show up that exe file has changed but not why and if the file is still valid (approved update, eg firefox). so you need external approval and that makes a local hash check useless.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.